60kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1231.162802] Free swap = 0kB [ 1231.196325] Node 1 Normal: 101*4kB (UM) 94*8kB (UME) 226*16kB (UM) 188*32kB (UM) 67*64kB (UM) 261*128kB (UME) 282*256kB (UM) 119*512kB (ME) 33*1024kB (M) 14*2048kB (ME) 416*4096kB (M) = 1948004kB [ 1231.214291] Node 1 active_anon:1251428kB inactive_anon:53480kB active_file:37824kB inactive_file:134448kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31428kB dirty:1984kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1231.219447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.258446] Total swap = 0kB [ 1231.261605] 2097051 pages RAM [ 1231.264828] 0 pages HighMem/MovableOnly [ 1231.269080] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.274551] 363840 pages reserved [ 1231.299503] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1231.308228] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.317114] 0 pages cma reserved [ 1231.324326] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1231.344022] lowmem_reserve[]: 0 2717 2718 2718 2718 13:26:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) io_setup(0x0, &(0x7f0000000100)=0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0x800, r1, &(0x7f0000000000)="6656f747f153dc1028f867fb02402b24762329ae1b009164fe11d02655f8191f808b372fbc548f0d9d260bc6ce395e8ef944585602a570c6b443985a3e8528d3605c80dec347db544a2da4750ba622e5e5bde708953c0a1dba4c5a67e85a6a79739efd427e", 0x65, 0x5}]) 13:26:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3c40, 0x800, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffdffffffffffff, 0xffffffffffffffff, 0x9) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) clone(0x60020000, &(0x7f0000000180)="73c8f08729e951b77ad7f1a597e9f41ee269f0fd4aae68a154af4b2b904dd4ba17764b8ea42e229889beab8ed65321737f47d784c11af0e20589c9d815457fe9dfabe22f9e892fc3222f44ffe927309cd1a23046af93526c01d3a141ffdd97cb69db45e184f7b248345fa059e36d12e19e87c8a1d2168c0e970339d210c5443999fac85c3aef2467e34465ed828081a9b9b501965f83b1b03da3747c", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000240)="d5c8bfcd0820ac03a40708974feb4d9de5ced313b3a4bf58ef7bab69f0d3f24935796bc8da5d58d9fe7424c429ec21bf7a3d172614bcab0c30782cf3f54b17c873db6510e114ad98d64dab0332c435dd713731d3097d7c283ae5b216f1054adbefbe50f86bf4df30ade254") sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000001300240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:43 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x0, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:43 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000040)={'ip6gretap0\x00', {0x2, 0x0, @private}}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1=0xe000eb00, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1, 0x0, 0x64}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28, 'icmp\x00'}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40, 'connlimit\x00'}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000400)={0x1, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x1, 0x4, [{{0x2, 0x4e20, @rand_addr=0x64010100}}, {{0x2, 0x4e20, @remote}}, {{0x2, 0x4e21, @remote}}, {{0x2, 0x4e20, @local}}]}, 0x290) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) dup3(r2, r2, 0x0) [ 1231.351789] 26202 total pagecache pages [ 1231.369511] Node 0 DMA32 free:27572kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:632kB local_pcp:320kB free_cma:0kB [ 1231.386076] 0 pages in swap cache [ 1231.432583] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1231.458088] Swap cache stats: add 0, delete 0, find 0/0 [ 1231.465076] IPVS: ftp: loaded support on port[0] = 21 [ 1231.486161] Free swap = 0kB [ 1231.501388] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1231.501860] Total swap = 0kB [ 1231.518253] lowmem_reserve[]: 0 0 0 0 0 [ 1231.537489] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.547258] 2097051 pages RAM [ 1231.573120] 0 pages HighMem/MovableOnly [ 1231.577400] 363840 pages reserved [ 1231.579345] syz-executor.2 cpuset=/ mems_allowed=0-1 13:26:43 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) [ 1231.583347] 0 pages cma reserved [ 1231.588981] CPU: 1 PID: 6455 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1231.597167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1231.606514] Call Trace: [ 1231.609100] dump_stack+0x1b2/0x281 [ 1231.612732] warn_alloc.cold+0x96/0x1cc [ 1231.616708] ? zone_watermark_ok_safe+0x220/0x220 [ 1231.621558] ? wait_for_completion_io+0x10/0x10 [ 1231.626241] __alloc_pages_nodemask+0x2127/0x2720 [ 1231.631103] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1231.635942] ? perf_trace_lock+0xf7/0x490 [ 1231.640090] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1231.644945] ? do_raw_spin_unlock+0x164/0x220 [ 1231.649448] alloc_pages_current+0x155/0x260 [ 1231.653863] kvm_mmu_create+0xda/0x1d0 [ 1231.657893] kvm_arch_vcpu_init+0x282/0x890 [ 1231.662218] ? alloc_pages_current+0x15d/0x260 [ 1231.666803] kvm_vcpu_init+0x26d/0x360 [ 1231.670699] vmx_create_vcpu+0xef/0x29d0 [ 1231.674766] ? __mutex_unlock_slowpath+0x75/0x770 [ 1231.679607] ? drop_futex_key_refs+0x2e/0xa0 [ 1231.684017] ? vmx_free_vcpu+0x2f0/0x2f0 13:26:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101502, 0x154) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x14000, &(0x7f0000000080), 0x4, r3, 0x4}) [ 1231.688080] kvm_vm_ioctl+0x4ca/0x13e0 [ 1231.691968] ? kvm_vcpu_release+0xa0/0xa0 [ 1231.696131] ? check_preemption_disabled+0x35/0x240 [ 1231.701150] ? perf_trace_lock+0xf7/0x490 [ 1231.705297] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1231.710408] ? perf_trace_lock_acquire+0x510/0x510 [ 1231.715340] ? kvm_vcpu_release+0xa0/0xa0 [ 1231.719491] do_vfs_ioctl+0x75a/0xff0 [ 1231.723294] ? ioctl_preallocate+0x1a0/0x1a0 [ 1231.727703] ? lock_downgrade+0x740/0x740 [ 1231.731855] ? __fget+0x225/0x360 [ 1231.735312] ? do_vfs_ioctl+0xff0/0xff0 [ 1231.739290] ? security_file_ioctl+0x83/0xb0 [ 1231.743807] SyS_ioctl+0x7f/0xb0 [ 1231.746805] syz-executor.4: [ 1231.747166] ? do_vfs_ioctl+0xff0/0xff0 [ 1231.747179] page allocation failure: order:0 [ 1231.750180] do_syscall_64+0x1d5/0x640 [ 1231.750199] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1231.750208] RIP: 0033:0x465f69 [ 1231.750214] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1231.750225] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 13:26:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0x4000, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = socket$phonet(0x23, 0x2, 0x1) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$SIOCPNDELRESOURCE(r3, 0x89ef, &(0x7f0000000240)=0xf6) ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f00000001c0)=0x10000) preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000040)=""/177, 0xb1}, {&(0x7f0000000100)=""/84, 0x54}], 0x2, 0x5, 0x7fff) r4 = socket(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="48000000100005070000000000002000000000008e31b0b1d5eb415e15adc9c606f2192b59736784d1c5ae519664f7ef87b03ee3aed81a4a3cd6d317361f44aa69694a5cac", @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r7, @ANYBLOB="00000000ffffffff000000000a000100626669666f"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000480)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000480)={&(0x7f00000002c0)=@gettaction={0x1b4, 0x32, 0x10, 0x70bd29, 0x25dfdbff, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x217}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x5}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x200}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xaa6}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}]}, @action_gd=@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xea}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x400}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9b}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3f}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x44, 0x1, [{0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x8000}, 0x20004000) [ 1231.750231] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1231.750236] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1231.750241] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1231.750247] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1231.830942] lowmem_reserve[]: 0 0 0 0 0 13:26:43 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1231.851743] Node 1 Normal free:1945628kB min:53696kB low:67120kB high:80544kB active_anon:1252828kB inactive_anon:53480kB active_file:37824kB inactive_file:134448kB unevictable:0kB writepending:1984kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15616kB pagetables:36888kB bounce:0kB free_pcp:1080kB local_pcp:692kB free_cma:0kB [ 1231.930901] lowmem_reserve[]: 0 0 0 0 0 [ 1231.945987] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1231.977038] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1231.987070] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1231.992459] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1232.003273] Node 0 DMA32: 735*4kB (UME) 263*8kB (UME) 688*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27540kB [ 1232.025451] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1232.034651] CPU: 0 PID: 6478 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1232.042451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1232.051823] Call Trace: [ 1232.054414] dump_stack+0x1b2/0x281 [ 1232.058046] warn_alloc.cold+0x96/0x1cc [ 1232.062021] ? zone_watermark_ok_safe+0x220/0x220 [ 1232.067306] ? wait_for_completion_io+0x10/0x10 [ 1232.071980] __alloc_pages_nodemask+0x2127/0x2720 [ 1232.076844] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1232.081684] ? perf_trace_lock+0xf7/0x490 [ 1232.085827] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1232.090681] ? do_raw_spin_unlock+0x164/0x220 [ 1232.095182] alloc_pages_current+0x155/0x260 [ 1232.099597] kvm_mmu_create+0xda/0x1d0 [ 1232.103486] kvm_arch_vcpu_init+0x282/0x890 [ 1232.107926] ? alloc_pages_current+0x15d/0x260 [ 1232.112506] kvm_vcpu_init+0x26d/0x360 [ 1232.116395] vmx_create_vcpu+0xef/0x29d0 [ 1232.120457] ? __mutex_unlock_slowpath+0x75/0x770 [ 1232.125298] ? drop_futex_key_refs+0x2e/0xa0 [ 1232.129705] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1232.133765] ? get_futex_key+0x1160/0x1160 [ 1232.138017] kvm_vm_ioctl+0x4ca/0x13e0 [ 1232.141905] ? kvm_vcpu_release+0xa0/0xa0 [ 1232.146069] ? check_preemption_disabled+0x35/0x240 [ 1232.151086] ? perf_trace_lock+0xf7/0x490 [ 1232.155234] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1232.160338] ? perf_trace_lock_acquire+0x510/0x510 [ 1232.165269] ? kvm_vcpu_release+0xa0/0xa0 [ 1232.169419] do_vfs_ioctl+0x75a/0xff0 [ 1232.173221] ? ioctl_preallocate+0x1a0/0x1a0 [ 1232.177626] ? lock_downgrade+0x740/0x740 [ 1232.181778] ? __fget+0x225/0x360 [ 1232.185228] ? do_vfs_ioctl+0xff0/0xff0 [ 1232.189222] ? security_file_ioctl+0x83/0xb0 [ 1232.193630] SyS_ioctl+0x7f/0xb0 [ 1232.196990] ? do_vfs_ioctl+0xff0/0xff0 [ 1232.200977] do_syscall_64+0x1d5/0x640 [ 1232.204882] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1232.210067] RIP: 0033:0x465f69 [ 1232.213257] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1232.220962] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 13:26:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x8000, 0x1, 0x80, 0x2, 0x85, 0x6, 0x44, 0x6, 0x9, 0x7f, 0x8, 0xdd, 0x86d9}, {0x9, 0x2000, 0x4, 0x1f, 0x4, 0xff, 0xfb, 0x81, 0xd0, 0x8, 0x4, 0x0, 0x1}, {0x1, 0x7, 0x9, 0x7f, 0x0, 0x9, 0x4, 0x4, 0x7, 0x0, 0x40, 0x81, 0x10000}], 0x9}) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1232.228311] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1232.235574] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1232.242840] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1232.250104] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1232.285033] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1232.315551] Node 1 Normal: 69*4kB (UME) 108*8kB (UM) 252*16kB (UE) 181*32kB (UM) 66*64kB (U) 250*128kB (UME) 282*256kB (UM) 119*512kB (ME) 33*1024kB (M) 14*2048kB (ME) 416*4096kB (M) = 1946708kB [ 1232.333566] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1232.341160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1232.371345] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1232.398871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1232.430022] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1232.448136] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1232.456794] 26210 total pagecache pages [ 1232.461035] 0 pages in swap cache [ 1232.464536] Swap cache stats: add 0, delete 0, find 0/0 [ 1232.470283] Free swap = 0kB [ 1232.473657] Total swap = 0kB [ 1232.476771] 2097051 pages RAM [ 1232.480140] 0 pages HighMem/MovableOnly [ 1232.484153] 363840 pages reserved [ 1232.490642] 0 pages cma reserved 13:26:44 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:44 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) sendmsg$NFT_MSG_GETGEN(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xfa1b4a7b98ec8829}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x850}, 0x8004000) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000400)={0x0, 0x7ff, 0x85, 0x1}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) perf_event_open$cgroup(&(0x7f0000000180)={0x3, 0x70, 0xff, 0x7, 0x81, 0xfa, 0x0, 0x3, 0x804, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, @perf_bp={&(0x7f0000000080), 0x4}, 0x40, 0x8, 0x3f, 0x7, 0x6, 0x6c, 0x7f}, 0xffffffffffffffff, 0x8, r3, 0xd) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000800)={0x8, 0x1, {0x5, @usage=0x5, 0x0, 0x1ff, 0x2, 0x8001, 0x7, 0x400, 0x827, @struct={0x3, 0x40}, 0xfffffffe, 0x5, [0x200, 0x8, 0x9, 0xffffffffffffd5f8, 0x1, 0x4]}, {0x7, @usage=0x8, 0x0, 0xfffffffffffffffc, 0x800, 0x2fa7fe0a, 0x5, 0x8001, 0x429, @usage=0x1ff, 0x5, 0x2, [0x5, 0x9, 0xa75c, 0x800, 0x7f3f51f5, 0x1]}, {0x3, @usage, r2, 0x6, 0x5, 0x1, 0x7fffffff, 0x8, 0x8, @struct={0xd8, 0x7}, 0x38000, 0x2, [0x9, 0x6, 0xffffffffffffffff, 0x986, 0x8, 0x280]}, {0x1f, 0x7, 0x9}}) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5cbb91000001090400000000000000000200000024000180000000000c0002ce1a00010000000000240002801400018008000100ac14147f39d6f05e8005000100"/90], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x20400, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000140)="0f01c3b8010000000f01d9c4e17951b700000000c4e37904636d2ac4c339485ce9106c66bad00466b87c3166ef66b829000f00d0f30f09c4c3c54822f9f23664640f22a0", 0x44}], 0x1, 0x10, &(0x7f0000000140), 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:26:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000000)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1232.513126] warn_alloc_show_mem: 2 callbacks suppressed [ 1232.513130] Mem-Info: [ 1232.547598] active_anon:840591 inactive_anon:18063 isolated_anon:0 [ 1232.547598] active_file:9458 inactive_file:33620 isolated_file:0 [ 1232.547598] unevictable:0 dirty:506 writeback:0 unstable:0 [ 1232.547598] slab_reclaimable:16138 slab_unreclaimable:194705 [ 1232.547598] mapped:62216 shmem:8996 pagetables:17176 bounce:0 [ 1232.547598] free:496305 free_pcp:281 free_cma:0 13:26:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) 13:26:44 executing program 2: socket$netlink(0x10, 0x3, 0x5) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0xff, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0x0, 0x3, r1, 0xc) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0xa28}, {0x85a}]}) dup(r3) 13:26:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1232.802302] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1232.857228] warn_alloc: 4 callbacks suppressed [ 1232.857233] syz-executor.3: [ 1232.893641] Node 1 active_anon:1253616kB inactive_anon:53476kB active_file:37840kB inactive_file:134504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31860kB dirty:2048kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1232.895910] page allocation failure: order:0 [ 1232.907776] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1232.993015] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1233.018022] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1233.025694] Node 0 DMA32 free:27540kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:648kB local_pcp:280kB free_cma:0kB [ 1233.061621] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1233.066838] CPU: 0 PID: 6596 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1233.074631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.083991] Call Trace: [ 1233.086585] dump_stack+0x1b2/0x281 [ 1233.090218] warn_alloc.cold+0x96/0x1cc [ 1233.094196] ? zone_watermark_ok_safe+0x220/0x220 [ 1233.099174] ? wait_for_completion_io+0x10/0x10 [ 1233.103850] __alloc_pages_nodemask+0x2127/0x2720 [ 1233.108711] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1233.113554] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1233.118392] ? perf_trace_lock_acquire+0x510/0x510 [ 1233.123328] ? do_raw_spin_unlock+0x164/0x220 [ 1233.127821] alloc_pages_current+0x155/0x260 [ 1233.132229] kvm_mmu_create+0xda/0x1d0 [ 1233.136115] kvm_arch_vcpu_init+0x282/0x890 [ 1233.140429] ? alloc_pages_current+0x15d/0x260 [ 1233.145110] kvm_vcpu_init+0x26d/0x360 [ 1233.149133] vmx_create_vcpu+0xef/0x29d0 [ 1233.153214] ? __mutex_unlock_slowpath+0x75/0x770 [ 1233.158052] ? drop_futex_key_refs+0x2e/0xa0 [ 1233.162457] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1233.166514] ? get_futex_key+0x1160/0x1160 [ 1233.170754] kvm_vm_ioctl+0x4ca/0x13e0 [ 1233.174641] ? kvm_vcpu_release+0xa0/0xa0 [ 1233.178796] ? check_preemption_disabled+0x35/0x240 [ 1233.183820] ? perf_trace_lock+0xf7/0x490 [ 1233.187966] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1233.193173] ? perf_trace_lock_acquire+0x510/0x510 [ 1233.198098] ? kvm_vcpu_release+0xa0/0xa0 [ 1233.202244] do_vfs_ioctl+0x75a/0xff0 [ 1233.206041] ? ioctl_preallocate+0x1a0/0x1a0 [ 1233.210441] ? lock_downgrade+0x740/0x740 [ 1233.214598] ? __fget+0x225/0x360 [ 1233.218194] ? do_vfs_ioctl+0xff0/0xff0 [ 1233.222262] ? security_file_ioctl+0x83/0xb0 [ 1233.226681] SyS_ioctl+0x7f/0xb0 [ 1233.230044] ? do_vfs_ioctl+0xff0/0xff0 [ 1233.234106] do_syscall_64+0x1d5/0x640 [ 1233.237998] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1233.243179] RIP: 0033:0x465f69 [ 1233.246364] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1233.254067] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1233.261329] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1233.268591] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1233.275864] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1233.283127] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1233.320692] lowmem_reserve[]: 0 0 0 0 0 [ 1233.324795] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1233.352369] lowmem_reserve[]: 0 0 0 0 0 [ 1233.356474] Node 1 Normal free:1947212kB min:53696kB low:67120kB high:80544kB active_anon:1253044kB inactive_anon:53476kB active_file:37844kB inactive_file:134504kB unevictable:0kB writepending:2060kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15392kB pagetables:36964kB bounce:0kB free_pcp:1348kB local_pcp:728kB free_cma:0kB [ 1233.388213] lowmem_reserve[]: 0 0 0 0 0 [ 1233.392388] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1233.408204] Node 0 DMA32: 735*4kB (UME) 263*8kB (UME) 688*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27540kB [ 1233.423102] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1233.434812] Node 1 Normal: 126*4kB (UME) 198*8kB (UME) 359*16kB (UME) 181*32kB (UE) 67*64kB (UE) 246*128kB (UM) 283*256kB (UME) 119*512kB (UM) 33*1024kB (M) 15*2048kB (UME) 415*4096kB (M) = 1947128kB [ 1233.454378] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1233.473299] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1233.485460] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1233.495301] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1233.505905] 26221 total pagecache pages [ 1233.510549] 0 pages in swap cache [ 1233.514000] Swap cache stats: add 0, delete 0, find 0/0 [ 1233.520553] Free swap = 0kB [ 1233.524265] Total swap = 0kB [ 1233.527278] 2097051 pages RAM [ 1233.532293] 0 pages HighMem/MovableOnly [ 1233.536266] 363840 pages reserved [ 1233.540660] 0 pages cma reserved [ 1233.562589] Mem-Info: [ 1233.565044] active_anon:840526 inactive_anon:18062 isolated_anon:0 [ 1233.565044] active_file:9463 inactive_file:33626 isolated_file:0 [ 1233.565044] unevictable:0 dirty:515 writeback:0 unstable:0 [ 1233.565044] slab_reclaimable:16194 slab_unreclaimable:194387 [ 1233.565044] mapped:62217 shmem:8996 pagetables:17081 bounce:0 [ 1233.565044] free:496559 free_pcp:431 free_cma:0 13:26:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) signalfd(r0, &(0x7f0000000000)={[0x4]}, 0x8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x2, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0x1) 13:26:45 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x501001, 0x100) fcntl$getown(r1, 0x9) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:45 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f0000000040)) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd67, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1233.611051] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1233.737334] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1233.767189] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1233.802747] Node 1 active_anon:1253444kB inactive_anon:53476kB active_file:37844kB inactive_file:134504kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31768kB dirty:2060kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1233.818151] syz-executor.4 cpuset= [ 1233.852061] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1233.885631] CPU: 0 PID: 6645 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1233.893443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.896605] / [ 1233.902789] Call Trace: [ 1233.907076] dump_stack+0x1b2/0x281 [ 1233.910706] warn_alloc.cold+0x96/0x1cc [ 1233.914687] ? zone_watermark_ok_safe+0x220/0x220 [ 1233.919626] ? wait_for_completion_io+0x10/0x10 [ 1233.924295] __alloc_pages_nodemask+0x2127/0x2720 [ 1233.925098] mems_allowed=0-1 [ 1233.929144] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1233.929156] ? perf_trace_lock+0xf7/0x490 [ 1233.929167] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1233.929188] ? do_raw_spin_unlock+0x164/0x220 [ 1233.929201] alloc_pages_current+0x155/0x260 [ 1233.929216] kvm_mmu_create+0xda/0x1d0 [ 1233.929226] kvm_arch_vcpu_init+0x282/0x890 [ 1233.929235] ? alloc_pages_current+0x15d/0x260 [ 1233.929247] kvm_vcpu_init+0x26d/0x360 [ 1233.929261] vmx_create_vcpu+0xef/0x29d0 [ 1233.929275] ? __mutex_unlock_slowpath+0x75/0x770 [ 1233.929286] ? drop_futex_key_refs+0x2e/0xa0 [ 1233.929297] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1233.929312] kvm_vm_ioctl+0x4ca/0x13e0 [ 1233.929324] ? kvm_vcpu_release+0xa0/0xa0 [ 1233.929345] ? check_preemption_disabled+0x35/0x240 [ 1234.002027] ? perf_trace_lock+0xf7/0x490 [ 1234.006177] ? perf_trace_lock_acquire+0x510/0x510 [ 1234.011102] ? __might_fault+0x177/0x1b0 [ 1234.015159] ? _copy_from_user+0x96/0x100 [ 1234.019301] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.023443] do_vfs_ioctl+0x75a/0xff0 [ 1234.027251] ? ioctl_preallocate+0x1a0/0x1a0 [ 1234.031648] ? lock_downgrade+0x740/0x740 [ 1234.035799] ? __fget+0x225/0x360 [ 1234.039244] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.043294] ? security_file_ioctl+0x83/0xb0 [ 1234.047703] SyS_ioctl+0x7f/0xb0 [ 1234.051065] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.055139] do_syscall_64+0x1d5/0x640 [ 1234.059030] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1234.064208] RIP: 0033:0x465f69 [ 1234.067384] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.075084] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1234.082348] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1234.089645] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1234.096905] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:26:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x54, 0x0, 0x1, 0x801, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x1c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x54}}, 0x0) write(r0, &(0x7f0000000180)="e80fab16684c7342dbd672d4dfeecc4976743e975d47be34c84c26acd2e68e8fbdcae6cf0492a5834ef396af35cae4da9a33ce8f56a1489126053c37ccc5ad652b7a1faee0decd40be607128b76e8f257e5b860e7ae38ded367155cbafd9e9d8c82dcc6903dcb02e0b085e72fc491cd86eb261028d5ef97ba0741cf8c3ca07a68dfab4a7d3d04a7e0d01b1a537406a0f2fccfd2503d58120482e6627eae1cd4cc8b1d88fe120c532cf30720c3801110ede9bb627fe88842fca4786b4f08389a3dae9dfa1272763d47c88", 0xca) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1234.104162] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1234.111437] CPU: 1 PID: 6628 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1234.119241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.128588] Call Trace: [ 1234.131174] dump_stack+0x1b2/0x281 [ 1234.134803] warn_alloc.cold+0x96/0x1cc [ 1234.138778] ? zone_watermark_ok_safe+0x220/0x220 [ 1234.139323] Node 0 [ 1234.143626] ? wait_for_completion_io+0x10/0x10 [ 1234.143642] __alloc_pages_nodemask+0x2127/0x2720 [ 1234.143665] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.148259] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1234.150629] ? perf_trace_lock+0xf7/0x490 [ 1234.150642] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.150663] ? do_raw_spin_unlock+0x164/0x220 [ 1234.155570] lowmem_reserve[]: [ 1234.160325] alloc_pages_current+0x155/0x260 [ 1234.160340] kvm_mmu_create+0xda/0x1d0 [ 1234.160351] kvm_arch_vcpu_init+0x282/0x890 [ 1234.160359] ? alloc_pages_current+0x15d/0x260 [ 1234.160373] kvm_vcpu_init+0x26d/0x360 [ 1234.191820] 0 [ 1234.195346] vmx_create_vcpu+0xef/0x29d0 [ 1234.195361] ? __mutex_unlock_slowpath+0x75/0x770 [ 1234.195373] ? drop_futex_key_refs+0x2e/0xa0 [ 1234.199939] 2717 [ 1234.202935] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1234.202947] ? get_futex_key+0x1160/0x1160 [ 1234.202960] kvm_vm_ioctl+0x4ca/0x13e0 [ 1234.207410] 2718 [ 1234.211212] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.211234] ? check_preemption_disabled+0x35/0x240 [ 1234.211248] ? perf_trace_lock+0xf7/0x490 [ 1234.211260] ? perf_trace_lock_acquire+0x510/0x510 [ 1234.211269] ? __might_fault+0x177/0x1b0 [ 1234.215649] 2718 [ 1234.220144] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1234.220153] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.220164] do_vfs_ioctl+0x75a/0xff0 [ 1234.220177] ? ioctl_preallocate+0x1a0/0x1a0 [ 1234.220187] ? lock_downgrade+0x740/0x740 [ 1234.224115] 2718 [ 1234.225837] ? __fget+0x225/0x360 [ 1234.225849] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.225858] ? security_file_ioctl+0x83/0xb0 [ 1234.225868] SyS_ioctl+0x7f/0xb0 [ 1234.235000] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.235012] do_syscall_64+0x1d5/0x640 [ 1234.235029] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1234.235038] RIP: 0033:0x465f69 [ 1234.239529] Node 0 [ 1234.241463] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.241473] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1234.241478] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1234.241483] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1234.241488] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1234.241494] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:26:46 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1234.383450] DMA32 free:28240kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1234.466439] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1234.505867] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1234.539429] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1234.546517] CPU: 0 PID: 6645 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1234.554323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.563671] Call Trace: [ 1234.566259] dump_stack+0x1b2/0x281 [ 1234.569894] warn_alloc.cold+0x96/0x1cc [ 1234.573873] ? zone_watermark_ok_safe+0x220/0x220 [ 1234.578821] ? wait_for_completion_io+0x10/0x10 [ 1234.583610] __alloc_pages_nodemask+0x2127/0x2720 13:26:46 executing program 0: r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) renameat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 1234.588473] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.593402] ? perf_trace_lock+0xf7/0x490 [ 1234.597555] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.602539] ? do_raw_spin_unlock+0x164/0x220 [ 1234.607041] alloc_pages_current+0x155/0x260 [ 1234.611454] kvm_mmu_create+0xda/0x1d0 [ 1234.615340] kvm_arch_vcpu_init+0x282/0x890 [ 1234.619658] ? alloc_pages_current+0x15d/0x260 [ 1234.624246] kvm_vcpu_init+0x26d/0x360 [ 1234.628136] vmx_create_vcpu+0xef/0x29d0 [ 1234.632203] ? __mutex_unlock_slowpath+0x75/0x770 [ 1234.637046] ? drop_futex_key_refs+0x2e/0xa0 [ 1234.641458] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1234.642565] syz-executor.4 cpuset= [ 1234.645634] kvm_vm_ioctl+0x4ca/0x13e0 [ 1234.645650] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.645668] ? __might_fault+0x104/0x1b0 [ 1234.645680] ? check_preemption_disabled+0x35/0x240 [ 1234.645692] ? perf_trace_lock+0xf7/0x490 [ 1234.670405] ? perf_trace_lock_acquire+0x510/0x510 [ 1234.675328] ? __might_fault+0x177/0x1b0 [ 1234.676970] / [ 1234.679379] ? _copy_from_user+0x96/0x100 [ 1234.685222] ? kvm_vcpu_release+0xa0/0xa0 13:26:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c000000000109040000000000000000020000002400010200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x0, 0x2000) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000000c0)="0f01cf0f01c30f7935f20f2dbe0000b800058ec026660f38f86728c4c3cd442d00f366f2267dca0f019efe00650fe734", 0x30}], 0x1, 0xd, &(0x7f00000001c0), 0x0) [ 1234.688439] mems_allowed=0-1 [ 1234.689364] do_vfs_ioctl+0x75a/0xff0 [ 1234.689379] ? ioctl_preallocate+0x1a0/0x1a0 [ 1234.689388] ? lock_downgrade+0x740/0x740 [ 1234.689402] ? __fget+0x225/0x360 [ 1234.689414] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.712215] ? security_file_ioctl+0x83/0xb0 [ 1234.716625] SyS_ioctl+0x7f/0xb0 [ 1234.719991] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.723966] do_syscall_64+0x1d5/0x640 [ 1234.727863] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1234.733045] RIP: 0033:0x465f69 [ 1234.736229] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.743935] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1234.751212] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1234.758477] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1234.765741] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1234.773012] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1234.794538] lowmem_reserve[]: 0 0 0 0 0 [ 1234.799313] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1234.816062] CPU: 1 PID: 6653 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1234.829980] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1234.832616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.832620] Call Trace: [ 1234.832638] dump_stack+0x1b2/0x281 [ 1234.844551] lowmem_reserve[]: [ 1234.850580] warn_alloc.cold+0x96/0x1cc [ 1234.850592] ? zone_watermark_ok_safe+0x220/0x220 [ 1234.850610] ? wait_for_completion_io+0x10/0x10 [ 1234.853166] 0 [ 1234.856779] __alloc_pages_nodemask+0x2127/0x2720 [ 1234.859880] 0 [ 1234.863838] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.868684] 0 [ 1234.873310] ? perf_trace_lock+0xf7/0x490 [ 1234.875090] 0 [ 1234.879925] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1234.879946] ? do_raw_spin_unlock+0x164/0x220 [ 1234.881724] 0 [ 1234.886643] alloc_pages_current+0x155/0x260 [ 1234.892562] kvm_mmu_create+0xda/0x1d0 [ 1234.894715] Node 1 [ 1234.899160] kvm_arch_vcpu_init+0x282/0x890 [ 1234.899170] ? alloc_pages_current+0x15d/0x260 [ 1234.899183] kvm_vcpu_init+0x26d/0x360 [ 1234.899195] vmx_create_vcpu+0xef/0x29d0 [ 1234.904215] Normal free:1943916kB min:53696kB low:67120kB high:80544kB active_anon:1253712kB inactive_anon:53480kB active_file:37832kB inactive_file:134532kB unevictable:0kB writepending:2096kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15616kB pagetables:37704kB bounce:0kB free_pcp:1112kB local_pcp:376kB free_cma:0kB [ 1234.905455] ? __mutex_unlock_slowpath+0x75/0x770 [ 1234.905468] ? drop_futex_key_refs+0x2e/0xa0 [ 1234.909897] lowmem_reserve[]: [ 1234.913735] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1234.913750] kvm_vm_ioctl+0x4ca/0x13e0 [ 1234.915978] 0 [ 1234.920278] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.920300] ? check_preemption_disabled+0x35/0x240 [ 1234.920313] ? perf_trace_lock+0xf7/0x490 [ 1234.924887] 0 [ 1234.928739] ? perf_trace_lock_acquire+0x510/0x510 [ 1234.928748] ? __might_fault+0x177/0x1b0 [ 1234.928758] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1234.928766] ? kvm_vcpu_release+0xa0/0xa0 [ 1234.928776] do_vfs_ioctl+0x75a/0xff0 [ 1234.932825] 0 [ 1234.962833] ? ioctl_preallocate+0x1a0/0x1a0 [ 1234.962841] ? lock_downgrade+0x740/0x740 [ 1234.962856] ? __fget+0x225/0x360 [ 1234.962866] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.962877] ? security_file_ioctl+0x83/0xb0 [ 1234.967735] 0 [ 1234.972106] SyS_ioctl+0x7f/0xb0 [ 1234.972113] ? do_vfs_ioctl+0xff0/0xff0 [ 1234.972124] do_syscall_64+0x1d5/0x640 [ 1234.975220] 0 [ 1234.979256] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1234.979265] RIP: 0033:0x465f69 [ 1234.979273] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 [ 1234.984911] ORIG_RAX: 0000000000000010 [ 1234.984918] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1234.984923] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1234.984928] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1234.984935] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1234.989111] Node 0 [ 1234.994054] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1235.042321] warn_alloc_show_mem: 1 callbacks suppressed [ 1235.042325] Mem-Info: [ 1235.141691] DMA: 33*4kB (UM) 4*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10980kB [ 1235.162335] Node 0 DMA32: 836*4kB (UME) 273*8kB (UME) 688*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28024kB [ 1235.235981] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1235.266789] Node 1 Normal: 33*4kB (UME) 250*8kB (UM) 287*16kB (UME) 183*32kB (U) 65*64kB (UE) 245*128kB (UM) 286*256kB (UME) 119*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 415*4096kB (M) = 1945572kB [ 1235.324233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1235.327537] active_anon:840810 inactive_anon:18064 isolated_anon:0 [ 1235.327537] active_file:9463 inactive_file:33645 isolated_file:0 [ 1235.327537] unevictable:0 dirty:539 writeback:0 unstable:0 [ 1235.327537] slab_reclaimable:16202 slab_unreclaimable:194452 [ 1235.327537] mapped:62252 shmem:8997 pagetables:17222 bounce:0 [ 1235.327537] free:496092 free_pcp:310 free_cma:0 [ 1235.347267] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1235.385302] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1235.394738] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1235.410485] 26241 total pagecache pages [ 1235.414555] 0 pages in swap cache [ 1235.421716] Swap cache stats: add 0, delete 0, find 0/0 [ 1235.427147] Free swap = 0kB [ 1235.433907] Total swap = 0kB [ 1235.437100] 2097051 pages RAM [ 1235.440429] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1235.450046] 0 pages HighMem/MovableOnly [ 1235.489222] 363840 pages reserved [ 1235.492764] 0 pages cma reserved 13:26:47 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, [], [{0x1, 0x1, 0x5, 0xfff, 0x23, 0x1}, {0x4, 0x5, 0x7, 0xd27, 0x1}], [[], [], [], []]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:26:47 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[@ANYRES32=r3], 0xa) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = dup(r0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000300)) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) clone(0x20084800, &(0x7f0000000180)="13b73db7ff84008d5995b3626da34b46e7da0c943a4287b2a39b3e79ea42999a3b103363f349c745ca3b1b440a0f2f791673f9f4730fb256d26b69859ffacd395d277eacc1da68aa5a4fa39e4bc60d825c9aa6815c764182d6b60d2ba227d4bb1841547fa9947e0c48cfa7b6010d3febca868a3f2ce92508e638b2f479480e1cfaaf9b21e1537e43d516c3f6d27068596c4c9fe93e9da2c823", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000240)="04762b354dc8b0b7aefe2f85d37f0fea818ff17a44c426be5eb2b369c76ee2a82fc1ad356ba5a58f4067b130c49c1a7d028669b2fef17a4b296a35fbcf3b5909bb67db88dfce5cd5c240b0f28d0b8082ed0cdc532c5550cb066f6d359ada389b0f9da80c5984c6c1ae42bd844fd0db8346db025c5a63a2ddb05dc2ff1b530f0df547d04930913b18cbe0") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = dup3(r2, r3, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) vmsplice(r5, &(0x7f0000000500)=[{&(0x7f0000000400)="27a6efbfb94e6e2c5c7bae33c6f39938e4d8e451029959b5eb047c50f8abafd79b76fbfbc03b0ba311e98959ccfb39367daa5124f2aea318d8", 0x39}, {&(0x7f0000000440)="f011e714bc1a191d499f76dd1262b75954e2cc4d7beabcdc78b27f5bde4a906512eb3c6442bed18a73219a363e746e37cb2b52fceb3981f9fac2e62600be238540ba8a92f26688899475c36c77ee87555bd3f7925e9036c6235e372b44f1a01e187f954518974143299c6d157cbe14a7a72dfb17379cfae87d8d2ee0f6beb40ff591522000f074bb", 0x88}], 0x2, 0x8) ioctl$KVM_NMI(r4, 0xae9a) 13:26:47 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x727000, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000040)=""/78) [ 1235.527601] Node 1 active_anon:1253580kB inactive_anon:53484kB active_file:37844kB inactive_file:134580kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31608kB dirty:2156kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1235.656187] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1235.673841] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1235.706333] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1235.749898] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1235.760732] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1235.774271] CPU: 0 PID: 6725 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1235.782100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1235.791452] Call Trace: [ 1235.794049] dump_stack+0x1b2/0x281 [ 1235.797682] warn_alloc.cold+0x96/0x1cc [ 1235.801658] ? zone_watermark_ok_safe+0x220/0x220 [ 1235.806605] ? wait_for_completion_io+0x10/0x10 [ 1235.811280] __alloc_pages_nodemask+0x2127/0x2720 [ 1235.816139] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1235.820980] ? perf_trace_lock+0xf7/0x490 [ 1235.825126] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1235.829985] ? do_raw_spin_unlock+0x164/0x220 [ 1235.834478] alloc_pages_current+0x155/0x260 [ 1235.838888] kvm_mmu_create+0xda/0x1d0 [ 1235.842776] kvm_arch_vcpu_init+0x282/0x890 [ 1235.847091] ? alloc_pages_current+0x15d/0x260 [ 1235.851942] kvm_vcpu_init+0x26d/0x360 [ 1235.855827] vmx_create_vcpu+0xef/0x29d0 [ 1235.859888] ? __mutex_unlock_slowpath+0x75/0x770 [ 1235.864727] ? drop_futex_key_refs+0x2e/0xa0 [ 1235.869136] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1235.873194] ? get_futex_key+0x1160/0x1160 [ 1235.877425] kvm_vm_ioctl+0x4ca/0x13e0 [ 1235.881316] ? kvm_vcpu_release+0xa0/0xa0 [ 1235.885478] ? check_preemption_disabled+0x35/0x240 [ 1235.890494] ? perf_trace_lock+0xf7/0x490 [ 1235.894643] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1235.899747] ? perf_trace_lock_acquire+0x510/0x510 [ 1235.904677] ? kvm_vcpu_release+0xa0/0xa0 [ 1235.908821] do_vfs_ioctl+0x75a/0xff0 [ 1235.912621] ? ioctl_preallocate+0x1a0/0x1a0 [ 1235.917024] ? lock_downgrade+0x740/0x740 [ 1235.921173] ? __fget+0x225/0x360 [ 1235.924702] ? do_vfs_ioctl+0xff0/0xff0 [ 1235.928666] ? security_file_ioctl+0x83/0xb0 [ 1235.933074] SyS_ioctl+0x7f/0xb0 [ 1235.936433] ? do_vfs_ioctl+0xff0/0xff0 [ 1235.940400] do_syscall_64+0x1d5/0x640 [ 1235.944290] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1235.949468] RIP: 0033:0x465f69 [ 1235.952654] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:26:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000a000100626669666f"], 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x8c, 0x0, 0x1, 0x709, 0x0, 0x0, {0x1, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x64}, @CTA_TUPLE_REPLY={0x14, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x8c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1235.960360] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1235.967628] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1235.974887] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1235.982147] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1235.989405] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1236.006501] CPU: 1 PID: 6721 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1236.014313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.023664] Call Trace: [ 1236.026254] dump_stack+0x1b2/0x281 [ 1236.029887] warn_alloc.cold+0x96/0x1cc [ 1236.033862] ? zone_watermark_ok_safe+0x220/0x220 [ 1236.038715] ? wait_for_completion_io+0x10/0x10 [ 1236.043391] __alloc_pages_nodemask+0x2127/0x2720 [ 1236.048251] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1236.048884] lowmem_reserve[]: [ 1236.053083] ? perf_trace_lock+0xf7/0x490 [ 1236.053095] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1236.053116] ? do_raw_spin_unlock+0x164/0x220 [ 1236.053129] alloc_pages_current+0x155/0x260 [ 1236.056286] 0 [ 1236.060349] kvm_mmu_create+0xda/0x1d0 [ 1236.060361] kvm_arch_vcpu_init+0x282/0x890 [ 1236.060371] ? alloc_pages_current+0x15d/0x260 [ 1236.060384] kvm_vcpu_init+0x26d/0x360 [ 1236.060397] vmx_create_vcpu+0xef/0x29d0 [ 1236.060411] ? __mutex_unlock_slowpath+0x75/0x770 [ 1236.060424] ? drop_futex_key_refs+0x2e/0xa0 [ 1236.071661] 2717 [ 1236.074145] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1236.074158] ? get_futex_key+0x1160/0x1160 13:26:47 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1236.074170] kvm_vm_ioctl+0x4ca/0x13e0 [ 1236.074182] ? kvm_vcpu_release+0xa0/0xa0 [ 1236.076063] 2718 [ 1236.079849] ? check_preemption_disabled+0x35/0x240 [ 1236.079862] ? perf_trace_lock+0xf7/0x490 [ 1236.079873] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1236.079885] ? perf_trace_lock_acquire+0x510/0x510 [ 1236.079896] ? kvm_vcpu_release+0xa0/0xa0 [ 1236.079907] do_vfs_ioctl+0x75a/0xff0 [ 1236.088877] 2718 [ 1236.092670] ? ioctl_preallocate+0x1a0/0x1a0 [ 1236.092680] ? lock_downgrade+0x740/0x740 [ 1236.092695] ? __fget+0x225/0x360 [ 1236.092705] ? do_vfs_ioctl+0xff0/0xff0 [ 1236.096820] 2718 [ 1236.101575] ? security_file_ioctl+0x83/0xb0 [ 1236.101587] SyS_ioctl+0x7f/0xb0 [ 1236.101595] ? do_vfs_ioctl+0xff0/0xff0 [ 1236.101607] do_syscall_64+0x1d5/0x640 [ 1236.101625] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1236.101634] RIP: 0033:0x465f69 [ 1236.101639] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.101650] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1236.101655] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1236.101662] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1236.116377] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1236.116384] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1236.338945] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1236.414190] warn_alloc_show_mem: 2 callbacks suppressed [ 1236.414195] Mem-Info: [ 1236.435889] active_anon:840808 inactive_anon:18064 isolated_anon:0 [ 1236.435889] active_file:9468 inactive_file:33653 isolated_file:0 [ 1236.435889] unevictable:0 dirty:551 writeback:0 unstable:0 [ 1236.435889] slab_reclaimable:16187 slab_unreclaimable:194451 [ 1236.435889] mapped:62187 shmem:8997 pagetables:17285 bounce:0 [ 1236.435889] free:495887 free_pcp:306 free_cma:0 [ 1236.535485] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1236.571517] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1236.584845] CPU: 1 PID: 6764 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1236.592664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.602012] Call Trace: [ 1236.604602] dump_stack+0x1b2/0x281 [ 1236.608233] warn_alloc.cold+0x96/0x1cc [ 1236.612207] ? zone_watermark_ok_safe+0x220/0x220 [ 1236.617063] ? wait_for_completion_io+0x10/0x10 [ 1236.621782] __alloc_pages_nodemask+0x2127/0x2720 [ 1236.626644] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1236.628309] Node 0 [ 1236.631481] ? perf_trace_lock+0xf7/0x490 [ 1236.631492] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1236.631510] ? do_raw_spin_unlock+0x164/0x220 [ 1236.635822] DMA32 free:28224kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.637870] alloc_pages_current+0x155/0x260 [ 1236.637885] kvm_mmu_create+0xda/0x1d0 [ 1236.637895] kvm_arch_vcpu_init+0x282/0x890 [ 1236.637902] ? alloc_pages_current+0x15d/0x260 [ 1236.637915] kvm_vcpu_init+0x26d/0x360 [ 1236.637928] vmx_create_vcpu+0xef/0x29d0 [ 1236.637941] ? __mutex_unlock_slowpath+0x75/0x770 [ 1236.637953] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1236.647410] lowmem_reserve[]: [ 1236.675381] kvm_vm_ioctl+0x4ca/0x13e0 [ 1236.675395] ? kvm_vcpu_release+0xa0/0xa0 [ 1236.675408] ? perf_trace_lock_acquire+0x510/0x510 [ 1236.675420] ? __lock_acquire+0x5fc/0x3f20 [ 1236.675432] ? check_preemption_disabled+0x35/0x240 [ 1236.675444] ? perf_trace_lock+0xf7/0x490 [ 1236.686617] 0 [ 1236.688057] ? lock_downgrade+0x740/0x740 [ 1236.688069] ? perf_trace_lock_acquire+0x510/0x510 [ 1236.688078] ? do_raw_spin_unlock+0x164/0x220 [ 1236.688090] ? _raw_spin_unlock+0x29/0x40 [ 1236.688097] ? kvm_vcpu_release+0xa0/0xa0 [ 1236.688108] do_vfs_ioctl+0x75a/0xff0 [ 1236.695145] 0 [ 1236.696548] ? ioctl_preallocate+0x1a0/0x1a0 [ 1236.696556] ? lock_downgrade+0x740/0x740 [ 1236.696570] ? __fget+0x225/0x360 [ 1236.702103] 0 [ 1236.705450] ? do_vfs_ioctl+0xff0/0xff0 [ 1236.705459] ? security_file_ioctl+0x83/0xb0 [ 1236.705470] SyS_ioctl+0x7f/0xb0 [ 1236.712091] 0 [ 1236.712621] ? do_vfs_ioctl+0xff0/0xff0 [ 1236.723731] 0 [ 1236.725550] do_syscall_64+0x1d5/0x640 [ 1236.725569] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1236.738934] RIP: 0033:0x465f69 [ 1236.738940] RSP: 002b:00007f5884799188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1236.738951] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1236.738956] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1236.738961] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1236.738967] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1236.738972] R13: 00007ffd2f6bf3cf R14: 00007f5884799300 R15: 0000000000022000 [ 1236.744350] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1236.750390] Node 0 [ 1236.776682] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1236.818090] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1236.912652] Node 1 active_anon:1253848kB inactive_anon:53484kB active_file:37852kB inactive_file:134604kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31748kB dirty:2208kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1236.927839] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.982388] lowmem_reserve[]: 0 0 0 0 0 [ 1236.987090] Node 1 Normal free:1945460kB min:53696kB low:67120kB high:80544kB active_anon:1253868kB inactive_anon:53480kB active_file:37852kB inactive_file:134648kB unevictable:0kB writepending:2260kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15584kB pagetables:37616kB bounce:0kB free_pcp:864kB local_pcp:456kB free_cma:0kB [ 1237.025511] lowmem_reserve[]: 0 0 0 0 0 [ 1237.034445] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1237.036174] Node 0 [ 1237.055432] Node 0 DMA32: 873*4kB (UME) 271*8kB (UME) 689*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28172kB [ 1237.078598] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1237.080153] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1237.090505] Node 1 Normal: 72*4kB (UME) 210*8kB (UM) 359*16kB (UME) 231*32kB (U) 71*64kB (UME) 243*128kB (UM) 283*256kB (UME) 119*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 415*4096kB (M) = 1947456kB [ 1237.144727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1237.152373] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1237.155351] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1237.165257] Node 0 DMA32 free:28172kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1237.174317] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1237.231940] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1237.237011] lowmem_reserve[]: 0 0 0 0 0 [ 1237.255205] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1237.265382] 26259 total pagecache pages [ 1237.309098] 0 pages in swap cache [ 1237.309886] lowmem_reserve[]: [ 1237.312630] Swap cache stats: add 0, delete 0, find 0/0 [ 1237.312634] Free swap = 0kB [ 1237.312637] Total swap = 0kB [ 1237.312644] 2097051 pages RAM [ 1237.312650] 0 pages HighMem/MovableOnly [ 1237.323415] 0 [ 1237.329328] 363840 pages reserved [ 1237.335030] 0 [ 1237.336445] 0 pages cma reserved [ 1237.345299] 0 0 0 13:26:49 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x0) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:49 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000d19600000000"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000040)=0x62c, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000000080)=""/7, 0x7}], 0x1, 0x101, 0x5) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000000004000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c00028005000100000000000000"], 0x5c}}, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x800fb91c7adce9c7, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000180)="0f30660f388059003e0f01c2c4c1782b0d29eb00000f01cb66baf80cb8b5d5bb8fef66bafc0cb000ee0f7fe5f30f2d88000000008fc818cf7a3e8bb94f0b00000f32", 0x42}], 0x1, 0x40, &(0x7f0000000200), 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) clone(0x24004280, &(0x7f0000000400)="67b21415d16b25ad1b9650f19616c67fa1a97570a55e275c8a039221960b0dcca08c9c10df532822f4e6677306f4f19d739a962de07f07298a8e67461d0eade1b49b53fbdcf9d9332e43896c41d8ea95ad2cd04a92b3d5323706645dd47e156e362d4326a47a34f8fdeef412e4789cb44baea71347837bf3edbbabe7c88cc38c5b7713635b3e55b4c3f9b1c4443b5ab9eb0f15b08a781c1e3cb81949", &(0x7f0000000280), &(0x7f0000000300), &(0x7f00000004c0)="7fc1c89ead6c36fa27c225992e029c184a70887fc7e388eb68bb719af67ad0204fa5385b049ca5c84dd2533ed5f5c9dc8d04225fa980d4fdf2ed6c3cc356a64989f1ecb5b4dae608c0007c00ede4aa38119bfe5731cab46803b609b7ecc766a1d0bba168074a3001c15114d4df281fc3bfd0ca02bcb6b60666bc611998e5d6520183dd61ffea0959f5838123620d3ddcfe6500333899ab8ed6008a87e709701aca29eabf777903bfcc2f07bbbe4e8ded94fe7c8bb89e6aa455e43a8c") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000040)="f00fbaaa040092440f20c0663506000000440f22c02e0f01c36766670f231f0fc79fa18665660f6a2726262667650f380bedd1d26466660faef12e0f6f93b894", 0x40}], 0x1, 0xa, &(0x7f00000000c0)=[@flags={0x3, 0x100}], 0x1) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa\x00', 0x2000, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 13:26:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000000)="0f3266b8000000000f23d80f21f86635000000600f23f80f00c40fc71b0fc77929392082f81264f40f01c464a7", 0x2d}], 0x1, 0x5c, &(0x7f00000000c0), 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xfffffffffffffffe) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1237.349916] Node 1 Normal free:1948128kB min:53696kB low:67120kB high:80544kB active_anon:1253768kB inactive_anon:53480kB active_file:37852kB inactive_file:134648kB unevictable:0kB writepending:2260kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15360kB pagetables:37468kB bounce:0kB free_pcp:1308kB local_pcp:624kB free_cma:0kB [ 1237.448761] lowmem_reserve[]: 0 0 0 0 0 [ 1237.485638] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1237.492053] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1237.557992] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1237.560936] syz-executor.4: [ 1237.575410] CPU: 0 PID: 6800 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1237.582471] page allocation failure: order:0 [ 1237.586233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.586238] Call Trace: [ 1237.586256] dump_stack+0x1b2/0x281 [ 1237.586270] warn_alloc.cold+0x96/0x1cc [ 1237.586282] ? zone_watermark_ok_safe+0x220/0x220 [ 1237.615055] ? wait_for_completion_io+0x10/0x10 [ 1237.619733] __alloc_pages_nodemask+0x2127/0x2720 [ 1237.624599] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1237.629444] ? perf_trace_lock+0xf7/0x490 [ 1237.632178] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1237.633589] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1237.633614] ? do_raw_spin_unlock+0x164/0x220 [ 1237.633628] alloc_pages_current+0x155/0x260 [ 1237.639647] Node 0 [ 1237.644331] kvm_mmu_create+0xda/0x1d0 [ 1237.644343] kvm_arch_vcpu_init+0x282/0x890 [ 1237.644351] ? alloc_pages_current+0x15d/0x260 [ 1237.644364] kvm_vcpu_init+0x26d/0x360 [ 1237.658997] (null) [ 1237.659325] vmx_create_vcpu+0xef/0x29d0 [ 1237.665983] DMA32: [ 1237.668238] ? __mutex_unlock_slowpath+0x75/0x770 [ 1237.668250] ? drop_futex_key_refs+0x2e/0xa0 [ 1237.668262] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1237.668276] kvm_vm_ioctl+0x4ca/0x13e0 [ 1237.668289] ? kvm_vcpu_release+0xa0/0xa0 [ 1237.668311] ? check_preemption_disabled+0x35/0x240 [ 1237.674424] 842*4kB [ 1237.678367] ? perf_trace_lock+0xf7/0x490 [ 1237.678380] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1237.678393] ? perf_trace_lock_acquire+0x510/0x510 [ 1237.678404] ? kvm_vcpu_release+0xa0/0xa0 [ 1237.678415] do_vfs_ioctl+0x75a/0xff0 [ 1237.678427] ? ioctl_preallocate+0x1a0/0x1a0 [ 1237.678435] ? lock_downgrade+0x740/0x740 [ 1237.678448] ? __fget+0x225/0x360 [ 1237.678457] ? do_vfs_ioctl+0xff0/0xff0 [ 1237.678468] ? security_file_ioctl+0x83/0xb0 [ 1237.682615] syz-executor.4 cpuset= [ 1237.685534] SyS_ioctl+0x7f/0xb0 [ 1237.685544] ? do_vfs_ioctl+0xff0/0xff0 [ 1237.685557] do_syscall_64+0x1d5/0x640 [ 1237.685573] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1237.694665] (UME) [ 1237.697988] RIP: 0033:0x465f69 [ 1237.697993] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1237.698005] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1237.698011] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1237.698016] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1237.698021] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1237.698026] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1237.741832] warn_alloc_show_mem: 2 callbacks suppressed [ 1237.741836] Mem-Info: [ 1237.760681] / [ 1237.784933] active_anon:840807 inactive_anon:18063 isolated_anon:0 [ 1237.784933] active_file:9465 inactive_file:33662 isolated_file:0 [ 1237.784933] unevictable:0 dirty:565 writeback:0 unstable:0 [ 1237.784933] slab_reclaimable:16181 slab_unreclaimable:194500 [ 1237.784933] mapped:62216 shmem:8996 pagetables:17318 bounce:0 [ 1237.784933] free:495762 free_pcp:296 free_cma:0 [ 1237.814691] mems_allowed=0-1 [ 1237.823458] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1237.833397] CPU: 1 PID: 6801 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1237.836534] Node 1 active_anon:1253968kB inactive_anon:53480kB active_file:37852kB inactive_file:134648kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31764kB dirty:2260kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1237.869959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.869963] Call Trace: [ 1237.869982] dump_stack+0x1b2/0x281 [ 1237.869995] warn_alloc.cold+0x96/0x1cc [ 1237.870007] ? zone_watermark_ok_safe+0x220/0x220 [ 1237.870026] ? wait_for_completion_io+0x10/0x10 [ 1237.870042] __alloc_pages_nodemask+0x2127/0x2720 [ 1237.870068] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1237.870077] ? perf_trace_lock+0xf7/0x490 [ 1237.870085] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1237.870104] ? do_raw_spin_unlock+0x164/0x220 [ 1237.870116] alloc_pages_current+0x155/0x260 [ 1237.870131] kvm_mmu_create+0xda/0x1d0 [ 1237.870148] kvm_arch_vcpu_init+0x282/0x890 [ 1237.870157] ? alloc_pages_current+0x15d/0x260 [ 1237.870170] kvm_vcpu_init+0x26d/0x360 [ 1237.870184] vmx_create_vcpu+0xef/0x29d0 [ 1237.870196] ? __mutex_unlock_slowpath+0x75/0x770 [ 1237.870207] ? drop_futex_key_refs+0x2e/0xa0 [ 1237.870217] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1237.877515] Node 0 [ 1237.901155] ? get_futex_key+0x1160/0x1160 [ 1237.901171] kvm_vm_ioctl+0x4ca/0x13e0 [ 1237.901186] ? kvm_vcpu_release+0xa0/0xa0 [ 1237.901201] ? __might_fault+0x104/0x1b0 [ 1237.901214] ? check_preemption_disabled+0x35/0x240 [ 1237.901225] ? perf_trace_lock+0xf7/0x490 [ 1237.901237] ? perf_trace_lock_acquire+0x510/0x510 [ 1237.917367] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1237.937467] ? __might_fault+0x177/0x1b0 [ 1237.937481] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1237.937491] ? kvm_vcpu_release+0xa0/0xa0 [ 1237.937503] do_vfs_ioctl+0x75a/0xff0 [ 1237.937515] ? ioctl_preallocate+0x1a0/0x1a0 [ 1237.937523] ? lock_downgrade+0x740/0x740 [ 1237.937536] ? __fget+0x225/0x360 [ 1237.937547] ? do_vfs_ioctl+0xff0/0xff0 [ 1237.947067] lowmem_reserve[]: [ 1237.949460] ? security_file_ioctl+0x83/0xb0 [ 1237.949471] SyS_ioctl+0x7f/0xb0 [ 1237.949479] ? do_vfs_ioctl+0xff0/0xff0 [ 1237.949491] do_syscall_64+0x1d5/0x640 [ 1237.949510] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1237.949519] RIP: 0033:0x465f69 [ 1237.949526] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 [ 1237.957470] 0 [ 1237.961925] ORIG_RAX: 0000000000000010 13:26:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0xc4e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:26:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) dup3(r2, r1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) read$FUSE(r3, &(0x7f0000000840)={0x2020}, 0x2020) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:49 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x0) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1237.961931] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1237.961936] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1237.961942] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1237.961947] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1237.961953] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1237.986949] 271*8kB [ 1238.012045] 2717 [ 1238.068757] (UME) [ 1238.088046] 2718 [ 1238.121428] 689*16kB [ 1238.126440] 2718 [ 1238.136011] (UME) [ 1238.144493] 2718 [ 1238.149250] 289*32kB [ 1238.159222] (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28048kB [ 1238.159266] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1238.159319] Node 1 Normal: 13*4kB (UME) 12*8kB (UME) 399*16kB (UME) 222*32kB (UM) 79*64kB (UME) 237*128kB (UM) 284*256kB (UME) 119*512kB (UM) 33*1024kB (M) 15*2048kB (UME) 414*4096kB (M) = 1942916kB [ 1238.159409] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1238.159416] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1238.159422] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1238.159428] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1238.159432] 26270 total pagecache pages [ 1238.159444] 0 pages in swap cache [ 1238.159449] Swap cache stats: add 0, delete 0, find 0/0 [ 1238.159452] Free swap = 0kB [ 1238.159456] Total swap = 0kB [ 1238.159462] 2097051 pages RAM 13:26:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x565483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 13:26:50 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) write$binfmt_elf64(r3, &(0x7f0000000400)=ANY=[@ANYRES16=r5, @ANYBLOB="bb35877fdeb43bbc77e46ccaab0dc2fceab13a53b59d8576b4348adeb723aeab81053ca8441863c99000427d21da424ac1a20556816304d507676280fe73ca15fd26596cdee441b4e313bd0886e95bd4f4f0236398d3f07875d550cc2e47b95e9d0cd23760607442227837594e64261ca998620c306504a2caaf4c934952116974c87b02466e6f64b49f1dc091b7c09ac1daf36ec67eab9581b7183f64be59616469e935632880e36a22e158863c09145d9c23b8400d4a6caab5a4f256e5b7cc0cb0541c4c3dd9aacfc3fbf4da5a7f5c2d72e55a7cb7b02030424eb0", @ANYRESHEX=r3, @ANYRESOCT=r4, @ANYRESDEC], 0xa) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) ftruncate(r2, 0xff) r7 = socket$netlink(0x10, 0x3, 0x4) r8 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r8, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="200100ea368bdc9393c78407bef34a9a00070000000000c20fb96d00", @ANYRES16=0x0, @ANYBLOB="000429bd7000fddbdf2541000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f707300000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f707300000000000001006e657464657673696d000000000002006e657464657673696d3000000d0087006c325f64726f707300000000000001006e657464657673696d000000000002006e657464657673696d3000000d0087006c325f64726f707300000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f707300000000080001007063690011000200303030303a30303a31302e30000000000d0087006c325f64726f707300000000"], 0x120}, 0x1, 0x0, 0x0, 0x20004089}, 0x20000084) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1238.159466] 0 pages HighMem/MovableOnly [ 1238.159469] 363840 pages reserved [ 1238.159472] 0 pages cma reserved 13:26:50 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x50000, 0x0) mkdirat$cgroup(r1, &(0x7f0000000040)='syz1\x00', 0x1ff) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000640)={0x0, 0x5, @start={0x0, 0x1, "eb5ad4655000d67558ac9603c6828a1c25b6b87463577790cbd56e5a5eb0445e3a7f5145a52d23a43d2234c49885058ee8acfa3ae7188e993c51cfa63d5f6b5401df6958300419a760643b8ae796c00a6ed6ea54b41b2681c1b5ab934502dfe9a601598863c1a3fbca8e2db4c98eff2bad8f689107effbeed5088ffe9a84bb355b4f8c6ebe902768eee370b28f7a6fde905f5f1d474859913af25b68fdb33811146c65c73ed2a151ed6b165a43e66b80e012e9039bb7e86e6588a91e8aa189a11f269c9c7bcf115560ddc796382b6420b57e43ccc1165939666909ffe652bf960b9ef514577442911d521d6ab9d1a5a13ea419572a1b97234909d67bf3c8b3e234e358b70db276822af2b6200723e21f7a2beb054e55b9b3fa8bbdfbc92ba77dbfead1acb3791e72ebf17ce84afe1e9ec92c82de24cabc57739fbf4c5bb2eccecc5899c34c6114b41d8577fe11e66da4055ce5ceedab23b069be483d086b744534ce8c33ecf61cbd16b4fc004627bcea9fb97e255633416507db152f3e54c21cec4ceec16f212bebdf5458efa857ed130a955883b44cf7e9eb9baff085321d412d5df21c3d36eccf94543bf0dff678bf7a110b1d550ac04f2846ac23880fe18fde21fcd5304177c8afe5a328ac67a865320adf0fd534f4f9101fe80ba8cb12ee357c31e46e93b1638bbb8c9f171f233cf46ed59e6d1166d8a4cce43e501ac5a8f1c1c0e763e7838b930d19b93153070959e7ce8132a5c2242c5b2dead25f07c4b3b7dd2d942b56ac31c4c5dfed128337880babeca46804d4c90754be0aa9888f50652ee61f6ed52e4f65c73a6b33712a0b4ac16fde94429163fbcac8082b9758fedac236cfc4207c5cffc10fc0928799fcec42f08b6486e893840f5ab18a86f769f0ff245279d77f873c9faeb443e2aac9e786d6d9fdba683caffa964e14aceff274ed8887cef3574e26259786463c8b1817b2a73764b8ad8440e881f2bee01fc1d3996edff9058bde55fa75b2883b8e1f46b304c42b2f4cd03ee43ead689c03b4bf799e9ffc9ce3dc80d1788617aaa24e9599792cc824eb56e62489524f3137a9593613700f635443bb262825bb9ba5bbdbc45b9f4c55e9133c2ba35bbbf4262ff584495144fa2202f4f26615367fbc42f7849e43ed64bc153bc3ab31ada88fd57e200261e6f92126e6720e8fb04bc63369bc5902b7921f3826e0ba021f15a60d6301cf2254176d841a1bd2ecea4b1184eadf118b88781b081afa8a3a680f4784cd99f569a9d772da0f6d5958cf294f23ecce24ef0ed14a1e4788fa60a012af0362aad238eeb2d8edb4ae0b7dbbb8b14cd842db34ab7e5d1597642e02fb8c7059a44b9f9d5422ce6281412ea8afa97fd940f8f0a1215e0d66f38439c974a428da0e082225f0160fa0292e8c969b7ba7990d422eeb96e6877e8c7057aaa359d800", "b01897b94092d60380cb0fab49b4778c1e315e8b9befdeaf38064b7ac7b7b0f59c161404cfb765d80b042027310f05597e463d0b41ebff9b322825b53974dbf231f551f077a2dbdbcb55e99dfeab1c8d14c8be9eee0b25c22955593d87f45120408542252d51e0120d0a296f8ddce53474e47943c8b204ed31f3affec96118733ce235a9dfcdf9e89cbea098532fba3d5e6d7ea0792fcd7702e15f79b452d3ee92c53d21b0e581f42ed2cb1ef9c4d289677a7f15d3b87db6361414b78b0f0e12a05527db5dd7a724c08a95885d9b94d603243db55371dbf2b92fa6136fd8644b6979a0e54a05a2397dab1f6d0f61e5e120df5853be9bbf7ca0428a6e1b8796c9fcdeee35aea423f79de72e71f0b3e7e93c68c61cf92913c9c261ebd07ee323568524bc3ce19665913774956ac17bbb7520cc63e543b3f51341a807d5e7abaea4561a291a8b136386b3ddca744ad2ed07bb56e0a8d69c2c2e2afc8d92f734bf8d9c771d015915334b7ec4fb14194c4ff06c956f566258f53ccd02315964112536786f067c37ba191a24b1b0f2f54d005c61a19e4be5a2792b95454d751673311c24588fa487eb3d5d284ea792e271abd5a524e47548909f83144478d981fb94f4de7ee7032fee8a69a1822598a26b209a9a18702ff55861e18dd0d21956f691fd80db9617c4c0ca34c2e27eca003efc54593bc4be2cd30003da905b22cfb9341dcfd2b746086da63c3859f4d7475e62ca757a3c04cc12d226f22a5888163c52853e5e37299d3a57bc786be0c41077d3c577e331223066cf2e06dc9c7078c99ee16637db040e71408baebc4fa0e32ad9993b3da2a8a7fc6a0e290cb6cbb4fcaa9e20530f213aad9fadfa3aa7d6476ec0ddbefb03b8f038c46c51c93ec2ccc941ec07819a3e0dc8310040ee2a62696a6ba37cb67a486837564b424a66e966d0403251b29116edc07e44807fe34b21320046e5e2f67dafadae66b2818c2f863391eb5be84a11c728a3ad8e3eb306b5663008d958c1b0b534dcbb5d5080eefabade5d7ccfc24ffdee41fea02d6825491034f06bfe7b10469238cd15215b331cd32c8f19975d74a4adc82ed6a5ae54e7a2439b974ee88bfe8523dd504d1080e6567003209d5599db743793b187b2b523aa1356aa7b138a9a782d11eb1f7e509d75c23d3f17c87c27d39f4dda2549abd25daabec0be8b9a9fcdeee1ce382b6b2879f3d6782a72514ccbf408f6587ea77e9ce6e606e76f094a4e77610ee60a26b96ac546017a37e54f56cafce0e733ff3e873f62b96a66def203db72a948c4110e170ec2bea6d1055cccbd09290dbeb1bc54d8fb88315a68b31aefa9400d12da80e0c09dbd02e45093e3f82c2bad95a57bd624fe80ca3ead6abc6471afbf971818db9da977e0d4f96bce4e016d0e42753cfa1640fe1b1aa7f2761ad743eea27f997a2d5848"}, [0x7, 0x6, 0xffffffff, 0x2, 0xfffffffffffffeff, 0x6, 0xffff, 0x5c3, 0x4, 0x80000001, 0x500, 0x6, 0x9, 0x89d, 0x60a3, 0xa720, 0x8, 0xffffffff, 0x4, 0x100, 0x3, 0x0, 0x2, 0x800, 0x5, 0x7, 0x6, 0x0, 0x8, 0x1000, 0x9, 0x3b9e, 0x2, 0x100, 0x3, 0x4, 0x363a, 0x9, 0x7, 0x101, 0x7, 0x401, 0x4, 0x5, 0x2, 0x1, 0x80000001, 0xffffffffffffc8fd, 0x0, 0x200, 0x7ff, 0x7, 0x5de, 0x0, 0x34a, 0x4, 0xe58, 0x8, 0xa4, 0x400, 0x3b6, 0x5, 0x101, 0x8]}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001280)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r6, @ANYBLOB="f8000004463104ff703500000000002800120009040400566574e8f096d247dd6db7781d2e277a08974b313eb5f5248b676a6915543e8c4422d5a7c2cb2b525145c8660691bbd338b4de99fe54f5eb53ce0aeb64ac332748d3604c11f1bbaddb322a1ec79cb8f5ec32921ab04fb371054d81533e1e47ca93ba327701936ae49e8dfa3f597a364c099022bb973046e144cb262a357477b8cecf7fcc2cbf778b3956f3b034479b0c96487974fd00bef6de372b58aec6ef8ada5bac969cce13110a04d8"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001080)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000a000100626669666fe8e8e1601c5d5127f53f1adf36e5585a5787d683bfab942d2a454227ccc5dca711454a3bde1081f7bf194d330057fe727c18b1b1f4906a48540daa8aeb89b8dc968348f47092181454923ba7d1cc42d2344117284d44c6f2509186c7f06d953be0809f7fc921ed660d614e83a4446245bbcd5763a3349c12f908113aaf1b5910733efa41494e8e171b880378ae55d55b1cb37dd1d423d02fad67c7efd71e"], 0x38}}, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000001180)=ANY=[@ANYBLOB="1bc7b728ed3659bb03cd10ff03bbbe371612a5e41a77c7262943daf0d982d952ab0400d6c8a132efc254325a6a01b624f3e87d8ff6b87df6e78996bc5883819222e80d5b4afd0b39f0eab6db6b4d96802f44029a4b"], 0x3) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000000c0)={'team0\x00'}) ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000240)={"232b123d4aa23ef4b3df6ab8726389cc8fba69ef1686918bb297838a1d4cf6a2d301b9a6adef0db9aa499752c91ddbaf7f39cb4332bf95221a9d246d6a693aeaf1a41e3ec9bea3d11f9a5946671faf6a8e1af4ddd1cb3111891757a16e57b21a6606708bcacfcea9faacf10804e1f67eeac5a7ff55c161700edfba1d9b8afaf9912081a4e70a7de9652a67ba1b0c5b67a1888812c8ed718ff1abfb2ddff9a43ceee407e44f3bbc5c8f75f03d750548c44f43bb0e761ac37dd0775412c1a9644149a168c697c293b2ae101fa29002d505ac39e44da2c63102da420a76abdd35a6ab2e02b24c61ebf44f8dfa3721a76928122a3d642a7ce695fbc28949d5d3e3d2cbe01f6c750324bc71ca5afcbe437b608b6320a96790b9aeb229c4c5653f5c6b0a831b359e3e56d951ac26d6048f828746346148094f0bea4d50297f53fe6edb25ab95f0d74cf515f013c1c63ff4f0ae0ae28da1b111b128be9024984b361bf65a9609657e0ecee8665194b19e968679042c94f0c26c3e460e42f333536ee7c42b6e9511078e7472b05df2fb3aa04407118d83f46a18a8fb00037574ed5bc03c9aa670e90256311060b46be6e3c323c5dd0840a5d6723ef8ea5236687f8958fc2adaaf07dd21220a4a9b41f93816d3a5e2800b9847318e14ae0ddf4eca3fd967175b917d7f739b33286155d4bd6028b311837a03b490399b88beb07f0061df27edffc2979888941d270dd419f9a2b8dd1b16ed66cb039b87225f06921d40a878fd6d68efe07af08bc509162fdbe0565b8881d05fb36b09501e04ce4915284e7e7f042d585473fb83041dedaec9fab4f284365d4ba9d54a5594a7b7c09ee80913d91c1fd743ef066407294897fcd502abb0c48520eb0f99807fe9dbb1fd9438597bbed241dfcf25e98fa595bd502f1e66fdf7b2c8d19db08e0fd4ca5d65758b35ac30cc4cb20ee9c896594adc939cc64f578f8442b43368bb28b755d93e96de89cb4e930a75a51b39a4dc5b3a49760743c2d2d905c93f9131e905b8dd84321064c56425f2a3c51bf33f15c7fa5a26a67aefa06e5a6af1038cde248e34ce629d17971967c93e70ecc91179fc258449262f6aa80d38b15b0665957b1f96c25de3027e83dd84295fb5499841019694f24655b2e1ba0bb5127dcbcecf7fc10c1087028a8a331cc09e5f59dd193beff07f5060a9bd6957d53a09f6458d67c282adcc7fd3a3a2d24ecd92bc20efa475031a489476f9c58768fc9eb88dcbeeadd658410d2eccfa245e41e9eb2da5bfe041801b7f8edc06dc91ebb97239b925e8bbbf0b441192e78a15c7b2a0a2d19b0a515523961839d17d5e6337a858baf19513ae9221e560f40250821cce0cbc68f370c40fe3b65f3f5676b3eb297b980faea9303b33b258e4e1933db1418edc00f37ec93a22f249588f0b4cc01bf7b48ab5561b6241"}) 13:26:50 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x0) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1238.431385] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1238.494602] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1238.513980] CPU: 0 PID: 6816 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1238.521800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.531152] Call Trace: [ 1238.533746] dump_stack+0x1b2/0x281 [ 1238.537380] warn_alloc.cold+0x96/0x1cc [ 1238.541360] ? zone_watermark_ok_safe+0x220/0x220 [ 1238.546211] ? wait_for_completion_io+0x10/0x10 [ 1238.550887] __alloc_pages_nodemask+0x2127/0x2720 [ 1238.555748] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1238.560589] ? perf_trace_lock+0xf7/0x490 [ 1238.564740] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1238.569593] ? do_raw_spin_unlock+0x164/0x220 [ 1238.574111] alloc_pages_current+0x155/0x260 [ 1238.578525] kvm_mmu_create+0xda/0x1d0 [ 1238.582416] kvm_arch_vcpu_init+0x282/0x890 [ 1238.583648] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1238.586755] ? alloc_pages_current+0x15d/0x260 [ 1238.599894] kvm_vcpu_init+0x26d/0x360 [ 1238.603785] vmx_create_vcpu+0xef/0x29d0 [ 1238.607852] ? __mutex_unlock_slowpath+0x75/0x770 [ 1238.612695] ? drop_futex_key_refs+0x2e/0xa0 [ 1238.617123] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1238.621189] kvm_vm_ioctl+0x4ca/0x13e0 [ 1238.625088] ? kvm_vcpu_release+0xa0/0xa0 [ 1238.629239] ? __might_fault+0x104/0x1b0 [ 1238.633379] ? check_preemption_disabled+0x35/0x240 [ 1238.638401] ? perf_trace_lock+0xf7/0x490 [ 1238.642554] ? perf_trace_lock_acquire+0x510/0x510 [ 1238.647480] ? __might_fault+0x177/0x1b0 [ 1238.651542] ? _copy_from_user+0x96/0x100 [ 1238.655689] ? kvm_vcpu_release+0xa0/0xa0 [ 1238.658312] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1238.659833] do_vfs_ioctl+0x75a/0xff0 [ 1238.672191] ? ioctl_preallocate+0x1a0/0x1a0 [ 1238.676604] ? lock_downgrade+0x740/0x740 [ 1238.680757] ? __fget+0x225/0x360 [ 1238.684213] ? do_vfs_ioctl+0xff0/0xff0 [ 1238.687620] syz-executor.3: page allocation failure: order:0 [ 1238.688187] ? security_file_ioctl+0x83/0xb0 [ 1238.688198] SyS_ioctl+0x7f/0xb0 [ 1238.693980] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1238.698372] ? do_vfs_ioctl+0xff0/0xff0 [ 1238.698386] do_syscall_64+0x1d5/0x640 [ 1238.698404] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1238.698412] RIP: 0033:0x465f69 [ 1238.698417] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1238.698428] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1238.698434] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 13:26:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5f000000000109040200770de8b103456f668a40c1c2f02bbcbb0000000000f6075a5005cd5ae24dc42b6c05e4910002000000240001801400018008000100e000000108000400000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c00028005000100000000006407a73a18e55cb68f4887db5d37e4a57c8adb9391442a6ec64774338cbda8ec5b112fc318f38be4ca4a5a6660a54b6ed0eb005021faa7d740167f0d0150a1a11d615db19ed61ffd889fe92325b7a179064ef75119850373b02b4a5fa52cdaedf78b92f5991cf5f7adaa2c6442e20819999537d4533a709e2a30dc666391bd4297e99f"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1238.698442] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1238.737265] (null) [ 1238.738774] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1238.746025] syz-executor.3 cpuset= [ 1238.753272] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1238.804720] Node 0 DMA32 free:28048kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:232kB local_pcp:112kB free_cma:0kB [ 1238.831416] / [ 1238.834544] lowmem_reserve[]: 0 0 0 0 0 [ 1238.841108] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1238.844752] mems_allowed=0-1 [ 1238.867289] lowmem_reserve[]: 0 0 0 0 0 [ 1238.874488] Node 1 Normal free:1935840kB min:53696kB low:67120kB high:80544kB active_anon:1254288kB inactive_anon:53480kB active_file:37852kB inactive_file:134668kB unevictable:0kB writepending:2308kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15808kB pagetables:38032kB bounce:0kB free_pcp:1072kB local_pcp:724kB free_cma:0kB [ 1238.906220] lowmem_reserve[]: 0 0 0 0 0 [ 1238.910624] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1238.912729] CPU: 1 PID: 6891 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1238.925730] warn_alloc_show_mem: 1 callbacks suppressed [ 1238.925733] Mem-Info: [ 1238.933118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.933122] Call Trace: [ 1238.933139] dump_stack+0x1b2/0x281 [ 1238.933154] warn_alloc.cold+0x96/0x1cc [ 1238.933167] ? zone_watermark_ok_safe+0x220/0x220 [ 1238.933187] ? wait_for_completion_io+0x10/0x10 [ 1238.933202] __alloc_pages_nodemask+0x2127/0x2720 [ 1238.938732] Node 0 [ 1238.940969] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1238.940979] ? perf_trace_lock+0xf7/0x490 [ 1238.940990] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1238.941011] ? do_raw_spin_unlock+0x164/0x220 [ 1238.950562] active_anon:840888 inactive_anon:18063 isolated_anon:0 [ 1238.950562] active_file:9465 inactive_file:33682 isolated_file:0 [ 1238.950562] unevictable:0 dirty:587 writeback:0 unstable:0 [ 1238.950562] slab_reclaimable:16169 slab_unreclaimable:195595 [ 1238.950562] mapped:62241 shmem:8997 pagetables:17381 bounce:0 [ 1238.950562] free:493747 free_pcp:322 free_cma:0 [ 1238.952935] alloc_pages_current+0x155/0x260 [ 1238.952952] kvm_mmu_create+0xda/0x1d0 [ 1238.952963] kvm_arch_vcpu_init+0x282/0x890 [ 1238.952971] ? alloc_pages_current+0x15d/0x260 [ 1238.952984] kvm_vcpu_init+0x26d/0x360 [ 1238.952997] vmx_create_vcpu+0xef/0x29d0 [ 1238.956764] DMA32: [ 1238.960583] ? __mutex_unlock_slowpath+0x75/0x770 [ 1238.960594] ? drop_futex_key_refs+0x2e/0xa0 [ 1238.960606] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1238.960622] kvm_vm_ioctl+0x4ca/0x13e0 [ 1238.960636] ? kvm_vcpu_release+0xa0/0xa0 [ 1238.960652] ? __fget+0x1fe/0x360 [ 1238.965736] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1238.970498] ? check_preemption_disabled+0x35/0x240 [ 1238.970511] ? perf_trace_lock+0xf7/0x490 [ 1238.970525] ? perf_trace_lock_acquire+0x510/0x510 [ 1238.970536] ? kvm_vcpu_release+0xa0/0xa0 [ 1238.970547] do_vfs_ioctl+0x75a/0xff0 [ 1238.970558] ? ioctl_preallocate+0x1a0/0x1a0 [ 1238.970567] ? lock_downgrade+0x740/0x740 [ 1238.975529] 842*4kB [ 1238.977620] ? __fget+0x225/0x360 [ 1238.977630] ? do_vfs_ioctl+0xff0/0xff0 [ 1238.977642] ? security_file_ioctl+0x83/0xb0 [ 1238.977654] SyS_ioctl+0x7f/0xb0 [ 1238.977662] ? do_vfs_ioctl+0xff0/0xff0 [ 1238.977673] do_syscall_64+0x1d5/0x640 [ 1238.977690] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1238.977701] RIP: 0033:0x465f69 [ 1238.982697] Node 1 active_anon:1254292kB inactive_anon:53480kB active_file:37856kB inactive_file:134724kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31864kB dirty:2348kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1238.986643] RSP: 002b:00007f8db8940188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1238.986673] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1238.986679] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 1238.986684] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1238.986690] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1238.986697] R13: 00007ffe6abe2b0f R14: 00007f8db8940300 R15: 0000000000022000 [ 1239.158316] (UME) 13:26:50 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1239.181542] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1239.315407] 274*8kB (UME) 689*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28072kB [ 1239.344022] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1239.368113] Node 1 Normal: 63*4kB (UME) 184*8kB (UME) 315*16kB (UME) 130*32kB (UM) 81*64kB (UE) 235*128kB (UM) 284*256kB (UME) 118*512kB (M) 33*1024kB (M) 14*2048kB (ME) 414*4096kB (M) = 1937516kB [ 1239.396556] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1239.406168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1239.407965] Node 0 [ 1239.424871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1239.430604] DMA32 free:28072kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:268kB local_pcp:152kB free_cma:0kB [ 1239.439201] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1239.484570] lowmem_reserve[]: 0 0 0 0 0 [ 1239.488959] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1239.509739] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1239.520604] lowmem_reserve[]: 0 0 0 0 0 [ 1239.534374] Node 1 Normal free:1937720kB min:53696kB low:67120kB high:80544kB active_anon:1254400kB inactive_anon:53480kB active_file:37864kB inactive_file:134720kB unevictable:0kB writepending:2360kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15616kB pagetables:37900kB bounce:0kB free_pcp:1340kB local_pcp:632kB free_cma:0kB [ 1239.537497] 26282 total pagecache pages [ 1239.570205] lowmem_reserve[]: 0 0 0 0 0 [ 1239.574285] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1239.595230] Node 0 DMA32: 842*4kB (UME) 274*8kB (UME) 689*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28072kB [ 1239.603025] 0 pages in swap cache [ 1239.615902] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1239.621066] Swap cache stats: add 0, delete 0, find 0/0 [ 1239.628011] Node 1 Normal: 52*4kB (UE) 157*8kB (UE) 317*16kB (UME) 130*32kB (UM) 81*64kB (UE) 235*128kB (UM) 284*256kB (UME) 118*512kB (M) 33*1024kB (M) 14*2048kB (ME) 414*4096kB (M) = 1937288kB [ 1239.643309] Free swap = 0kB [ 1239.655687] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1239.660709] Total swap = 0kB [ 1239.665577] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1239.675239] 2097051 pages RAM [ 1239.682346] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1239.683937] 0 pages HighMem/MovableOnly [ 1239.693660] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1239.702866] 363840 pages reserved [ 1239.707728] 26282 total pagecache pages [ 1239.711823] 0 pages in swap cache [ 1239.711985] 0 pages cma reserved [ 1239.715361] Swap cache stats: add 0, delete 0, find 0/0 [ 1239.731059] Free swap = 0kB 13:26:51 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(0xffffffffffffffff, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1239.734540] Total swap = 0kB [ 1239.740289] 2097051 pages RAM [ 1239.743498] 0 pages HighMem/MovableOnly [ 1239.752612] 363840 pages reserved [ 1239.776071] 0 pages cma reserved 13:26:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$FIOCLEX(r0, 0x5451) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) openat$mice(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x40400) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000080)="650f001d660fc7b23a5a0faffdf7063a84b222672e3e0f01cb642e0f22a20f00d466b9800000c00f326635010000000f300fc7340f90457b", 0x38}], 0x1, 0x35, &(0x7f0000000100)=[@dstype3={0x7, 0x4}], 0x1) 13:26:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x7c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, [], 0x10}}, {0x14, 0x4, @private2}}}]}]}, 0x7c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x20000, 0x93) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x200, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0xfe, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0x0, 0x7, r4, 0xc) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000340)={[{0x3, 0x400, 0x9, 0x2, 0x7f, 0x7, 0x2, 0x3f, 0x7f, 0xff, 0x40, 0x80}, {0x0, 0x8, 0x3f, 0xfe, 0x20, 0x5, 0x7f, 0x4c, 0x1, 0x0, 0x0, 0x7f, 0x38}, {0x8d, 0x2, 0x1, 0x6, 0x1, 0x20, 0x7d, 0x40, 0x6, 0x6, 0x1, 0x1, 0x4000000000000000}], 0x64}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/consoles\x00', 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vsock\x00', 0x40, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x1c500, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) ioctl$KVM_GET_PIT(r5, 0xc048ae65, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r3) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r6, 0xc) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000180)={0x0, 0x103, 0x7f, &(0x7f0000000140)=0xd62e}) 13:26:51 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x54412, 0xffffffff00000000, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f0000000000)={0x80, "75fe18e5c7235dcd2a7a9d7f8863b2f94191004c2ffbf35b95de37ea7e0d9825", 0x3, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r3 = syz_mount_image$nilfs2(&(0x7f00000000c0)='nilfs2\x00', &(0x7f0000000140)='./file0\x00', 0x4e2f, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180)="5b5a0f2b2b805c7eef5ed29ee9d9e28ba026918b0d750c7e9735fb08f205df56983f59a70988d7bd", 0x28, 0x5}], 0x2000400, &(0x7f00000004c0)=ANY=[@ANYBLOB="626172726965722c6e6f7265636f766572792c6e6f626172726965722c646566636f6e746578743d73797374656d5f752c6f626a5f757365723d2f70726f632f766d616c6c6f63696e666f002c61707072616973652c736d61636b66736465663d2f646576fea2766d002c7065726d69745f646972656374696f2c736d6104006673666c646f723d5d5c232929212f242c004d0d859e29c0cde2ec09e28fe5203273e457dac26e9877ba096ea1bc9be9b99172606029665b28c324298ed5bff175b91cb60cd243e4253ce5b1753526fa4e2c9af6afc51f3bbe2cb1afb650bee0b893113bea67c57b8694a532df4ac41d4f3588d19ddf5f0d198bfe50b806167cd19843839c566be900af612c137a0ab3ee5a47543ca986d18d5c2c06199b4f2a"]) mount$9p_virtio(&(0x7f0000000280)='syz\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x2006010, &(0x7f0000000600)={'trans=virtio,', {[{@nodevmap='nodevmap'}, {@version_u='version=9p2000.u'}, {@access_uid={'access', 0x3d, 0xee01}}, {@version_9p2000='version=9p2000'}], [{@func={'func', 0x3d, 'BPRM_CHECK'}}, {@obj_role={'obj_role', 0x3d, '@:/]&$\\'}}]}}) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000340)={0x81, 0x60f56c3e, 0x0, 0x7fff, 0x6, [{0x40000000, 0x4, 0x2, [], 0x189}, {0x7ff, 0xf48a, 0x7, [], 0xa08}, {0xff, 0x0, 0x7, [], 0x3800}, {0x8000, 0x4, 0x3, [], 0x201}, {0x5, 0x100000001, 0x0, [], 0x89}, {0x4e5c, 0x9, 0x9, [], 0x3408}]}) 13:26:51 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(0xffffffffffffffff, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1239.926010] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1239.929897] syz-executor.2: [ 1239.949688] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1239.993929] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1240.009007] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1240.017356] NILFS (loop4): couldn't find nilfs on the device [ 1240.034180] syz-executor.3 cpuset=/ mems_allowed=0-1 13:26:51 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="c4008000190001000000000000000000fc800000000000000000000000000000fc01000000000000000000000000000000080000000000000a00000000000000d6154d7a7b9a057cf3094036733da392b5b4adafb673c4cf81c8168dfe1f032869b9c9db551115c2764d15138dc38af806a0156d33237437948ceed1813dbe6bf625229b9a40da3bc1c5fdf57f00f7904b4803b18a02632c1aa890b593739f96177580aceeccf73bb6d852b0618f42615680937b234393b9a0ee6853c03e2eb141d6eaaa0dc2f003bbb8d6a2431df008892cc033c5017d3a5fa4bcfa6146c6ad80e8327f515cb15c06113ca8b9480b2d2d35ce96c61ea249bca60d5e65c7af3d3b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015000000000003000000"], 0xc4}}, 0x0) clone(0x0, &(0x7f0000000240)="fb45a83de7b1ed0a", &(0x7f0000000280), &(0x7f00000002c0), &(0x7f00000005c0)="13b1ef22d3c468dbe91c694a489d9ac93b40c96dd22b0b73ed1ae31086abfef6ba7e9b8822592c35b2f1c776b1decf1f1a027f83b16fa0cd99bc700fed8ec4acfdf25f9858acdc96f34d4a13f9b5bde0d533b38487d118085a6fae20743f6a22cabb514785b10aa7369b2227aa5a96325d19b23fb65af74fb3899298fcf7f13619d9ded2450da21b8191c90428e4c23035c4bdbd94a383afd077160e8603c1f7def15862667ffec74f4db182f688c90cb18f489c7591aef47b2b552eb83381a806a9c672c11ed0aaed8eb88538daaee23c89c50d5fb8ba5533feeb120291a5d0e4c9f826f9d789a0df") sendfile(r0, r2, 0x0, 0x8001) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) clone(0x40000100, &(0x7f0000000180)="71e6db274b7e65e67c0fb70617447066a0f737d8b40dac369529ca0e05a90e652cbe270e148481e0d6dbf063156dee1c2886422ef70de48eaae69d9afff1a23345f40cef7cc35b7fd61545d2a756d852ea5ffbc7759580cc", &(0x7f00000000c0), &(0x7f0000000200), &(0x7f0000000840)="d8b4aaf150beec494f334a6f6db379317cb5689a7ea4d11bf78b9428f47aa64c8835b92227b4510ec160cfa45160662ec7e509b1ad6cc91316250a52d829c80fb567de1ab77b0c44a0991d18397b7a95265ad3028a3dece0d3d7169bc895ec2c7ee479cd3fdf0b71b9217875b8c06b27af4fbd4c3f7b1737da2b1ec8cf5cbe15074ea2093582755e9bbafba8ad95c29676fc394abae026055ab5159f437e989c3f78cd3f84dd66f533e320ec9b70eb2b2f200436c381463128fb82a9b449486a9531faec4937d64447905ef4b654df11291a709c467f61fca9717987f723be1d2980531d322dce5dbe382d6bb1e8418f8ab886cdd9c2001ac4a4f7a392fea32d38333b9c8a24ae0c464d4ab81b8f1165c27e2ec8868cbb0d604993cb96ccb70a0214a8ce0c4935355e87e9499cca90f4c703cfbf9e1abd9144359d7237061514de7d59cd802e34dfa115440d7a41e391eb0b78f3dc2ec921572e5ca8113f1b90025a7d48391fc9dab25514d406beba0ec81824530801a409673922700603086fd93a5121785924a7ec6d9fbe5fe7d13ec2f61b9945eb5ac70efc4a3d0a03165512993fcc045bcf8f581af34351855482464c3abe433f963d98770011f5249cab5ff42281712226022b8941495634317ae9e68eac494f4912ec01d96a21e38aada8f03912e602266e5b0f3828c4326ae25770b3bb99ba4d2d5a3f532fd12028c057e3296ca9000d7f7fab21075a9916e79d9ed333d462d9bcb97de273832994bb7328aaecef95a0408e40206fbcf9e225f81e3c2e103b414319ec31cfe636ca8296fa48c4cc8e9681ecc40cb3b709ad6cec3067b8c948a3ca606d040b9a7a6bbb4695fdc9b2c8771955a29dca5b8a7198456af5fced0b3ac066467d094fad0b4244823b4b07590f666936de73d16d31d054e2ecfe8d416d3bcdf7bf77e727f687a6a011d3155230fb612c1484b985983cafe59bca09f03ca2666eb5bbd93eb1d266c0197a9d4eb1505e10edb8d1604c4cfb1d4162fc895a002e495210a5144a39c98cf0c42fbeade4cde7a986ffe47a00a9e13af4f30c07802470ae7ca65dcfa95a24b03899ffb081117b2ceea0bd4c58e15b19ecedef32367a0254d650a204ab19978b1c6aaaa6214c177199c8623bbdd5e4c4f16c519249b107c817937b170ba54c3b6f5cdf98ff7c4758e3b828c6543a1cc72286cca85b25e4679fb15b36e69f27cdf1dd7754ea18aa261f9aabe02e39755e84556dd5d762e96e3496139573aced390146224098474f8f19d4dfa1d2461341d966c5eb539b07a8157ae6810f4daeaf6d2dc2210e5012043ab8cab9e2931f94ed01df73882abdd525c4d4159a962d2dd5e9d3cbeef77b43bb79944c7aeb8b13227b4257188a8081f3bcdacf25874c3eb9bc2030476dce08b1f776530c2fe42636b08a86bce01825b48915398c99e9ae3e50c29b609b17b40001fae016f595e3f377303c48f8118c21133c68ab4d04dc8b0f13f25ebfbc4bab0b811dee92a844d56bb3bd93222581937c5210e3ad0ff7aaf392c0ed58ea2f8d49fd5d6e7c5907d52aaa0df23fcf762904e0e91d3864887023944c280747ecc239c843d385725aa154b7330e67fb1ea9492e675456e4624e19f6ae641882592b2d78388e92e81c493c87655985791f76509e6137cc8ed70d67fd46d818a7ba601f28526d40b56778b5d18c827c551d9fb52386007890e946b679f8c92ac78730b0356c5a058b291ae0249332347585926984d790fc27d61b7c8aa8c14e68f45260eeaa2407734bcbfb295bfe3e2d45efd9eefefaac40b73b88e086e7e8f59cde392252e97135b4b82f8c6502cf50d38e3eb3cd47d60f0f804228809b59e5ca5e825f8963c88e66d914691421a812cdf1c055bae67a836c749318988b7bccac8178f652bac5e803eab7fb13e45e0766d6ea18a6b8932c92a1d4da2c1e6e6bbd16e75039ca795151766055cac62b5c1d3c653d735c6b118ec54bfbd88025d994e60c84ec3c381bd6ce9fab3f5f6be099eca64584dedace587928d487e1a1dd5dd79e17f39c5494b15eda10596bbd80476cbb550ef1950da745f00abba52ca274b84b9551c075d6143eb48c515bb298fc1e4446a918483e8d6f3d20bddb82c48e59720b571da43d003de067de44c8f67d6f39e2fef8d3b6e0788e1d37ac104267feba93d19119412eb91bfc68b0a4bd1a60b34fbde9169f0a9e8bfa7a5d7e120c4c228b2db9d2e9328ac299410a1cdad98739518410b0074822f945b081f0b0c4c5681461eacaa0b91cfe19d578a3a1813596b183eca4742653ad535baefc120767d0cb2e9c4e762009d11122252ffa8dd1534ffc86ce56dc608a53b38a83770829be822c0605b0e6fa79098efba6a76d10391d679a4c30c5c9615f9998499b6ee3e904b30138e2a3822435c7c7b0170661b887352b00dd04d4f2263960b3a9428034ff299364f0aefcfc231823a04a4cbde7b2e9a8a5d7242e3462f069dd0bc32a977cd43b016588c9f7a37a4254a13bdff7d34223ac7c4a683a2640f6ec83569d978b4f3eae3a2f954a1b9fb3012ee11d22419349220287e53213c593782ceecb961fa9c37440baeac21f2cafd203a575d1f91b29e0a905ae156b5a8f72112c3a75e3768c84fbd3434c5543eeaf369f9db4660e0e2b82dc42fd8400bd6d4080ba58e89bf521582c55df13552affcfa1461a9e1204ab5df7623251ac7b0afa590f30ddb3c514352ff1ca9e755b9c5068c87e7969a68971247913119409c85228e5078cd72d824f1a7dc57543f79faf7158fc90bd472eca83775c505335336e2eeeb2f152ae7c51536529bdec64bdd1e6a7bda85b94a5f2b5faf7d5a43dfd34315841d3ee22c37ba6c3d974c25c4a77f76a6f1c5baf095adfb09e7f841b1fb279daf6ea6f97b75dda24799392fd7733f012f2a67de54b557f1f9f06c0cc5676e62cb27402091f36413c71836e782b744b33113f38f20202b0f70b80faaf74615d17802817c067e1e6e616f3af2386f080651c73dc4943657461618402543117345a3085f7284f5a3bf73e6535a57b88a0330915d1b2942cf7b8505a70d43d0b1cc3d14857e5eedee8b9fc745cc956e4819261b5ee64cc5c5829367b20650b6015d0dcdf643447438e2292e88a38aa4988be978a787ca1a9a3c8d021233f0aa71742242b2c0bbd4fd454897f758330c03f823daf78210559b2deb8dd476fdcc5faa52ae9af60448bed2f0385d14ae46a456a76a96e3a5289450722720c0bf7b85be16f221d9391acdc03e666473533261331622b157074bc31cd4ab2f446a6b9b325121b3ae1d5fa517c43b7296017a233cdde9c1ca7e04365769e62ec4c84ef9ee2b0e67a3a588acba89a85c24f50b04055ebc34cc33cb149200c56ea9ca6dd8d18f16cb28a8372fabe7c003803821334569cc4ce192ad63f6d0b03f9add16a533753b3d846f24f17bad77c0a43d8e381edbded72388ef48cfd255703cfda831ff776d742725f9fa0a47f796ad09babfec937ebed90b624858ba793a6f7782a04e0a732809ad4cefe83db264b220eabed32e13730d868b4b207a635fb807e8acf7060f1748c56344b7d7d2e39e4c0458d781e939038d269040041988f999d0c504cf64dd7f08a6d070a7c656aabbb691157712c694c5d152439543a9c7aa46214c623b4da92c1c8225b8a3717b1178d6171cd6db0dfd48af44851e7f5279448fb75a1cdbfe02386073eea60be37c47c5a0dfe0b958394373b6a271fa1e201ca8a373f5b5a042017d6c3b49f5361cf96f080be6f51fedf03919ac43ccd8e796940e7cb9ecdee506c12b1f07a7c24221d9d65768ba6db48a346223ad22b7fa535fa0216d4add91975daa3f1d57b89c05ae93b6b522185d7d401012981ce9ce7d0062f4f2e133deaf11cc3f1dc382180195d0df678e514c7cc864fdd4cfb892e2b6ebe7b391c1fb6516eae7b03ff5165001d31264e5541e9ae5e81f99d934444d5166a5883c7d87b608b97e8cbd139e325cbe7d76fc9789a2d36d72ba0a57452d3ac36839d37279b316aadb8cabecc3be3e452759bd6dfec74a6da39d2a7f47612328b5b7ccef56ac1baf8ce2332da92dab3711f0f081269698e29b1f66cb6f01f5dc9301c9e2630713a21d16e55d40815fcec6355cbcfc152e52175a8e5fa1b82bb029cf85026f8317fd552ee9ce430ad361e84e746ae32b5e2b113ddc60014c0ff4d4bf1c6fe65144be1a8fd217c2fe58ae6c56297ea8a6395e6f9db7121664e72dba81ddda5f7d2937d02618450af1c26a2f41e483d132a5f27c7ea8a0a8cd350b1c1cfbfd764de865ecbe890d36caf192babed71ab13434e93067ed2d9d584f8930868c1b5e18953ddfb636e2ff0439f4d5546137dfc00eb332b8fc34964e706721a57099e4699b012fe77c3b41f40068d6db376a0dc4d3810e3b34a3c560b544443ea282c1437f1240872b66739048b501fecb5a15e6fc2fb915dbdcfe7e227a9bff600938070730b8f1ba228200177cef59a68fc3c54aa8f5c6de9f9361ddb1fa13ee88d98e3ad70588d59fd877cf489704dd825b1ed7ad1bc4816312c2c23d8ec44c86a3539f4cc12d2158a7c6ecefe59e0755b35a07f720149df2246b91dca412067b801612649864d3d40b857ce314afa1cbda8896d58bacfeffeb9ef03f240c10c99a926db50a1430eac272a39c73c67aa087aaa01c030f767350967b12fff59c68b20ede63f6981089234bec063e62aed998ae28a7c5ec9ff55fff673ef7c6883fd6f19c4dc1063b04362c2f5fdebff6cd16acde88e5ef901f1df8efe81c689d22cf14afbb414e205af3d733c7a93992c11db72b9eac29cb7fb3d4f6ee3d4e6c43102ea07abc76296a0f4b2caff19886f9bc0b6489fac3590f5fbcc37fa6c2cc1032ea60162591a3924dd1b6f51bb771dd5013ebde742ff81cf0fba084f063f4243e76be548f4ef22a80cdf9d43e8f45631d3c363a6c37e8905aad937ff1af707a5cc70c250e1561de83743a681200cf0280ae7829cf16c4858c374596b2a9b2014ee285ebf4657b320acf00e87d9866f3e4e8cd8ef2e6844236d277884b80365101dc68ca9be5174961b934d7792974351eeb5d4e01bdaa36fe0a6996881c4cfe56b1d5f8ddde31aae712698670dc4a69728ce408bc69b6e3d17b373b7ccabd7d0aff12bb477efcd6da1f8b9aa6e3734e56f40de0232e6bbda34350745e2544f0d9b2e4fb44e30cba73edc9dc32ae764c131ed1e323a8aabfb88fb25e5562327b63471c847176fe9af35025aa5ade3cc9e5067b6e416a356902f3160b33ce4a4310df263c659f867bbd49a0a273bbce0a1b3a96777a5b1be098b33895c39e987d6a247cff3c266a7a90721a82c9983f443f977ff1ebdca4f5306136248bf0899880bb857db2a4b69d0d4b7fdc9b802c0d20168f91b075d88e04ccfc8facba1f1a5784359eac143f2c0923b25d1652d5e9bb19c388df29d74bb4f395e8e98fa4f45b215ff5a2e581b5bc6afd8e3629d81786fd975195ccde2d39e7518d928195d50be031fe2cfd5479667507ab01e77b3527bb0b15cacde24d6d55328b90334c254d3568048843b79ef98f498ee6fd0eed9ef26abae7e4d85ca9eb2cc192caee5d3daf5ca2e96ebcd0ebd7ef811e5c3f492831c0027411861c93d3483202e800fbee94c1bcac61b5393046cacf34d68f57fa4c6dd256310f4a40b427edf0d00ede28cba542ed93c52b3bc5632a2e5a984488debe67b28525ba3763f1b15595b8722e9fad95838f7ef2c6e75651ec0ddde9b") socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x4) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x600100, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) [ 1240.042334] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1240.057173] CPU: 1 PID: 6952 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1240.064973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.074311] Call Trace: [ 1240.076881] dump_stack+0x1b2/0x281 [ 1240.080494] warn_alloc.cold+0x96/0x1cc [ 1240.084466] ? zone_watermark_ok_safe+0x220/0x220 [ 1240.089296] ? wait_for_completion_io+0x10/0x10 [ 1240.093947] __alloc_pages_nodemask+0x2127/0x2720 [ 1240.098781] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.103604] ? perf_trace_lock+0xf7/0x490 [ 1240.107731] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.112575] ? do_raw_spin_unlock+0x164/0x220 [ 1240.117057] alloc_pages_current+0x155/0x260 [ 1240.121465] kvm_mmu_create+0xda/0x1d0 [ 1240.125337] kvm_arch_vcpu_init+0x282/0x890 [ 1240.129639] ? alloc_pages_current+0x15d/0x260 [ 1240.134204] kvm_vcpu_init+0x26d/0x360 [ 1240.138088] vmx_create_vcpu+0xef/0x29d0 [ 1240.142135] ? __mutex_unlock_slowpath+0x75/0x770 [ 1240.146957] ? drop_futex_key_refs+0x2e/0xa0 [ 1240.151370] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1240.155414] kvm_vm_ioctl+0x4ca/0x13e0 [ 1240.159300] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.163441] ? check_preemption_disabled+0x35/0x240 [ 1240.168443] ? perf_trace_lock+0xf7/0x490 [ 1240.172572] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1240.177672] ? perf_trace_lock_acquire+0x510/0x510 [ 1240.182581] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.186712] do_vfs_ioctl+0x75a/0xff0 [ 1240.190496] ? ioctl_preallocate+0x1a0/0x1a0 [ 1240.194897] ? lock_downgrade+0x740/0x740 [ 1240.199028] ? __fget+0x225/0x360 [ 1240.202480] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.206438] ? security_file_ioctl+0x83/0xb0 [ 1240.210829] SyS_ioctl+0x7f/0xb0 [ 1240.214172] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.218159] do_syscall_64+0x1d5/0x640 [ 1240.222033] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1240.227202] RIP: 0033:0x465f69 [ 1240.230382] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1240.238088] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1240.245338] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1240.252589] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1240.259841] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1240.267092] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1240.280014] CPU: 0 PID: 6942 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1240.287819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.297172] Call Trace: [ 1240.299760] dump_stack+0x1b2/0x281 [ 1240.303391] warn_alloc.cold+0x96/0x1cc [ 1240.307367] ? zone_watermark_ok_safe+0x220/0x220 [ 1240.312219] ? wait_for_completion_io+0x10/0x10 [ 1240.316980] __alloc_pages_nodemask+0x2127/0x2720 [ 1240.321843] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.326691] ? perf_trace_lock+0xf7/0x490 [ 1240.330844] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.335703] ? do_raw_spin_unlock+0x164/0x220 [ 1240.340206] alloc_pages_current+0x155/0x260 [ 1240.344621] kvm_mmu_create+0xda/0x1d0 [ 1240.348510] kvm_arch_vcpu_init+0x282/0x890 [ 1240.352832] ? alloc_pages_current+0x15d/0x260 [ 1240.357414] kvm_vcpu_init+0x26d/0x360 [ 1240.361319] vmx_create_vcpu+0xef/0x29d0 [ 1240.365386] ? __mutex_unlock_slowpath+0x75/0x770 [ 1240.370229] ? drop_futex_key_refs+0x2e/0xa0 [ 1240.374637] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1240.378698] ? get_futex_key+0x1160/0x1160 [ 1240.382934] kvm_vm_ioctl+0x4ca/0x13e0 [ 1240.386835] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.390996] ? check_preemption_disabled+0x35/0x240 [ 1240.396016] ? perf_trace_lock+0xf7/0x490 [ 1240.400168] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1240.405294] ? perf_trace_lock_acquire+0x510/0x510 [ 1240.410226] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.414375] do_vfs_ioctl+0x75a/0xff0 [ 1240.418177] ? ioctl_preallocate+0x1a0/0x1a0 [ 1240.422584] ? lock_downgrade+0x740/0x740 [ 1240.426737] ? __fget+0x225/0x360 [ 1240.430189] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.434164] ? security_file_ioctl+0x83/0xb0 [ 1240.438573] SyS_ioctl+0x7f/0xb0 [ 1240.441935] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.445913] do_syscall_64+0x1d5/0x640 [ 1240.449815] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1240.455012] RIP: 0033:0x465f69 [ 1240.458200] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1240.465911] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1240.473179] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1240.480537] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1240.487809] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1240.495077] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1240.512988] CPU: 0 PID: 6946 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1240.520804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.530157] Call Trace: [ 1240.532746] dump_stack+0x1b2/0x281 [ 1240.536382] warn_alloc.cold+0x96/0x1cc [ 1240.540359] ? zone_watermark_ok_safe+0x220/0x220 [ 1240.545214] ? wait_for_completion_io+0x10/0x10 [ 1240.550501] __alloc_pages_nodemask+0x2127/0x2720 [ 1240.555360] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.560150] IPVS: ftp: loaded support on port[0] = 21 [ 1240.560199] ? perf_trace_lock+0xf7/0x490 [ 1240.560212] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1240.560235] ? do_raw_spin_unlock+0x164/0x220 [ 1240.560249] alloc_pages_current+0x155/0x260 [ 1240.560265] kvm_mmu_create+0xda/0x1d0 [ 1240.587703] kvm_arch_vcpu_init+0x282/0x890 [ 1240.592107] ? alloc_pages_current+0x15d/0x260 [ 1240.596677] kvm_vcpu_init+0x26d/0x360 [ 1240.600575] vmx_create_vcpu+0xef/0x29d0 [ 1240.604622] ? __mutex_unlock_slowpath+0x75/0x770 [ 1240.609455] ? drop_futex_key_refs+0x2e/0xa0 [ 1240.613849] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1240.617898] kvm_vm_ioctl+0x4ca/0x13e0 [ 1240.621772] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.625905] ? perf_trace_lock_acquire+0x510/0x510 [ 1240.630822] ? check_preemption_disabled+0x35/0x240 [ 1240.635838] ? perf_trace_lock+0xf7/0x490 [ 1240.639974] ? perf_trace_lock_acquire+0x510/0x510 [ 1240.644888] ? kvm_vcpu_release+0xa0/0xa0 [ 1240.649019] do_vfs_ioctl+0x75a/0xff0 [ 1240.652826] ? ioctl_preallocate+0x1a0/0x1a0 [ 1240.657214] ? lock_downgrade+0x740/0x740 [ 1240.661348] ? __fget+0x225/0x360 [ 1240.664785] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.668741] ? security_file_ioctl+0x83/0xb0 [ 1240.673147] SyS_ioctl+0x7f/0xb0 [ 1240.676493] ? do_vfs_ioctl+0xff0/0xff0 [ 1240.680452] do_syscall_64+0x1d5/0x640 [ 1240.684326] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1240.689502] RIP: 0033:0x465f69 [ 1240.692686] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1240.700377] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1240.707628] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1240.714878] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1240.722129] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1240.729381] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1240.738937] warn_alloc_show_mem: 1 callbacks suppressed [ 1240.738940] Mem-Info: [ 1240.746887] active_anon:841094 inactive_anon:18064 isolated_anon:0 [ 1240.746887] active_file:9468 inactive_file:33690 isolated_file:0 [ 1240.746887] unevictable:0 dirty:150 writeback:100 unstable:0 [ 1240.746887] slab_reclaimable:16180 slab_unreclaimable:195062 [ 1240.746887] mapped:62332 shmem:8997 pagetables:17511 bounce:0 [ 1240.746887] free:493879 free_pcp:242 free_cma:0 13:26:52 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req={0x101, 0x43, 0x6, 0x3}, 0x10) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) dup(r5) [ 1240.793676] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:26:52 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(0xffffffffffffffff, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1240.827320] Node 1 active_anon:1255116kB inactive_anon:53484kB active_file:37864kB inactive_file:134760kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32228kB dirty:600kB writeback:400kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1240.860338] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1240.888087] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1240.924923] Node 0 DMA32 free:28072kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:248kB local_pcp:144kB free_cma:0kB [ 1240.972774] lowmem_reserve[]: 0 0 0 0 0 [ 1240.976955] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1241.010743] lowmem_reserve[]: 0 0 0 0 0 [ 1241.014913] Node 1 Normal free:1936772kB min:53696kB low:67120kB high:80544kB active_anon:1255276kB inactive_anon:53500kB active_file:37892kB inactive_file:134804kB unevictable:0kB writepending:604kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16160kB pagetables:38508kB bounce:0kB free_pcp:544kB local_pcp:360kB free_cma:0kB [ 1241.055708] lowmem_reserve[]: 0 0 0 0 0 [ 1241.062396] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1241.088932] Node 0 DMA32: 842*4kB (UME) 273*8kB (UME) 689*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28064kB [ 1241.109770] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1241.124095] Node 1 Normal: 1*4kB (E) 82*8kB (UM) 176*16kB (UM) 120*32kB (U) 81*64kB (UME) 238*128kB (UME) 289*256kB (UM) 119*512kB (UM) 33*1024kB (M) 14*2048kB (ME) 414*4096kB (M) = 1936084kB [ 1241.148309] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1241.214272] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1241.269179] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1241.332081] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1241.386091] 26314 total pagecache pages [ 1241.410791] 0 pages in swap cache [ 1241.429827] Swap cache stats: add 0, delete 0, find 0/0 13:26:53 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x0, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1241.451238] Free swap = 0kB [ 1241.460141] Total swap = 0kB [ 1241.493012] 2097051 pages RAM [ 1241.502303] 0 pages HighMem/MovableOnly [ 1241.516855] 363840 pages reserved [ 1241.523636] 0 pages cma reserved 13:26:53 executing program 3: ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000000)={0x6, 0x3, 0x4, 0x100, 0x2cd, {}, {0x4, 0xc, 0x8, 0x1, 0x1, 0x8, "34c01c01"}, 0x7, 0x4, @offset=0xffffff93, 0x4}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:26:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)={0x8, 0x18, 0x1, 0x0, 0x200, 0x20, 0x7, 0xc3, 0xff, 0x72, 0xf7, 0x0, 0x0, 0x2, 0x6, 0x1, 0x6, 0x0, 0x1f, [], 0x20, 0xfffffffffffffff7}) 13:26:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) signalfd4(r0, &(0x7f0000000000)={[0x10001]}, 0x8, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x9, 0xed, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f00000000c0), 0x2}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0xffffffff, 0x200}, 0xffffffffffffffff, 0xb, r2, 0xc) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) [ 1241.739143] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1241.750594] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1241.796221] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1241.805110] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1241.831446] CPU: 0 PID: 7041 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1241.839261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1241.843287] syz-executor.4: [ 1241.848605] Call Trace: [ 1241.848624] dump_stack+0x1b2/0x281 [ 1241.848639] warn_alloc.cold+0x96/0x1cc [ 1241.848652] ? zone_watermark_ok_safe+0x220/0x220 [ 1241.848671] ? wait_for_completion_io+0x10/0x10 [ 1241.848686] __alloc_pages_nodemask+0x2127/0x2720 [ 1241.848712] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1241.848722] ? perf_trace_lock+0xf7/0x490 [ 1241.848731] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1241.848751] ? do_raw_spin_unlock+0x164/0x220 [ 1241.848764] alloc_pages_current+0x155/0x260 [ 1241.848779] kvm_mmu_create+0xda/0x1d0 [ 1241.866339] page allocation failure: order:0 [ 1241.866765] kvm_arch_vcpu_init+0x282/0x890 [ 1241.882189] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1241.885226] ? alloc_pages_current+0x15d/0x260 [ 1241.885242] kvm_vcpu_init+0x26d/0x360 [ 1241.885256] vmx_create_vcpu+0xef/0x29d0 [ 1241.885270] ? __mutex_unlock_slowpath+0x75/0x770 [ 1241.907918] (null) [ 1241.911542] ? drop_futex_key_refs+0x2e/0xa0 [ 1241.911556] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1241.911572] kvm_vm_ioctl+0x4ca/0x13e0 [ 1241.911585] ? kvm_vcpu_release+0xa0/0xa0 [ 1241.942797] syz-executor.4 cpuset= [ 1241.945339] ? check_preemption_disabled+0x35/0x240 [ 1241.945353] ? perf_trace_lock+0xf7/0x490 [ 1241.959329] / [ 1241.961890] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1241.972838] ? perf_trace_lock_acquire+0x510/0x510 [ 1241.976313] mems_allowed=0-1 [ 1241.977767] ? kvm_vcpu_release+0xa0/0xa0 [ 1241.977780] do_vfs_ioctl+0x75a/0xff0 [ 1241.977794] ? ioctl_preallocate+0x1a0/0x1a0 [ 1241.977809] ? lock_downgrade+0x740/0x740 [ 1241.977824] ? __fget+0x225/0x360 [ 1241.977833] ? do_vfs_ioctl+0xff0/0xff0 [ 1241.977846] ? security_file_ioctl+0x83/0xb0 [ 1242.009209] SyS_ioctl+0x7f/0xb0 [ 1242.012564] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.016532] do_syscall_64+0x1d5/0x640 [ 1242.020424] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1242.025600] RIP: 0033:0x465f69 [ 1242.028780] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1242.036481] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 13:26:53 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.stat\x00', 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001500000000000300000045ce731618da"], 0xc4}}, 0x0) close(r4) r5 = socket$inet6(0xa, 0x800, 0xd971) connect$inet(r3, &(0x7f0000000240)={0x2, 0x4e22, @multicast2}, 0x10) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r2, &(0x7f0000000080)=ANY=[], 0xa) getgroups(0x3, &(0x7f0000003d40)=[0xee01, 0x0, 0xffffffffffffffff]) sendmmsg$unix(r0, &(0x7f0000003dc0)=[{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000680)=[{&(0x7f0000000380)="2ed1131a3a9b6c8c5c3e44feba99f9b3b6dbd033bf83fc7f9ae2c0dab42c25dc7cb2a56928b4828a632b492353e3df6e3b10d456650e5cece83e1cbd00c107ed1d1dbb57ebfa6ff40f0ba2f145304a4a7ef55627080a5381cae55985eaaff30cd284ad9fd26e6e96f2de999319aa9cfe2a273e4d96323a6af35476f349f84ce777d9786ed79c83359c4efd416192b8411c58a6e152d191534726fddde4889bc20929", 0xa2}, {&(0x7f0000000440)="6ab27f637e39892b88c41f5bacc74c3277bc3e82f82d2db1e928415ffcb7e44f06c41f7f326c5481506d368b306d2301f9a5342a432cbf9a296289c2dd54ee2fa9be3224abf8559e", 0x48}, {&(0x7f00000004c0)="d57c88c2b63100a7de0a987237c6e2df88", 0x11}, {&(0x7f0000000500)="53e18b8a8b20d3db376e1901871df8efde9f084067da058684653d02e0897739171bffcd0d2dd70f23e6205e9d43a6b5e087ac9faa15b23611e7bc3ca3e7b67bf85f79cb7a7788e0a4dbf2cfccad778d704aabc511d9620fbe0e9a2cdb4174a2d50feb8c6eca88f339c927ef0a44614017ca03b6b6bf4f64fb5096f8f543839107ec94eb24e2a1e9bdb9a60e", 0x8c}, {&(0x7f00000005c0)="69f4d48e8b2d0c364d128b24", 0xc}, {&(0x7f0000000600)="a890bcbe90602b8a6d22bfcf79231be1a16605bf15f96e7dfed7dc22402b44e97d3508bebab23840eb5ea36c38ff82fdb0bab7272f746e407a88f21d9e8ed7680bffb6e5713a70d98138e6dca54e59b1c326cbf77b16b1219023", 0x5a}], 0x6, &(0x7f0000000900)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [r0, 0xffffffffffffffff, r5, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r1, r4, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd0}, {&(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001c80)=[{&(0x7f0000000a80)="c340bb4483bc944d6093150b1717215dddc4dbcc6942c7bde7ee105028ce4a03770556f3e2ee6601c18e9d67bc53f28d19ec2a2dc9725b55e3f0f6bcdd05917b494640db94ccf3470b467eedb7cb3737aa8976e1215c585e53ef7b0533b638bf2b951995a153b20f102217e3d7b58cbe4af182f24628747bc3448963862b1a55e4c27c145ef652d9422db1a6f3cc9881ed64266904f738b50108c829d44431ec7800c468465353fd766c2fd26d1259e8de71194453809b54adac6bd88a5820b22f6cfd1c1baa6b4646bbb6247d882501b84572e2b040a2b5f4937ccc15e02934dc6516cdc8", 0xe5}, {&(0x7f0000000b80)="0b755cef6bc46bcf90256ab11e3d0702955aeec56b4d47c1139ce8bd5b36d9c64ea2e2924d4a8d7e9a43ac5fd333b6b77e15644fed360c0c2017273ef3dd051bc222c332ea56d4c30dc421ca46c07131d09424109b7d52cb62a1832c7c2b56dedee8438c7304de83e3be1e0ecae123f343b194db22494e0c9050fb5420d1afefb067280904463f63a753ebd331052aa1064a1694d6ca10eb58a4c0f0cc5ebe89b926847b28cd5c02bf5e8dc35cf933a063843026d8b4be43fc0ab65edc6b20aa1323f9e348d8dfb49cd11018492d9129164ca4461a7495c120929731cf377dab35e0ed816e03ec051efa4b785afb1adc3b65c39f9e460ebb048b64ce23a1b049036eb63977111648c03daeaad9fbeffab4157bfaabe511bec211ef85901c62aa4946732af2d84a5477d0190dcade279f1311911f342a52e6b0af52346e4addc36dd04b8a45bf8db1b0a95f50b73e97d154ff80215f1dddce399d5965edb7f289868344eb6ec81d0a4828c3f5877ceb430f830ed116fdeaa1c39f03a2ca5e2f848659bcacf343a72bd06c1d6596e78f96dec1b751d84f49b669fd46cec29807eb2fa3b1d3e7c8572ad783d28a6327b3a27aafe36180ba49a649ff3a218f50413fe7e172e8f110ec68cd72ecd8ba34ca73998f282c9a81970b49b567b26bfb3ca24c2d307cfca632e0b3a285dd5a43b241efbf4374ac8959d1c89a0ea96eadd45c0aed0bb76b36c8fc1f2af468c65c57b251cc978a7ea9fe8f4985a5f5fd2cf96666e4e7e80d05cdef2fdb5642052c710f57b41efe82128a7ac075ed34b736256d5aca350fa75a2b0a2b2391037410ffd156e99c606b6ff36a17c6772853db8ba247b0eeece6cbec6ef3a34e78a2f5ba88e47449b039b58931a730e51e2b60433ae6f2165c1ca47b84e46ffed6d68116ad99eba8aae2ff50c743f8aa10429c0351b9a1f3a1a7ad12577b8bc78d8e33c9d88053b44c503a94bacb5aaf4eb5b905928abe3c57665e3d2d64670e0403b34385f07cbd94313f1c7db8c9c60caa6a247bdbc2992d73d9e53e5e358998b8959d43ec63c106470d918b847493513b18cd6c67743a6c41098b1830555d6aa3a24e37e13a13e46c297ac407d689d1d4e6066ad54bb0e0635e5d9a60599dee228f560fb20a2a015ca2c7ee82c70c257983d7a6f044358d016f17a9740ced482fd11360d31d69d356b615309690f1b5a4255a033f0c23147281b7b4a7c571502342d53fb8c3ab9ad1f78aae7fe328df94049f04ce589f3b88830a0101c03db0fd5300574b77114a866e8a2c3437a46c21b345847ee575ed696fb10070a248624eda6e57503ac353bf847b4cf5d5f0b54581bd4f5bc43f23156e45dce38e5036cba1fd1515998f535450ff00cc6709d8633237cadead28b0d7d86bede9d62e5df43900033c9313717dbd904e3ba5034b31c081cce69d36a9cf9e37690e57fff778efba481b4ad5ba268bafd4186a77edbbe4e13519532205f558924737f4af44069f5aa0fafe774a61fa69a64fc80c08ea5f31a33de28727a88f827b9107a566692cc4c76633b9e2175b41e04383b55cf5042e1d4ddfd4d50a1eb3345b8af8b811fbd7accfd797a2bd701000394dbb6f7d1ca83b239fabb8a09fe7b989d5252e0b0514f7b8ed56214d13feca76eef5f5e722c15a218187b8a5b279b64fc63a197d20849b6d1b45e05c5ddac8c7e7cb9b3dda7db6083f27aa1eabf26fef434d93aaff09a2c4a47578d89f9fec0cc8ad7c970fdce4072cf6acf7d0d5e470cb3edf5a79dfd1b686580aaf289faee594e671faf78abaa52f35bb1e90140bda0332917ffa9801209bea86e4635903c4bda6b4b07e81450658a13c1863b8133c266e7aa0fe69d2b1d6e7544512d64b11fe0059ae2a1a3662932ceb244738c8dcd860c49e87a21d06ffe9ce35391a07f02458e07f37982b3ba1a0fbeba3747135a1ee59fe433c0f5861c440ff85e3ba0be45bcd9f1866adf77fb7fa001a0b715ad63cddfed42c5b464ea1085a678d698196fb9fb1e3ac043bee7a589165bc73d7633724c7fa8394778b55dd6fbae20f47407cdf3ed724c3a8902fb8621411828d3838eede12193579b3d9f8a2a85a72521723e1984a03d7fa64e0fdfce3a0a1ad4a79aad09766285b18777c1b82fc091b14385f929ffd5eb62b74c17960280f512df6354b684fdaf46983f44099dc0ae1cbb877133c4af3c660be00f4293f3c9115f47156ae9396df96acf68c1864847b46ffd1add7c94780d987bf2cb000bf213f5bf592af2e56ca7604a9a8b596736ddf2491841f5489bb3ca8b86d6da3285eef1bd1d03a7fb476115bc6869a788cdbac8ea93ddf7955637b66b99991cd1aaeba29616cf9b860ac6fca19f46ac15b3967de273d3077693ece764997dde31e7126fd64cc75ab1238f5d192b3d245fff78dc02c29f517d1744c6060fc22ef3e9a3ff98ddb1683f49a3f32ec2873154acf48a8b50b874e3dd4246c7a988962e44877462fe7ac42bcc550852d10fbae1690a23f60cd91f287a9e3d11c2f94394bd0562db580173b6b79fc0cd11f5428f0f71cc9340fc81e581a1b13a1a03308cb4e2e5e63771cdf0f983bd9979f93154c053e918c8132929bc3d642a3c762fdd44fb9265a4b8da87fced8e336e7cb5ee55308b055ed1c6ad386ff322239bcc17076a071a38c1d217524a5c28c1bc67067e605a4cc505180850c184d742a3eaeb4b349272ea8a7b22a2c4acfabcc6fddde18af13d88c87301af4d85aef602d329e349a2b7caedf4e7d68279cac82b1e5d343ca077c9b65a1e7b3d9f0bc3528437ba1e5e6be7065056f32388d60e5dfddfa22f60d98a642c37b74523a330733e570200b26a68937e3958c762dc7e225f3e37a4317f71393b17eab3fa81793cc6e857ac7c7075a50256912ffc041d612a4808c4c356c8ca4dae3fca8b46fe530d6b6292f0aa84729fd970bf414b54afaa55be37110f6ae7af4d9737939d67a4035c2967ee96123e75beeb43a525e26c36c19e98718b9f949eb5eab439a5d9710dbaf134a3dfcbe3df75f3c09f472bc16c6a23b2f1784e0d711e7d5e2a6b7b65b03017cda77fa7ae4e8601cb80fda8d8ec329fbb31bd40672ef3204b309fb5bcc2fff1d74a4a588bbddfa91f88102a4f6a1a07d582cb09c036909b911e00a1926da43c35f9cd7b61a1918f80f9f7757adb41f282f8f239ee9bb68ea99f227f2b2f98bb44c5879925ea36fea3e6b2f9dc98e1fd7ff3263d700a1216303bfc4a4c544640a77a8e36dbea6ea737cd25cead9cc65123af3f0fd712199b6735fbd63c5503ec085da1082109975232f95dce3fb7ba5ffd1e516309566d2bc786ead3eaddeeed329a1f7a3f037b92af9a749d12856c565d6dfb6f2156e04d1865682f25f0f3c6f163d98d034b4645ab814b9b2bf00d2ccdd7e4dc4dd95127b50ab94a5c5e114d199938ea1bfe6a923af7a454acca708400e66f82d0d7fab365f5cd63c8b6312e3210d6761aef2bd0ae8eaf1c6bab28307ceca91c2f28e64f9c31bbbbf66661840effcb9cdbd798eaf7b9efcd0898dc048672bec2836a026304684cab6066268694f5e38cb5013e7b3b944be96cf90123bc824e400c2799747442ecc5cd067c2ba027ce143257e0949ffaf42768999872e11f343480ea55ac3643908842d546d4bf8f9635502e154d243d3449c41c07334cd1e8053468b0dc85d629d10c86b9cb125786f4e132af348e93f50d232915931ea21b48a546ee2f9d2103a163fadd18c2cdd3907187f810492c72d9496df9c88a583c93dab18b10c0f27fae988762902d786c576c174a1069005f58f4b20c586e18f410996995a235c85f485808e3d872a708adf88fb34e589bd8299a8a44c9afbdb07b04c0d9d01a4468101a16ac6cd45ca88ceba51cb6ded35d7d18608a2475774dc90dea54e7155335457d48b0a9bc062a6d01097bddf3f201259792f5e1b842464aaba82189bbdb4a08ac6cead87df6eac9fdebc0a8fc946d3c2fe70e51be6b319e5ad2e371a2909c86850cd5ce6cae8aa5e62269e6963db90b5394c7d9ddb1c974c106bcbedc46bc5f696cc75bf8c47b0def6b5754c338d00679fe7429be4894f6fef358df608aee41517969bd0d9ce8e72313fe25ecc2ffa13e3a5bf0c7f1cdaab29b235f5634f2bf3e4d59f2262b605dad6213be0a2eb0af5642d75fae7edb65bdd943119743d44a36d39f4ef27d833324050c354caa6561cdc45f41467e063a04d8dcdba3c0bb0e2a9e41463d794ab3b65b16855155df841027436a34c928e6564cccc1b1882db9db39ada3cdbe6159c7788c8feeb9b7e20feddcb1801b88fb350bbcd1c3c155c9dbc8c138029ec86139c788d0085ae7b5b3d49d67c5171309f2e42b6cdab8506392916b1d417a081d65e3bddb3b825da51f61116c312b711e1ff8857e4ee2e929718a2b6ccfb13e7e760f81e853282019587a8083de3714772588dfdba7a00e9d0cf62a24518c6cd74eef97e8da54a246daf9ec5acc41d179d188b034697d4b3286850f1b805e372dd8d7d8479c8a7ec6cb358096d40e3094b66e3e999433ffcd36001df9b72563bc986d0dc1b58c5107634c66bdf10db6388a12349966405bc96caaed120f1a1e77b1fcf916082699f46c2456dbae6a1d1575417bd777d104780b72b760d2a120950da05d25c210e1127bd7921bbcb1cefac35d2ab2483df21feaf3c65f6888b9718af84a156d9bfaf044209260e5b309dd2213a79324707b01dc503171b46da40ebf0fab0a40382578c42cc5e0949f3315f7cadac33e60d7dafdc00acd625b8882178bc68970500870bc777bd3af160bea16a7993dc3ad30dc8643430e8ab9011262e621dc7014dc3e741b47d89f831ab7aa32513a8976db3753b0b8590956e7c79c4b7f56622288aed75e5edcdd49c308349586b49e48e9e8239281796b4f0c10001dc2f1d2643a69cbba29cc325c2c62afe13c7e5c93cdb270dcf9745ad9f4e94c7838115c55f199f3c8aba513ccc4c112e55c4f5afad5c841b6268d070ec7ba7788ff75f638705acae2d265dfbe06ee7e40c1e479a66b17f61b2684893ff4f30fcf82676cbd9fcfd43a350ccd6ec2be5a67c3fdd6189a159e9566dfda2076c028489908f8f3f48b391fca764aed440a4b7bd16c926df1f0b271c0839ef5f90a8e844ab98ce642d7b8ca819ae8eb56cd8dd45d9a4ac619d4397daf7e62777745b19f779198bb62e4a113ab18159dc2f4068e530c84d0787edfef28995297a080ab681d9ccce72bfa98652ce9847a6507c021c9ce395b4c0a28f2bb2e9e1bc84907b68de9ecbe624252b4166fb07fc62198dff96aa1d0f1475ff5de8b58af236b4237da16c2feeaa8ac6d27c5b63c43c6720cac919e9798881f02e42c035afaad98eb3cf8d9d9b1a10dc25cfa8b37a38e28b61283b9f605a65ad8ec999b436aaf4b8c128770daadce646cc917824f787f053468f8b7b8870c7ac15c3426dbe674bb438dcc14701d0639f5610549f735ec01a41010d9fd7c000de080ad177b8251ba98a1a38d73806dd8448d8d456df0bc57b94692e78ef62dcb8f19ea23a25ce1b5d7e9bb3645c66df4dbde85317c44a95969329c1203bd3f44e2956f75c99c7203a1989334ba493cab95cfcd2895ad985b862b4bfd94b219baa3328f451cfc8c8396ab3a1e31cc0871a4d66a449a05dee0a0f441871d9af885a5b29118b1822917cabc798f8e0f7552a7ce6e1e7356dd9da372538d9e264e5954b6211cadf3e011e1531ec427367fe67ddfb175d6532f332fafc", 0x1000}, {&(0x7f0000001b80)="1e5438f4bb8498757a3abeba7e4e7e46fc15084a51ee5b7a61a9087fa6f2b4e8d1eab6dd113f17738c4e73d55b54eb9427ac516766000ebacf96a1", 0x3b}, {&(0x7f0000001bc0)="6fa385ecc5072681401b1bd74f12a16495a4836f2e056605b2e5a00a28c8d2b49e89b76790ec916bd3a51007bea10a350875eda68008be758e660b74989c5cfd3d05b55036babb8b5a83c7ce1f2622b90169ee65f0f68d05cc9d3e7fdd51e2b0136bb0bae7c196eb311903c2c963fb832407c7ad44c3e1b7a9bda8a50d120f5f038160576111348d1bbdfb77", 0x8c}], 0x4, &(0x7f0000003d80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x40, 0x20004001}], 0x2, 0x4000000) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r8 = socket$netlink(0x10, 0x3, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000280)=@req={0x0, 0x3ff, 0x5, 0x9}, 0x10) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000002c0)=0xfffffffffffffe6c) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1242.043748] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1242.051007] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1242.058284] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1242.065545] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1242.074763] CPU: 1 PID: 7055 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1242.082578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.091954] Call Trace: [ 1242.094540] dump_stack+0x1b2/0x281 [ 1242.098166] warn_alloc.cold+0x96/0x1cc [ 1242.102138] ? zone_watermark_ok_safe+0x220/0x220 [ 1242.106992] ? wait_for_completion_io+0x10/0x10 [ 1242.111670] __alloc_pages_nodemask+0x2127/0x2720 [ 1242.116531] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.121373] ? perf_trace_lock+0xf7/0x490 [ 1242.125524] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.130455] ? do_raw_spin_unlock+0x164/0x220 [ 1242.134942] alloc_pages_current+0x155/0x260 [ 1242.139347] kvm_mmu_create+0xda/0x1d0 [ 1242.143223] kvm_arch_vcpu_init+0x282/0x890 [ 1242.147536] ? alloc_pages_current+0x15d/0x260 [ 1242.152123] kvm_vcpu_init+0x26d/0x360 [ 1242.156008] vmx_create_vcpu+0xef/0x29d0 [ 1242.160058] ? __mutex_unlock_slowpath+0x75/0x770 [ 1242.164886] ? drop_futex_key_refs+0x2e/0xa0 [ 1242.169278] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1242.173325] ? get_futex_key+0x1160/0x1160 [ 1242.177546] kvm_vm_ioctl+0x4ca/0x13e0 [ 1242.181420] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.185559] ? check_preemption_disabled+0x35/0x240 [ 1242.190557] ? perf_trace_lock+0xf7/0x490 [ 1242.194692] ? perf_trace_lock_acquire+0x510/0x510 [ 1242.199603] ? __might_fault+0x177/0x1b0 [ 1242.203663] ? _copy_from_user+0x96/0x100 [ 1242.207909] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.212062] do_vfs_ioctl+0x75a/0xff0 [ 1242.215864] ? ioctl_preallocate+0x1a0/0x1a0 [ 1242.220270] ? lock_downgrade+0x740/0x740 [ 1242.224430] ? __fget+0x225/0x360 [ 1242.227888] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.231844] ? security_file_ioctl+0x83/0xb0 [ 1242.236235] SyS_ioctl+0x7f/0xb0 [ 1242.239601] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.243567] do_syscall_64+0x1d5/0x640 [ 1242.247449] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1242.252621] RIP: 0033:0x465f69 [ 1242.255814] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1242.263646] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1242.270906] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1242.278163] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1242.285442] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1242.292702] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1242.299971] CPU: 0 PID: 7036 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1242.307770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.317117] Call Trace: [ 1242.319708] dump_stack+0x1b2/0x281 [ 1242.323365] warn_alloc.cold+0x96/0x1cc [ 1242.327347] ? zone_watermark_ok_safe+0x220/0x220 [ 1242.332200] ? wait_for_completion_io+0x10/0x10 [ 1242.336889] __alloc_pages_nodemask+0x2127/0x2720 [ 1242.341750] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.346594] ? perf_trace_lock+0xf7/0x490 [ 1242.350743] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.355593] ? do_raw_spin_unlock+0x164/0x220 [ 1242.360109] alloc_pages_current+0x155/0x260 [ 1242.364519] kvm_mmu_create+0xda/0x1d0 [ 1242.368405] kvm_arch_vcpu_init+0x282/0x890 [ 1242.372724] ? alloc_pages_current+0x15d/0x260 [ 1242.377308] kvm_vcpu_init+0x26d/0x360 [ 1242.381198] vmx_create_vcpu+0xef/0x29d0 [ 1242.385263] ? __mutex_unlock_slowpath+0x75/0x770 [ 1242.390104] ? drop_futex_key_refs+0x2e/0xa0 [ 1242.394514] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1242.398576] ? get_futex_key+0x1160/0x1160 [ 1242.402815] kvm_vm_ioctl+0x4ca/0x13e0 [ 1242.406702] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.410903] ? check_preemption_disabled+0x35/0x240 [ 1242.415929] ? perf_trace_lock+0xf7/0x490 [ 1242.420078] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1242.425186] ? perf_trace_lock_acquire+0x510/0x510 [ 1242.430115] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.434272] do_vfs_ioctl+0x75a/0xff0 [ 1242.438073] ? ioctl_preallocate+0x1a0/0x1a0 [ 1242.442478] ? lock_downgrade+0x740/0x740 [ 1242.446643] ? __fget+0x225/0x360 [ 1242.450096] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.454193] ? security_file_ioctl+0x83/0xb0 [ 1242.458623] SyS_ioctl+0x7f/0xb0 [ 1242.461991] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.465966] do_syscall_64+0x1d5/0x640 [ 1242.469862] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1242.475048] RIP: 0033:0x465f69 [ 1242.478235] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1242.485943] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1242.493211] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1242.500478] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1242.507747] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1242.515012] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1242.570679] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1242.600588] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1242.604709] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1242.631449] CPU: 0 PID: 7065 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1242.639248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.648596] Call Trace: [ 1242.651187] dump_stack+0x1b2/0x281 [ 1242.654817] warn_alloc.cold+0x96/0x1cc [ 1242.658792] ? zone_watermark_ok_safe+0x220/0x220 [ 1242.660848] syz-executor.3 cpuset= [ 1242.663641] ? wait_for_completion_io+0x10/0x10 [ 1242.663658] __alloc_pages_nodemask+0x2127/0x2720 [ 1242.663683] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.681522] ? perf_trace_lock+0xf7/0x490 [ 1242.685671] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.690527] ? do_raw_spin_unlock+0x164/0x220 [ 1242.693555] / [ 1242.695022] alloc_pages_current+0x155/0x260 [ 1242.701135] kvm_mmu_create+0xda/0x1d0 [ 1242.702114] mems_allowed=0-1 [ 1242.705035] kvm_arch_vcpu_init+0x282/0x890 [ 1242.705045] ? alloc_pages_current+0x15d/0x260 [ 1242.705060] kvm_vcpu_init+0x26d/0x360 [ 1242.705073] vmx_create_vcpu+0xef/0x29d0 [ 1242.705087] ? __mutex_unlock_slowpath+0x75/0x770 [ 1242.729797] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1242.733869] kvm_vm_ioctl+0x4ca/0x13e0 [ 1242.737755] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.741892] ? perf_trace_lock_acquire+0x510/0x510 [ 1242.746812] ? __lock_acquire+0x5fc/0x3f20 [ 1242.751044] ? check_preemption_disabled+0x35/0x240 [ 1242.756060] ? perf_trace_lock+0xf7/0x490 [ 1242.760208] ? lock_downgrade+0x740/0x740 [ 1242.764353] ? perf_trace_lock_acquire+0x510/0x510 [ 1242.769289] ? do_raw_spin_unlock+0x164/0x220 [ 1242.773796] ? _raw_spin_unlock+0x29/0x40 [ 1242.777945] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.782091] do_vfs_ioctl+0x75a/0xff0 [ 1242.785886] ? ioctl_preallocate+0x1a0/0x1a0 [ 1242.790285] ? lock_downgrade+0x740/0x740 [ 1242.794473] ? __fget+0x225/0x360 [ 1242.797923] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.801898] ? security_file_ioctl+0x83/0xb0 [ 1242.806337] SyS_ioctl+0x7f/0xb0 [ 1242.809697] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.813666] do_syscall_64+0x1d5/0x640 [ 1242.817560] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1242.822739] RIP: 0033:0x465f69 [ 1242.825914] RSP: 002b:00007f5884799188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1242.833611] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1242.840877] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1242.848319] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1242.855586] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1242.862851] R13: 00007ffd2f6bf3cf R14: 00007f5884799300 R15: 0000000000022000 [ 1242.870130] CPU: 1 PID: 7064 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1242.877933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.881102] warn_alloc_show_mem: 2 callbacks suppressed [ 1242.881105] Mem-Info: [ 1242.887302] Call Trace: [ 1242.887320] dump_stack+0x1b2/0x281 [ 1242.887335] warn_alloc.cold+0x96/0x1cc [ 1242.887346] ? zone_watermark_ok_safe+0x220/0x220 [ 1242.887364] ? wait_for_completion_io+0x10/0x10 [ 1242.892786] active_anon:840961 inactive_anon:18064 isolated_anon:0 [ 1242.892786] active_file:9472 inactive_file:33702 isolated_file:0 [ 1242.892786] unevictable:0 dirty:201 writeback:0 unstable:0 [ 1242.892786] slab_reclaimable:16217 slab_unreclaimable:195614 [ 1242.892786] mapped:62274 shmem:8997 pagetables:17384 bounce:0 [ 1242.892786] free:493597 free_pcp:243 free_cma:0 [ 1242.895117] __alloc_pages_nodemask+0x2127/0x2720 [ 1242.895144] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.897777] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1242.901308] ? perf_trace_lock+0xf7/0x490 [ 1242.901319] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1242.901339] ? do_raw_spin_unlock+0x164/0x220 [ 1242.905341] Node 1 active_anon:1254584kB inactive_anon:53484kB active_file:37880kB inactive_file:134808kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:31996kB dirty:804kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1242.910112] alloc_pages_current+0x155/0x260 [ 1242.910127] kvm_mmu_create+0xda/0x1d0 [ 1242.910137] kvm_arch_vcpu_init+0x282/0x890 [ 1242.910145] ? alloc_pages_current+0x15d/0x260 [ 1242.910157] kvm_vcpu_init+0x26d/0x360 [ 1242.910170] vmx_create_vcpu+0xef/0x29d0 [ 1242.914856] Node 0 [ 1242.948923] ? __mutex_unlock_slowpath+0x75/0x770 [ 1242.948934] ? drop_futex_key_refs+0x2e/0xa0 [ 1242.948946] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1242.948961] kvm_vm_ioctl+0x4ca/0x13e0 [ 1242.948974] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.953861] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1242.958626] ? lock_acquire+0x170/0x3f0 [ 1242.958636] ? lock_downgrade+0x740/0x740 [ 1242.958653] ? check_preemption_disabled+0x35/0x240 [ 1242.958664] ? perf_trace_lock+0xf7/0x490 [ 1242.986484] lowmem_reserve[]: 13:26:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$netlink(0x10, 0x3, 0x8000000004) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f00000007c0)='SMC_PNETID\x00', 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x20, r5, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x20}}, 0x0) sendmsg$SMC_PNETID_FLUSH(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r5, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x814) sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x38, r5, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4040081) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1242.990534] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1242.990547] ? perf_trace_lock_acquire+0x510/0x510 [ 1242.990559] ? kvm_vcpu_release+0xa0/0xa0 [ 1242.990570] do_vfs_ioctl+0x75a/0xff0 [ 1242.995430] 0 [ 1242.999868] ? ioctl_preallocate+0x1a0/0x1a0 [ 1242.999877] ? lock_downgrade+0x740/0x740 [ 1242.999892] ? __fget+0x225/0x360 [ 1242.999901] ? do_vfs_ioctl+0xff0/0xff0 [ 1242.999913] ? security_file_ioctl+0x83/0xb0 [ 1243.028323] 2717 [ 1243.032647] SyS_ioctl+0x7f/0xb0 [ 1243.032655] ? do_vfs_ioctl+0xff0/0xff0 13:26:54 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x0, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1243.032667] do_syscall_64+0x1d5/0x640 [ 1243.036567] 2718 [ 1243.040841] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1243.040850] RIP: 0033:0x465f69 [ 1243.040855] RSP: 002b:00007f8db8961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1243.040867] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1243.047466] 2718 [ 1243.049290] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1243.049297] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:26:54 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f00000001c0), 0x0) write(0xffffffffffffffff, &(0x7f0000000100)="e661ef6e91098b4c1c7555580f864b9d6c28d98b17b67e2911", 0x19) write$binfmt_elf64(r1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="5f454c44065b05100600000000000000babf9f3c5997dcf38149e3929750f94100c7bfd22fa71cfa5a5d67505d6111d73dfc94271182c654c17f2f3147e3ef90ed23170ad24309e4dd71d311b30121db7e3d294ddfb4b72b0668091514204e79c8d212c2a3d8138e633dce888d7a70138bd236c48c7755309eba53e8a9b227a8c30293be0ceccd2ea3d9c60368957b4823321bc43ca0b2e1ef79813a2e1ef78d3c36c2b14ce33c06b3de24992fc179b88794adc5e5b461e6a10dc7358fb023edc5370a5258345ed57194869aa72e82aa030eff871e797bed260046aa5594c3e2383923d7311d2b679896062b0dd02ddb22e058d9377d775203e39ed68129ef0f986ff30b72a997310e0000000000008990fcbd541119dd37f4d3b1c8632c92d5c84c8e61e2db065931a0b9fcc55357910e0e6430aa8bc90f32d6"], 0xa) write$binfmt_elf64(r1, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x20, 0x0, 0xd7, 0x9, 0x2, 0x3e, 0xd8, 0xc8, 0x40, 0x35d, 0x80000000, 0x80, 0x38, 0x2, 0xffe0, 0x9, 0x3}, [{0x1, 0x9, 0x2, 0x8, 0x3, 0xe1a, 0x1000, 0x400}, {0x6, 0x9, 0x8, 0x1, 0x3, 0x1, 0x5, 0x1000}], "5e1d97b87a1aeb70ab49f236b43e67a0da3f995e7011e0cbf8fa2abdb0021fd24ecc7a0ac5ce2213a82e2540a8b0b7f1b254d98085a9ce48afe29cdd0729fc83ee189d05bc653ffdda089bd2529b6d651e59c955b714bfafd7ff43e32fe4c3ca4f905b08edcbe4de1f45dff54d4936ce51704f467359140cf660ddc277550e3b5ab08a30d328ed7e3f215b8279233deec41ed8e19fa8de2329cdbb308e7ee090a0926b1502ce45608f8e9929bd6beb9044771f582c0daacc38c6c504d04cf10eb2060ce32591e429df69b0477b8fde836bc6ac0178a008a3ba8ee429e98f95", [[], [], [], [], []]}, 0x68f) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000080)=0x4) creat(&(0x7f0000000040)='./file0\x00', 0x1b4) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1243.049302] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1243.049308] R13: 00007ffe6abe2b0f R14: 00007f8db8961300 R15: 0000000000022000 13:26:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)=0x5) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:55 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x0, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1243.364480] 2718 [ 1243.377109] Node 0 DMA32 free:28064kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:108kB local_pcp:0kB free_cma:0kB 13:26:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffc) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1243.493649] lowmem_reserve[]: 0 0 0 0 0 [ 1243.508698] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 13:26:55 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:55 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x7ff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000280)={r0}) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f00000002c0)="6c40149ae921c65089d6afb581df77fe1390b95f8aed9a06476c46a95090e106c0e67d2c44aec83585bbcbd87c4eb92656e3f12227583ab3a00fc76e6d2d0858197df1a67100fbac6eda1139e0e0a479beba0eb272e91dbeda59c3922e0f49b127bd061ca45792095c703db7d068fd066e2b9c094113267f45713295a684fee07e01d5261b0d55d3b7e4e657e6c6839807d521038ef117d356d69d03cd2c818fa6d567509a827bd2d3030696b67f1b3967623b6cbcd3b5cf7f5a28ac6a1a7042385e7962471c66f6e51c7579a13496a6b74374856dce43bac89e3068da4cda2da805cedc2108b4360046f896924dec061f5e81c35fca42298c1923d78c2c2beb") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, &(0x7f0000000200), {[{{@ipv6={@dev={0xfe, 0x80, [], 0x20}, @ipv4={[], [], @multicast1}, [0xff000000, 0xff, 0xff000000, 0xffffffff], [0x0, 0xff, 0xff, 0xff000000], 'gre0\x00', 'batadv_slave_1\x00', {}, {0xff}, 0x4, 0x7f, 0x4}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x4}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@icmp6={{0x28, 'icmp6\x00'}, {0xd, "d3ab", 0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x7, 0x1}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) r5 = syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x3, 0x1, &(0x7f00000001c0)=[{&(0x7f00000000c0)="6736883c36ddd0d9323589d448512e86ce06e8864b5a53f687f08eb14628fbbce0b9c37bb842a8662bde81f56ea45fa74e200137cae6340c7d009cccaae2641ba27b11391cd8ea0eebd1ca866b846842dafe37b77a5e210eb35dfe00b130b31866f22541888904eca1b4de640046ad2663ffcaf8fc1b522ba9a7b10f884a7c032c55c3bb86e4f8a49c5850cc64ae4700f4ff2efcc3677a8898cd5000979f7355e161d298e8c576ffb28dc0ef2a2891fa3c7a0f37089f876c53123f4757acf949079b8bcf5916e79936bd2958e107c8091ac87641c55c74f34b0bf8b42c8b257b1f8ffca03765a83d", 0xe8, 0x6}], 0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=r4, @ANYRESDEC=0xee01, @ANYBLOB="2c736d61636b6673726f6f743d2f6465762f6b766d002c636f6e8897ce0ba8747365725f752c000000000000"]) fcntl$setpipe(r5, 0x407, 0xfff) [ 1243.551386] lowmem_reserve[]: 0 0 0 0 0 [ 1243.560059] Node 1 Normal free:1940460kB min:53696kB low:67120kB high:80544kB active_anon:1254784kB inactive_anon:53480kB active_file:37880kB inactive_file:134852kB unevictable:0kB writepending:880kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15808kB pagetables:38344kB bounce:0kB free_pcp:904kB local_pcp:488kB free_cma:0kB [ 1243.629906] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1243.630374] lowmem_reserve[]: [ 1243.672976] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop4. [ 1243.699493] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1243.711351] 0 0 0 0 0 13:26:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1243.714513] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1243.735037] CPU: 1 PID: 7147 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1243.742870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.746073] Node 0 [ 1243.752210] Call Trace: [ 1243.752228] dump_stack+0x1b2/0x281 [ 1243.752244] warn_alloc.cold+0x96/0x1cc [ 1243.752258] ? zone_watermark_ok_safe+0x220/0x220 [ 1243.752278] ? wait_for_completion_io+0x10/0x10 [ 1243.752292] __alloc_pages_nodemask+0x2127/0x2720 [ 1243.752317] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1243.752327] ? perf_trace_lock+0xf7/0x490 [ 1243.752336] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1243.752358] ? do_raw_spin_unlock+0x164/0x220 [ 1243.752372] alloc_pages_current+0x155/0x260 [ 1243.752386] kvm_mmu_create+0xda/0x1d0 [ 1243.752397] kvm_arch_vcpu_init+0x282/0x890 [ 1243.752405] ? alloc_pages_current+0x15d/0x260 [ 1243.752418] kvm_vcpu_init+0x26d/0x360 [ 1243.754791] DMA32: [ 1243.757210] vmx_create_vcpu+0xef/0x29d0 [ 1243.757225] ? __mutex_unlock_slowpath+0x75/0x770 [ 1243.757237] ? drop_futex_key_refs+0x2e/0xa0 [ 1243.757247] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1243.757258] ? get_futex_key+0x1160/0x1160 [ 1243.757271] kvm_vm_ioctl+0x4ca/0x13e0 [ 1243.757283] ? kvm_vcpu_release+0xa0/0xa0 [ 1243.768318] 839*4kB [ 1243.769687] ? check_preemption_disabled+0x35/0x240 [ 1243.769700] ? perf_trace_lock+0xf7/0x490 [ 1243.769708] ? __fget+0x1fe/0x360 [ 1243.769720] ? perf_trace_lock_acquire+0x510/0x510 [ 1243.775580] (ME) [ 1243.779194] ? lock_downgrade+0x740/0x740 [ 1243.779208] ? kvm_vcpu_release+0xa0/0xa0 [ 1243.779221] do_vfs_ioctl+0x75a/0xff0 [ 1243.779233] ? ioctl_preallocate+0x1a0/0x1a0 [ 1243.779241] ? lock_downgrade+0x740/0x740 [ 1243.779255] ? __fget+0x225/0x360 [ 1243.779264] ? do_vfs_ioctl+0xff0/0xff0 [ 1243.779275] ? security_file_ioctl+0x83/0xb0 [ 1243.788596] 267*8kB [ 1243.793077] SyS_ioctl+0x7f/0xb0 [ 1243.793086] ? do_vfs_ioctl+0xff0/0xff0 [ 1243.793099] do_syscall_64+0x1d5/0x640 [ 1243.793116] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1243.793125] RIP: 0033:0x465f69 [ 1243.804329] (UME) [ 1243.805881] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1243.805893] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1243.805899] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1243.805904] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1243.805910] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1243.805916] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1243.911953] warn_alloc_show_mem: 4 callbacks suppressed [ 1243.911957] Mem-Info: [ 1243.933198] 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27940kB [ 1244.015902] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1244.028834] Node 1 Normal: 49*4kB (UME) 261*8kB (UME) 57*16kB (UME) 86*32kB (UME) 83*64kB (UME) 241*128kB (UME) 295*256kB (UM) 121*512kB (UM) 33*1024kB (M) 14*2048kB (ME) 414*4096kB (M) = 1937788kB [ 1244.061416] active_anon:841060 inactive_anon:18063 isolated_anon:0 [ 1244.061416] active_file:9471 inactive_file:33721 isolated_file:0 [ 1244.061416] unevictable:0 dirty:235 writeback:0 unstable:0 [ 1244.061416] slab_reclaimable:16121 slab_unreclaimable:195056 [ 1244.061416] mapped:62377 shmem:8996 pagetables:17448 bounce:0 [ 1244.061416] free:493931 free_pcp:383 free_cma:0 [ 1244.066126] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1244.145319] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1244.163769] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1244.167582] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1244.179421] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1244.219969] 26324 total pagecache pages [ 1244.224155] 0 pages in swap cache [ 1244.234057] Swap cache stats: add 0, delete 0, find 0/0 [ 1244.235472] Node 1 active_anon:1254680kB inactive_anon:53480kB active_file:37880kB inactive_file:134880kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32108kB dirty:940kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1244.240451] Free swap = 0kB [ 1244.277435] Total swap = 0kB [ 1244.280557] 2097051 pages RAM [ 1244.283738] 0 pages HighMem/MovableOnly 13:26:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:26:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000440)={0xfffffff8}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000280)="0f320f017d6c660f388190006168f3b9800000c00f3235004000000f300f0666baf80cb854a6ec82ef66bafc0c66ed66b88d000f00d026650f01c40f239066baf80cb8fa1fa084ef66bafc0c66b8005866ef", 0x52}], 0x1, 0x20, &(0x7f0000000300), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="640f1f0500000100ea3330a1a20a00f40f013f0f215cf466baf80cb80794588def66bafc0cb000ee0f789300000000c4c3510f0a680f00d4", 0x38}], 0x1, 0x20, &(0x7f0000000180)=[@cstype0={0x4, 0x1}, @cr0={0x0, 0x40013}], 0x2) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000400)={0x3, &(0x7f0000000300)=[{0x7f, 0x9, 0x6, 0x4}, {0x7, 0x5e, 0x3, 0xff}, {0x3, 0x5, 0x81, 0x7}]}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x63}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x40, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:26:56 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) 13:26:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r2, 0xc010f508, &(0x7f0000000100)={0x5, 0x100000000}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(r3, 0x40309439, &(0x7f0000000140)={0x0, 0x2, 0x2}) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x80080, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000040)="360f01c3b9800000c00f3235000100000f30f3460fd6efb9fe0a00000f320f890000000036f2460f231366baf80cb8069eb48def66bafc0cecf30f005e3a66ba4000ed450f01f8", 0x47}], 0x1, 0x0, &(0x7f0000000100), 0x0) 13:26:56 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="230cc92cba1c319ff311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0xd000943e, &(0x7f0000000400)={0x0, 0x0, "ebc1cda9b240c87b2a4345f33a0f70a2fa013d018991f477b4ac77b7754e9307b74d912c2a36919c83ad883ece19f793d2c6332c26090924abb240be26afc4882c9a6fa72b06a3d78eae9c95c9899195b8655c0b53473688e8885828c431c34b27ef950095775dca503847ab118c6cf01a06e3564311a7687e436f90ef09d0a7506647eedac0826043b0273e68507a1fffb8d96b292fbe4e424cb8c76258db806f0ebd7afe1a01a5f153688ae424dcd9f821b577247a49a1a747ff7ff3798d9131bbefb0f02ae65dce1033a9a4843ba1382d7aa9456a038192d2c914080caf3174754100d30e1576f3385b03650b952dd1e93782a7fc904859aba9d708ec2918", "5db657fe934e4e9857ead2f013c5e8d3aa6b3c2de0bd0f097dfebf69c728c198b13f418fd14353a35c08e97646f0d85365cd97649e3cb6ccb7e87b8353b1284a93703930182d40207ff3fb68236a3aa8efbf976115b4c036dbc2129cdd0b6ed987c2bac5e38ffb9d866a1acd02e534dd6ce56ac257277ef70edad15519aa754a8b625ebd7bdf3915aa4d23c2e43e5527fdc7d4942c918ce0526a85c210f636c1d0846479e441fe1d201af97b2ee93484ed9bd590f6e83cffe7932de16bc4f7b395ef6f362651e5a651b7c64ad64ba0f148123f2a3f3c395f8f8ce7064a82a8e94676944523a5da5311c05aaf7f0bd8bfdbab3fa1b015a1f657abe016c6961455e239ce8f60cb90f44a18cbd84303300ddb778307d5e574ff2c8ee206b74a726f68402fe859ea1234883a3e7b87175dcce2b14d851fb6b57779413342e6f6e955d24ca7df5a8bb50a7baa69ce2bf32d01c310e55de5f89d255d18a51553e438e45a2f88128b58f9b471ea33b596df49706319b7317a8f07b312d4fd218550776008a377064605b0bdc628d16527dfdea270946c83692d1ff73c5911acee7eadfd53046bab23da2d22a9dcfb1b7a7653411417bbec626d9927e251dd45a31e7e341965f9a0e12e2fe71073ff1dfc72a74df7a796d7b56ac175955b886e9a3c928ecc09949f6df06478c7df060605035c14137634e3876f5da1b66a9cdb1e8dc953bdf5ade493047d2bda7c87ba0fe74b8c7a5d826f37a8cb10e7c3a65c0afef3e0fd065ee1d5e6191ea4b1ca843ee4c51bb5d244b17a2bb4263c94ea70f0fc595ea0f0c6c4785811b8dc85d66014cf2e6cfdcfdcf03805358d1268d482c752708ab81a0f79ab3490f5103008b8da3cb8e24f975d69d09b6277b33054fade5877faafa4a98975cd3364bcfc4b44115da3dc2e9f071642fcd167a541ac25164f2a7112a9c484b1a94e9feb37c2351729269cbcea66805fe31108e4bb78d927e94fda04cfdc9e7c5d0a1f91fc1fe02bd7fbeb1a832750c760263ec2e2c918c872bc32af566512b6ee7f6bc2b91d6cacef649056a09ec130fad0b6e34ca217fd3cc42d9977f01924868d7dbbb0e6cac45311b7ef9386a4cccf0365be075ef37e069be17be993a9c11c4e1dc8ae0d7ca7abf03bf33c309d1d0e45a8aa8bb81407e7ce0c924a176856547fc5e69744697cc8bc340adf9177da1a4e6964bd9c9df6282410a5cb5e3dbbc9fa7fa6dd411885f75f4c023c21e55e2034bd83f336c0034cac20237e7fb653e2cfebb1f1acdb123b2559acfd2ac93f2b44ada5ef3f313bfbb37629d57f61a1f8064d120e0fd8194351ee82f806aa7c4ecfabb7904d161a4f0d81cc45fcf1d9599782f317710fb87059b3f3bc01562e83111df48f1da431a238038e91896d55771ded669447f1f8a7142cc61bd9ce3fd6e6bbc5d3650ceb5aecb794c14cc19b5e1c7992de681c8d507ed94454645287beae6fcf99f589e843872b1ce83367d2fcb714d9be255a662553928812c048138391e378501ca7b93a39bc4487dc9e8e81870d88b192be1864fce182c72d9fd8b3f6362f837263f6461c7a2ab7c3247c584628e6ec78ac8441b59f6d283a96e586d9e2424c3a4c1778d85d53601df6cb783ed96f4d7875a4c86861f2672ffae207080c809c629cd86b9ac54973c2a22151e421327c5053006967b04605c5b867d68619b6e790d62a8ace09089171b2df0d43e0dcc0492752d2315d1829aecd8d3cd04ab347124f672f6b09579c45762461e8cd193fd32f02d57f66a395a8cc6927dfc32e12b95e40231827d68ba08b778d75d1f387097d3512f6a9a2fb42aca4ad6701350bb88f06dd2a83a921f3e0b091de3f6cee792160e42ea1ae4338fac7f93a7af6a2d7eecc225803e9ed24773793ee549d96bdc9971ecb8f5de2480c985e386a592ac88ffadd91955973e152266530b2e6164d36b608fd0b0db05b90f47fbd043044dff7b21f22308801d1fcb233a4a19050c9e2f707b4cb9984fe3b051120e86427627f5d73d4fbab0ad0864f62ccefa3c405de6495a0a4a4dbea9cbd70ba48decf19467c257a0c7ca542818161562df7f7ff16ce8ad6d0462a76d0d213cbc7d313804c74fef355dc98e001af5d27823c5f23258b8c891706826684a1680e8dbd59700e2ab54ba83b23f64ac57075f2d23eead3a192119b1fdd361dd947392d62409d23cc4393c3ee9fec1b053c305a19a71a70ff5f901e3faa772164c1afd2cf8a92abc399e8bd3338b18e72e5e6a10e3d93d095e14e1f1fc2bc644e1e4eb42803a2a92383d66051a9a3e46bb5d8ca49c24756df78b7d5eabdc56810d4d5004bdc9f36793e331af340182e8cab9397c3569f461d05b2ab43494ae57f44171cf2adf8831c31c4f85375228cbc8d1ea99af7e57be4595557c2d8aaa8394598fc721527fc24810fcb5c68ff66f40399a034577b9d8831c4e835b63b28085b43987a3243168fa6e72a316421424810ec3a154b882515dc60e6bd0c92c308b869a71e9efbfc912652d28ac92487d5858941090dac7178916692ae01db5e214c8a2bd96315155d709c1a2c918f162a1d2715edab67f0f5fea0aced9d6c7a58d687e3a22cf7819f6b69e8bb85209b824c8fc912a2ba958042ff8c52dc051bb651a815b4c89bd4f3ae0925abbf4e33f1c3ef413b3180d8bb1a2d785b93554891d2b60ed501514d340afc60f6dd9e76faee1342eec5fd001aa8e0e15d2c3ae027c72689399a446c6875099b9968c082786e98b4b2b0778fa1e8c021db9c82bbeaf4f878d36287e05876efaecaa42bd00e6af77f12c04cde04228c1c7cb8f8f3e6b208c9e5144e2ebdab624ce907b3ed5bacfdd4e943143b1e437281ae2f9f275469f9516278cbe698e9d70bf08d92e125d5a80c6b247d609132caf6ae7565e2f890ce681122542896f29ee237f1825dbf77798122d979e39f3440e245a3616129f6e5fb286ef8dbefe9547c44ce9e1cd77f59c443c651820e2882706a2109c20491d94c2283b1e54acbea3baf4926cb8c2b447a539f9b3d6604492802e1dc287b2bf15282d8544d1c4fdd1c1748af5b85c22cd0b5ef7151adc4293b0a6efe0237a9c1e2cc8170c1990365141a0fbbacc60e6834c7cc6bda4db794285e55cc0fa0c722c0b755599a13784811cb7f81ed70c3bf413b1bb967590f4cd96c900d3ca4e46a425cb2f7c61c373c805c95e6849f7a49cc20845a6b347057a59533ec323172c8ef81e1c7316ce33cc5f7d0bb5bb57312934947f3b040ed409ae49b35cb26bed21b229320a1e1a0fd275faddc5ae6913102bf8cbfdc5a5adad39973198ab80310f3b466f0098a865e714666e5aa721630fa47b1930db84fcf1188d791a7d4412778623ec2e3a860fb0d398fa9df488dd3e35acef42976b15e983c8ba7471716561edd68b4f9ad031e76ba91f70745a241defdeac84a4bbcfccbb984c207320da5cffcac7111bd16ade4c02b0a814fc772d3858616f003988fb8f0202b71fe6e231cfd63a15e8856dc3fe8ac89bed290095df1372d15b540f0a3a521c813bf27d195438d68ed71556f42b60a06072bb82658085ab2126efc199aac96750e4cc504836764f0c2e13d0bf00e56b565a0ca277ba0f87068192d0418627a8ba650adece6f6d0284c262f9c0b3e0f6b44351e3ee4db6e7225c36ebc7adf57a1c30def5b17160eba7d87bca7c4da4c607436b5d7f937c8a20f4dfc080ca0e68e3a136c68937313982bf6905ac09e1bb8b77d7c4d939ce09f54157356aa839f72a17016f6e405aef78b1c15949589bee867bf919879f8574c532deee663191cf321fd2b9d6a4cf5c5b733a039409957a09a878cd1e8954e2f7f3a40871705caed0e1329149557376b61bceed43e0217ebb79c42e876bc98a10863d27fde21c5d404e9c3e28b3545854965935c08ec547c4ed5ecf78685b5df16b19a907ab1b50d3db1ec9bf3da781b4c15d41034a967433b1db4facb50d23e3e7a76656a46da65562cc28aded0f99384e0623ed097e367fc690fee2701af38815b7209089b4c4c1028a0619a97d3348e5d00ee190fc6dc413d57bb7b9b717aeeedde623df8c77f92e7ffa559dbfef90ef28ac2ffdd5c4143ad2600b2db67c3d819372a3f5bd4e6df754f977027bd8181f5139ab65860f95832a219b671c58a51e5f7e92d08a349a16acf854cdfe860d7da8c5f2dcaffc666382e25e41ce0027e0702b1c2172aff74dbae0434275832d8df364ec0a7afaa369ce60c6e634b60e2121a8710caaa5f03cef261c6df70924e0b81483a7019cd1aa72aa2df75fe90d006615e158cae5caf5b7bbbf433f6c69c2d5f7f51a5bc365c0524c0207af0691fe5a48d0154d4d942aa40d1f72ff130c79456b64e17d09938e635207b16fe0f48c4d106e4f160f627233ba432b4699daad6cbb5bf13a15377c84ef869f449e5a38b779a9baf85d5280741da22e08c345b2cf9cf7094ae2c1f5c0e7a45524c67133bf7a22479690291f0990cf68303b3ea08b642694ec7181cfeb33473de99e345f0b18d7a0ef92307478db930c42b43120d8dbbc47a6918805742c9bc1582f8aed4e39900135939dad2a1c199f8b40cf90e61c350ddd0e17cf12941a114c7ac484b36e0d15f19501a4d93ca121d5bd67df8a6af11cfb3111e94666c591d2cc4bf3df1e56156643bca454595efd53bb6c37040a1f86d2c48e33b2d635143627601dcb477851b93cb498519b91758e651250db9e38f183f8b758593b78d90d0f993991435d813ebd583fcc8c056c19b4774dc21d9f2386daecb141bc22ae793804f456745677520df05646442d2e21095fa779cab4303f3c1f2dd020d2af41ecbaed29163154bfa0458e2e6ed4b3fe6d048757ac73a08e1656ca1dfc10da6bb840e5c11beddb59bd740bc5f4ecb4713284045decb9d40ea3b615e020955a13f1a30f170cab48bf9fcff7ffd9ba4ba0f90ea3896e2765c549de600d2539d00bb8c253039a01e24c4af57cc8999685f9648a25be6ec3832597283bd67493bd8a8acbc74e1d4b8b418547cee19b34b417e039f4c9c1fb0601dca73f96b2ab1cfd8b9bdc62202b9236da024913f628baa763a55382a741e34c5c9683091881d63b9c9643f95caad3977435968e65997fe221f0515e24ea5f1e0067cae9fa83654516c4ed53a3765a0941d0946d010f520ae30adaec4b8ea23ab7ce4292584bcc34b2f7a9e049dff18dc366b33aff93c1c25e6600488e07ae5e532eb8e026203494f2f94197c5eb89aff0989a84611767743655bda12d1d27e0912a08fb5c943152cb7b4b7df7a7a22161343a23925e9e2d59b4629c0e15e62b818580dfa43eef02222cce2dbbb5ce05fe68e800dc9d6a0b3a594db73a3efe63ce0ad0b01fd780242dc3854e960fa"}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1244.298222] 363840 pages reserved [ 1244.301759] 0 pages cma reserved [ 1244.301774] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1244.382429] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1244.434046] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1244.441035] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop4. [ 1244.444499] syz-executor.3: [ 1244.472529] syz-executor.2: [ 1244.484073] Node 0 [ 1244.488145] page allocation failure: order:0 [ 1244.496449] page allocation failure: order:0 [ 1244.504018] DMA32 free:27940kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:256kB local_pcp:108kB free_cma:0kB [ 1244.505729] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1244.523557] lowmem_reserve[]: [ 1244.541570] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1244.569761] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1244.586968] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1244.594443] 0 0 0 0 0 [ 1244.602090] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1244.605927] CPU: 0 PID: 7203 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1244.635707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.645057] Call Trace: [ 1244.647648] dump_stack+0x1b2/0x281 [ 1244.651282] warn_alloc.cold+0x96/0x1cc [ 1244.655257] ? zone_watermark_ok_safe+0x220/0x220 [ 1244.660112] ? wait_for_completion_io+0x10/0x10 [ 1244.664787] __alloc_pages_nodemask+0x2127/0x2720 [ 1244.669649] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1244.674506] ? perf_trace_lock+0xf7/0x490 [ 1244.677187] lowmem_reserve[]: [ 1244.678647] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1244.678670] ? do_raw_spin_unlock+0x164/0x220 [ 1244.678684] alloc_pages_current+0x155/0x260 [ 1244.678700] kvm_mmu_create+0xda/0x1d0 [ 1244.678711] kvm_arch_vcpu_init+0x282/0x890 [ 1244.684035] 0 [ 1244.686626] ? alloc_pages_current+0x15d/0x260 [ 1244.686642] kvm_vcpu_init+0x26d/0x360 [ 1244.686656] vmx_create_vcpu+0xef/0x29d0 [ 1244.686669] ? __mutex_unlock_slowpath+0x75/0x770 [ 1244.686680] ? drop_futex_key_refs+0x2e/0xa0 [ 1244.699118] 0 [ 1244.699411] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1244.709220] 0 [ 1244.710063] ? get_futex_key+0x1160/0x1160 [ 1244.710082] kvm_vm_ioctl+0x4ca/0x13e0 [ 1244.710096] ? kvm_vcpu_release+0xa0/0xa0 [ 1244.719735] 0 [ 1244.722866] ? check_preemption_disabled+0x35/0x240 [ 1244.722880] ? perf_trace_lock+0xf7/0x490 [ 1244.722891] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1244.722903] ? perf_trace_lock_acquire+0x510/0x510 [ 1244.736421] 0 [ 1244.739142] ? kvm_vcpu_release+0xa0/0xa0 [ 1244.739154] do_vfs_ioctl+0x75a/0xff0 [ 1244.739168] ? ioctl_preallocate+0x1a0/0x1a0 [ 1244.739177] ? lock_downgrade+0x740/0x740 13:26:56 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1244.739193] ? __fget+0x225/0x360 [ 1244.739204] ? do_vfs_ioctl+0xff0/0xff0 [ 1244.739213] ? security_file_ioctl+0x83/0xb0 [ 1244.739224] SyS_ioctl+0x7f/0xb0 [ 1244.739233] ? do_vfs_ioctl+0xff0/0xff0 [ 1244.747244] do_syscall_64+0x1d5/0x640 [ 1244.747264] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1244.747273] RIP: 0033:0x465f69 [ 1244.747279] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1244.747289] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 13:26:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x4000, 0x2000}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00', r3) sendmsg$NLBL_MGMT_C_ADD(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r5, 0x101, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '!\x00'}]}, 0x2c}}, 0x0) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40890}, 0x4000) [ 1244.747295] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1244.747300] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1244.747305] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1244.747311] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1244.800533] (null) 13:26:56 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) [ 1245.003773] Node 1 Normal free:1937196kB min:53696kB low:67120kB high:80544kB active_anon:1254872kB inactive_anon:53484kB active_file:37884kB inactive_file:134924kB unevictable:0kB writepending:1100kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16192kB pagetables:38376kB bounce:0kB free_pcp:1196kB local_pcp:628kB free_cma:0kB [ 1245.094513] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1245.106472] CPU: 0 PID: 7197 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1245.114283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.123634] Call Trace: [ 1245.126222] dump_stack+0x1b2/0x281 [ 1245.129851] warn_alloc.cold+0x96/0x1cc [ 1245.133825] ? zone_watermark_ok_safe+0x220/0x220 [ 1245.138675] ? wait_for_completion_io+0x10/0x10 [ 1245.143352] __alloc_pages_nodemask+0x2127/0x2720 [ 1245.148217] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1245.153062] ? perf_trace_lock+0xf7/0x490 [ 1245.157210] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1245.162072] ? do_raw_spin_unlock+0x164/0x220 [ 1245.166582] alloc_pages_current+0x155/0x260 [ 1245.170997] kvm_mmu_create+0xda/0x1d0 [ 1245.174886] kvm_arch_vcpu_init+0x282/0x890 [ 1245.175158] lowmem_reserve[]: [ 1245.179200] ? alloc_pages_current+0x15d/0x260 [ 1245.179216] kvm_vcpu_init+0x26d/0x360 [ 1245.179230] vmx_create_vcpu+0xef/0x29d0 [ 1245.179244] ? __mutex_unlock_slowpath+0x75/0x770 [ 1245.179255] ? drop_futex_key_refs+0x2e/0xa0 [ 1245.179265] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1245.179281] kvm_vm_ioctl+0x4ca/0x13e0 [ 1245.179293] ? kvm_vcpu_release+0xa0/0xa0 [ 1245.179314] ? check_preemption_disabled+0x35/0x240 [ 1245.179326] ? perf_trace_lock+0xf7/0x490 [ 1245.210496] 0 [ 1245.212407] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1245.212422] ? perf_trace_lock_acquire+0x510/0x510 [ 1245.212435] ? kvm_vcpu_release+0xa0/0xa0 [ 1245.212447] do_vfs_ioctl+0x75a/0xff0 [ 1245.245450] ? ioctl_preallocate+0x1a0/0x1a0 [ 1245.248318] 0 [ 1245.249849] ? lock_downgrade+0x740/0x740 [ 1245.249866] ? __fget+0x225/0x360 [ 1245.249878] ? do_vfs_ioctl+0xff0/0xff0 [ 1245.249887] ? security_file_ioctl+0x83/0xb0 [ 1245.249898] SyS_ioctl+0x7f/0xb0 [ 1245.255086] 0 [ 1245.255824] ? do_vfs_ioctl+0xff0/0xff0 [ 1245.255838] do_syscall_64+0x1d5/0x640 [ 1245.255856] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1245.283321] 0 [ 1245.285916] RIP: 0033:0x465f69 [ 1245.285922] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.285933] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1245.285939] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1245.285944] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1245.285952] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1245.327645] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1245.335736] 0 13:26:57 executing program 1: ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000100)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendto$isdn(r1, &(0x7f0000000040)={0x20, 0x5, "c2438f7e710b15dd8e7732a491e9785837aa21545896af0c612549d37eeef501fde33cdda215703d338194b63fa352bbfeea3c8a0d16b87f743a60f466ba682fb34f58249f90c30bb6f26e"}, 0x53, 0x40040000, 0x0, 0x0) writev(r1, &(0x7f00000001c0)=[{&(0x7f00000000c0)="580000001400ad", 0x7}, {&(0x7f0000000240)="ab53aa262e5062237e6ee308f145af641908ad836dd88dd62c586610fb3ffb4582d4c16a9847a915c43e46cc876d411b6f9225c202a69a50598bbe7d9d0d59cc448b2a8222171f86a1e56eb7bebc19cb394d814bac2a13e431471ecc18a95a5c91d75e24646d655cfa87a780f970685805def2010201c0a896a4395cb61be63c400e9bf9196d7951", 0x88}], 0x2) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="59454cf644c9dbff91319936cbca92ece836d6447e99475625938500a0966c7ab0d2fd2fcd2d82fdbaa158813bad2d1bce62c2e052d46c3716cf5c85ad750bdf9945ed580f2c435211edb55f91a73aa5416f7a0b9cf26e42389c898e4bf68325c533ee623b5aa44f3ca03fec803fee0d88f5b807bc118b519ffea2fe8fd203558314a662b0c347cf74ce7fb893b3f8809d14776ccf639d5e0c52d69ce17042de3902929aa9b7f9b15af8e103ad0fe9c8756d0b7247e96077da13ec"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x13) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1245.350128] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1245.367802] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1245.395143] syz-executor.3 cpuset=/ mems_allowed=0-1 13:26:57 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) [ 1245.412714] CPU: 0 PID: 7264 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1245.420519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.429862] Call Trace: [ 1245.432455] dump_stack+0x1b2/0x281 [ 1245.436086] warn_alloc.cold+0x96/0x1cc [ 1245.440060] ? zone_watermark_ok_safe+0x220/0x220 [ 1245.444917] ? wait_for_completion_io+0x10/0x10 [ 1245.449593] __alloc_pages_nodemask+0x2127/0x2720 [ 1245.454561] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1245.459414] ? perf_trace_lock+0xf7/0x490 [ 1245.463558] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1245.468417] ? do_raw_spin_unlock+0x164/0x220 [ 1245.472914] alloc_pages_current+0x155/0x260 [ 1245.477325] kvm_mmu_create+0xda/0x1d0 [ 1245.480340] Node 0 DMA32: [ 1245.481208] kvm_arch_vcpu_init+0x282/0x890 [ 1245.481219] ? alloc_pages_current+0x15d/0x260 [ 1245.493278] kvm_vcpu_init+0x26d/0x360 [ 1245.497167] vmx_create_vcpu+0xef/0x29d0 [ 1245.501236] ? __mutex_unlock_slowpath+0x75/0x770 [ 1245.506084] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1245.506950] 839*4kB [ 1245.510142] kvm_vm_ioctl+0x4ca/0x13e0 [ 1245.510157] ? kvm_vcpu_release+0xa0/0xa0 [ 1245.510169] ? perf_trace_lock_acquire+0x510/0x510 [ 1245.510181] ? __lock_acquire+0x5fc/0x3f20 [ 1245.529797] ? check_preemption_disabled+0x35/0x240 [ 1245.531502] (ME) [ 1245.534902] ? perf_trace_lock+0xf7/0x490 [ 1245.534913] ? lock_downgrade+0x740/0x740 [ 1245.534925] ? perf_trace_lock_acquire+0x510/0x510 [ 1245.534936] ? do_raw_spin_unlock+0x164/0x220 [ 1245.554723] ? _raw_spin_unlock+0x29/0x40 [ 1245.558874] ? kvm_vcpu_release+0xa0/0xa0 [ 1245.562321] 267*8kB [ 1245.563020] do_vfs_ioctl+0x75a/0xff0 [ 1245.563034] ? ioctl_preallocate+0x1a0/0x1a0 [ 1245.563047] ? lock_downgrade+0x740/0x740 [ 1245.578453] ? __fget+0x225/0x360 [ 1245.580161] (UME) [ 1245.581901] ? do_vfs_ioctl+0xff0/0xff0 [ 1245.581913] ? security_file_ioctl+0x83/0xb0 [ 1245.581924] SyS_ioctl+0x7f/0xb0 [ 1245.581935] ? do_vfs_ioctl+0xff0/0xff0 [ 1245.591930] 687*16kB [ 1245.592438] do_syscall_64+0x1d5/0x640 [ 1245.606165] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1245.611349] RIP: 0033:0x465f69 [ 1245.613445] (UME) [ 1245.614530] RSP: 002b:00007f8db8940188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.614542] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1245.614548] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1245.614554] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1245.614559] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1245.614565] R13: 00007ffe6abe2b0f R14: 00007f8db8940300 R15: 0000000000022000 [ 1245.706580] Mem-Info: [ 1245.717182] active_anon:841033 inactive_anon:18064 isolated_anon:0 [ 1245.717182] active_file:9473 inactive_file:33731 isolated_file:0 [ 1245.717182] unevictable:0 dirty:275 writeback:0 unstable:0 [ 1245.717182] slab_reclaimable:16053 slab_unreclaimable:194727 [ 1245.717182] mapped:62293 shmem:8998 pagetables:17471 bounce:0 [ 1245.717182] free:494285 free_pcp:360 free_cma:0 [ 1245.796708] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1245.849030] Node 1 active_anon:1254872kB inactive_anon:53484kB active_file:37884kB inactive_file:134924kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32172kB dirty:1100kB writeback:0kB shmem:16488kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1245.904468] 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27940kB [ 1245.937917] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.948297] Node 0 [ 1245.993381] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1246.010777] Node 0 DMA32 free:27940kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:256kB local_pcp:148kB free_cma:0kB [ 1246.056481] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1246.083836] lowmem_reserve[]: 0 0 0 0 0 [ 1246.091249] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1246.101131] Node 1 Normal: 112*4kB (UME) 242*8kB (UME) 140*16kB (UME) 91*32kB (UE) 84*64kB (UME) 237*128kB (UME) 299*256kB (UM) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1940464kB [ 1246.189824] lowmem_reserve[]: 0 0 0 0 0 [ 1246.221434] Node 1 Normal free:1941208kB min:53696kB low:67120kB high:80544kB active_anon:1254736kB inactive_anon:53484kB active_file:37904kB inactive_file:134952kB unevictable:0kB writepending:856kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15808kB pagetables:38212kB bounce:0kB free_pcp:996kB local_pcp:636kB free_cma:0kB [ 1246.254953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1246.291795] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1246.320345] lowmem_reserve[]: 0 0 0 0 0 [ 1246.330560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1246.333912] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1246.364993] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1246.393789] 26351 total pagecache pages [ 1246.400895] Node 0 DMA32: 839*4kB (ME) 267*8kB (UME) 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27940kB [ 1246.405673] 0 pages in swap cache [ 1246.449240] Swap cache stats: add 0, delete 0, find 0/0 [ 1246.465025] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1246.465843] Free swap = 0kB [ 1246.506974] Total swap = 0kB [ 1246.520784] 2097051 pages RAM [ 1246.524183] Node 1 Normal: 198*4kB (UME) 103*8kB (UME) 142*16kB (UME) 102*32kB (UE) 84*64kB (UME) 237*128kB (UME) 299*256kB (UM) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1940080kB [ 1246.532246] 0 pages HighMem/MovableOnly 13:26:58 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000040)=0x4) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xa5, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) 13:26:58 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x10000101) [ 1246.569432] 363840 pages reserved [ 1246.581501] 0 pages cma reserved [ 1246.602827] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1246.647972] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1246.708678] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1246.756684] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1246.766085] 26351 total pagecache pages [ 1246.829105] 0 pages in swap cache [ 1246.832607] Swap cache stats: add 0, delete 0, find 0/0 [ 1246.869306] Free swap = 0kB [ 1246.875009] Total swap = 0kB [ 1246.898832] 2097051 pages RAM [ 1246.901963] 0 pages HighMem/MovableOnly [ 1246.906111] 363840 pages reserved [ 1246.939382] 0 pages cma reserved 13:26:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) tee(r1, r1, 0x7e, 0xa) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x1}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="66b94503000066b80a0b000066ba000000000f306766c7442400000000006766c7442402070000006766c744240600000000670f011424f2aa0f323e660f01f066b9ff08000066b85662000066ba000000000f30b8e8008ed0e80c00f2102066b9800000c00f326635000800000f30", 0x6f}], 0x1, 0x0, &(0x7f0000000100), 0x0) 13:26:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00', 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00', 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) getresgid(&(0x7f0000000a00)=0x0, &(0x7f0000000a40), &(0x7f0000000a80)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000980)=[{&(0x7f0000000480)="890724a1b5972dccb0edf56fb28ad670d0f71acb263c9e1d997e4b9326e0b6fe61b8a687b568ddbc36a97fcc0455fe6a5a7f29e317b6fbe2692756f855d8cf0550a8132470cc41ff023b85d847e9faa69e47db7874d48173fe09482fafb618880989e22deddb27ad77a3b754a52f607dcc86", 0x72}, {&(0x7f0000000500)="478deda9640ba0963a27f44e58fa0fffe6154f1b18d53015d3602e36dd53bef9cebff5a40b3474b559893f8b39d410cbaa358d4bb9b1296d755cebf8de13b7b98e7dd9567cccee192fe5048bc7ca20885dbe1dcea8f06b5f0134ea3d5bf9879cf9bc5c1db81c76ae9532fa77899bb5269098328a550ed3d39ca523be42c93297ce2c6b7e1347edf37e433c6106ff648ef7d9606596217cd84c45d2d34cdf7278caad63efe309d4c0ce01260235b9880a86ef73f88b873110a8a8ef892fff57698ccf7ad4c7645ef784f2ed74aa994aeb950a01a7063091da", 0xd8}, {&(0x7f0000000600)="bdad594c723f6f3dd116a310cb94069b08b0b03706ac4ca07ba3a0cc37f32c1bd3d79c24e11e12a5a4f6f07c2a37a8947007f1e99ebb5baae33d25a8cdf0dc95a2511c1fa56d225819b7f6d489658534cf80579a3f350d326972097a1bd50e33e26daf6c14a3c9ee134ff257d9bf5815f3b60d8ec7815475dbaec655dde9fc624581cfd50785fdde4bfb11f814094ae3ff1793d8c7b114f9e1b25c33c361a0d88393fc759c66cf13a8574663f9c6518d60d06316c3db797601c43525cc2805eadf0e6e35f1ff0a89397fcbe0052d7aff5ac092ce1df20f29a157654dac289f", 0xdf}, {&(0x7f0000000700)="6a411a7db0007f4f65be834619cdd18c12ae5f9651c57559f79be9cc68c6db231ec18ec0a116cda4cc51eda8031ce6e24f0ee3a00b202bc785559ba105d692237cd674a5cae51fc636c6adeef18dd4795f528cbfdb494f23c3f5d128a103149aeb089f999ec5d239357a819df62c3eb6758cece66d25949e8f3dbe840c247baaf9cc6ec0a90b3cb1a1b930335e17bcc49b9d483b514192cba39787393c249c4855e5d5546ffdd9e64e5c9005dd4abb3f91cebc1dd4", 0xb5}, {&(0x7f00000007c0)="2b26cc753781c053d68da686a6b8051626128c4ca12b1157a4c720d1f31acd5a81", 0x21}, {&(0x7f0000000800)="b14a6b73871ca441b5d0f3cdb34f55b12c90b1aa2ff693af1cd9312aea2be13a17b75b54482fc8d94e2de1becd13e3de231604d06a91d1b2b03b568d23385a296ad80f9abfa97c8c02d0d9bc46eb192c08cacdda87ac", 0x56}, {&(0x7f0000000880)="07adef21a59e337bd769c654c7d99103fb03349c45239dc8080b4cac875c6418", 0x20}, {&(0x7f00000008c0)="f8466f55de7bbdd4d1c8de5b39b011b481bb7ac31516aeade4d69eaa9a46cc03ca100c147cb3da9802e7cc5c233f3b37af5bd2c41f15d42be20079bb6124aedc7ed9ac5c4f31ef59e87cbb5ae1f5388247cdce30cead2c8d31f3a131ff523afe8f1b4d6d9a809cd75f363cde76edd1edf6b58c52a9070118ed15c2b4b90f2a0f9041e79b7f8399c1c4b86beabf0769c0b25a74316ca50178024f9ef8b6907eb9239038511471", 0xa6}], 0x8, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x20, 0x4008c}, 0x20008005) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x94, r1, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "c32e168d4f2a713dbe2f9cc83b"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "63b7490c40"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x10, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_SEQ={0xe, 0xa, "741e9d4bb57c9ab84433"}, @NL80211_ATTR_KEY_SEQ={0x13, 0xa, "d7a59a9ff9004f0f086b929f67ad1d"}, @NL80211_ATTR_KEY_SEQ={0x9, 0xa, "91d5669193"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) 13:26:58 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5f456c393f44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x7fff, 0x6, 0x9, 0x9}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:26:58 executing program 4: clock_gettime(0x7, &(0x7f0000000000)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) fchmod(r1, 0x12) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:26:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x800, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) 13:26:58 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x0) [ 1247.113935] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1247.184617] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:26:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice\x00', 0x307300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r2, 0x29, 0x18, 0x0, &(0x7f00000000c0)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = signalfd4(r3, &(0x7f0000000140)={[0x6feb]}, 0x8, 0x80000) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000180)={0x0, 0x0, @ioapic={0x1000, 0x1, 0xc9, 0x4, 0x0, [{0x81, 0x7, 0xaf, [], 0x20}, {0x0, 0x8, 0xe0, [], 0x4}, {0x6, 0x4, 0x47, [], 0x9}, {0x1f, 0x8, 0x2, [], 0x1}, {0x2, 0x80, 0x4}, {0x5, 0xfb, 0xff, [], 0x1a}, {0x40, 0x3, 0xff, [], 0x2}, {0x5, 0x1, 0x4, [], 0x7}, {0x4, 0x0, 0x0, [], 0x8e}, {0x0, 0x0, 0x1, [], 0xff}, {0x7, 0x40, 0x1, [], 0x86}, {0xc0, 0x9, 0x1, [], 0x1}, {0x77, 0x2, 0x9, [], 0x6}, {0x66, 0x1, 0x7, [], 0x1f}, {0x7, 0x20, 0x1b, [], 0x1}, {0x6, 0x1, 0x4, [], 0x42}, {0x6, 0x5, 0x1f, [], 0x7}, {0x5, 0x0, 0x20, [], 0x3}, {0x3, 0xa1, 0x7f, [], 0xfc}, {0x0, 0x35, 0x20, [], 0x5}, {0x1f, 0x8, 0x1, [], 0x7}, {0xa, 0x4, 0x65, [], 0x3}, {0x5, 0x81, 0x40, [], 0x5b}, {0x7, 0x9, 0x6, [], 0x1}]}}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x100000000, 0x2523, 0x0, 0xedb, 0x9, 0x8, 0x5, 0xffffffdfffffffff, 0x10000000067, 0x0, 0x100000000, 0x0, 0x7, 0x3, 0xfffffefffffffff9, 0x6], 0x2, 0x1292}) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r1, 0x80286722, &(0x7f0000000440)={&(0x7f00000003c0)=""/112, 0x70, 0x2, 0x3}) [ 1247.235782] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1247.283265] CPU: 0 PID: 7311 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1247.291129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.300484] Call Trace: [ 1247.303078] dump_stack+0x1b2/0x281 [ 1247.306721] warn_alloc.cold+0x96/0x1cc [ 1247.310702] ? zone_watermark_ok_safe+0x220/0x220 [ 1247.315565] ? wait_for_completion_io+0x10/0x10 [ 1247.320245] __alloc_pages_nodemask+0x2127/0x2720 [ 1247.325110] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1247.329958] ? perf_trace_lock+0xf7/0x490 [ 1247.334110] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1247.338967] ? do_raw_spin_unlock+0x164/0x220 [ 1247.343470] alloc_pages_current+0x155/0x260 [ 1247.347880] kvm_mmu_create+0xda/0x1d0 [ 1247.351770] kvm_arch_vcpu_init+0x282/0x890 [ 1247.356090] ? alloc_pages_current+0x15d/0x260 [ 1247.360678] kvm_vcpu_init+0x26d/0x360 [ 1247.364572] vmx_create_vcpu+0xef/0x29d0 [ 1247.368668] ? __mutex_unlock_slowpath+0x75/0x770 [ 1247.373511] ? drop_futex_key_refs+0x2e/0xa0 [ 1247.377925] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1247.382025] ? get_futex_key+0x1160/0x1160 [ 1247.386263] kvm_vm_ioctl+0x4ca/0x13e0 [ 1247.390162] ? kvm_vcpu_release+0xa0/0xa0 [ 1247.394331] ? perf_trace_lock_acquire+0x510/0x510 [ 1247.399264] ? check_preemption_disabled+0x35/0x240 [ 1247.404284] ? perf_trace_lock+0xf7/0x490 [ 1247.408438] ? perf_trace_lock_acquire+0x510/0x510 [ 1247.413370] ? lock_acquire+0x170/0x3f0 [ 1247.417347] ? lock_downgrade+0x740/0x740 [ 1247.421522] ? kvm_vcpu_release+0xa0/0xa0 [ 1247.425701] do_vfs_ioctl+0x75a/0xff0 [ 1247.429518] ? ioctl_preallocate+0x1a0/0x1a0 [ 1247.433932] ? lock_downgrade+0x740/0x740 [ 1247.438089] ? __fget+0x225/0x360 [ 1247.441544] ? do_vfs_ioctl+0xff0/0xff0 [ 1247.445518] ? security_file_ioctl+0x83/0xb0 [ 1247.449933] SyS_ioctl+0x7f/0xb0 [ 1247.453301] ? do_vfs_ioctl+0xff0/0xff0 [ 1247.458401] do_syscall_64+0x1d5/0x640 [ 1247.462296] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1247.467481] RIP: 0033:0x465f69 [ 1247.470666] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1247.478369] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1247.485636] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1247.492911] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1247.500181] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1247.507450] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1247.523532] syz-executor.4 cpuset=/ mems_allowed=0-1 13:26:59 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x0) [ 1247.541329] CPU: 0 PID: 7322 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1247.549143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.558497] Call Trace: [ 1247.561086] dump_stack+0x1b2/0x281 [ 1247.564725] warn_alloc.cold+0x96/0x1cc [ 1247.568703] ? zone_watermark_ok_safe+0x220/0x220 [ 1247.573563] ? wait_for_completion_io+0x10/0x10 [ 1247.578239] __alloc_pages_nodemask+0x2127/0x2720 [ 1247.583108] ? gfp_pfmemalloc_allowed+0x150/0x150 13:26:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1247.587950] ? perf_trace_lock+0xf7/0x490 [ 1247.592102] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1247.596959] ? do_raw_spin_unlock+0x164/0x220 [ 1247.601456] alloc_pages_current+0x155/0x260 [ 1247.605868] kvm_mmu_create+0xda/0x1d0 [ 1247.609756] kvm_arch_vcpu_init+0x282/0x890 [ 1247.614075] ? alloc_pages_current+0x15d/0x260 [ 1247.618660] kvm_vcpu_init+0x26d/0x360 [ 1247.622552] vmx_create_vcpu+0xef/0x29d0 [ 1247.626619] ? __mutex_unlock_slowpath+0x75/0x770 [ 1247.631463] ? drop_futex_key_refs+0x2e/0xa0 [ 1247.635880] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1247.639944] ? get_futex_key+0x1160/0x1160 [ 1247.644184] kvm_vm_ioctl+0x4ca/0x13e0 [ 1247.648075] ? kvm_vcpu_release+0xa0/0xa0 [ 1247.652233] ? check_preemption_disabled+0x35/0x240 [ 1247.657256] ? perf_trace_lock+0xf7/0x490 [ 1247.661406] ? chmod_common+0x286/0x390 [ 1247.665385] ? perf_trace_lock_acquire+0x510/0x510 [ 1247.670313] ? lock_downgrade+0x740/0x740 [ 1247.674464] ? kvm_vcpu_release+0xa0/0xa0 [ 1247.678614] do_vfs_ioctl+0x75a/0xff0 [ 1247.682418] ? ioctl_preallocate+0x1a0/0x1a0 [ 1247.686826] ? lock_downgrade+0x740/0x740 13:26:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000080)={[0x0, 0x6000, 0x5000, 0x1000], 0x6, 0x21, 0x100}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1247.691067] ? __fget+0x225/0x360 [ 1247.694526] ? do_vfs_ioctl+0xff0/0xff0 [ 1247.698499] ? security_file_ioctl+0x83/0xb0 [ 1247.702908] SyS_ioctl+0x7f/0xb0 [ 1247.706274] ? do_vfs_ioctl+0xff0/0xff0 [ 1247.710253] do_syscall_64+0x1d5/0x640 [ 1247.714150] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1247.719341] RIP: 0033:0x465f69 [ 1247.722528] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1247.730237] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1247.737514] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1247.744787] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1247.752062] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1247.759339] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:26:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000240)={0x1, 0x0, @pic={0x8, 0x9, 0x7f, 0x0, 0x80, 0xa1, 0x40, 0x3, 0x3f, 0xd3, 0x7, 0x1, 0x1f, 0x3, 0x6, 0xed}}) 13:26:59 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x0) [ 1247.911073] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1247.956347] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1247.974876] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1247.999675] CPU: 0 PID: 7326 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1248.007521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.016883] Call Trace: [ 1248.019479] dump_stack+0x1b2/0x281 [ 1248.023120] warn_alloc.cold+0x96/0x1cc [ 1248.027100] ? zone_watermark_ok_safe+0x220/0x220 [ 1248.031990] ? wait_for_completion_io+0x10/0x10 [ 1248.037316] __alloc_pages_nodemask+0x2127/0x2720 [ 1248.042175] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1248.047015] ? perf_trace_lock+0xf7/0x490 [ 1248.051165] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1248.056020] ? do_raw_spin_unlock+0x164/0x220 [ 1248.060521] alloc_pages_current+0x155/0x260 [ 1248.064935] kvm_mmu_create+0xda/0x1d0 [ 1248.068826] kvm_arch_vcpu_init+0x282/0x890 [ 1248.073149] ? alloc_pages_current+0x15d/0x260 [ 1248.077734] kvm_vcpu_init+0x26d/0x360 [ 1248.081624] vmx_create_vcpu+0xef/0x29d0 [ 1248.085698] ? __mutex_unlock_slowpath+0x75/0x770 [ 1248.090546] ? drop_futex_key_refs+0x2e/0xa0 [ 1248.094961] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1248.096643] syz-executor.3 cpuset= [ 1248.099025] kvm_vm_ioctl+0x4ca/0x13e0 [ 1248.099040] ? kvm_vcpu_release+0xa0/0xa0 [ 1248.099064] ? check_preemption_disabled+0x35/0x240 [ 1248.099080] ? perf_trace_lock+0xf7/0x490 [ 1248.105896] / [ 1248.106499] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1248.126600] ? perf_trace_lock_acquire+0x510/0x510 [ 1248.131400] mems_allowed=0-1 [ 1248.131553] ? kvm_vcpu_release+0xa0/0xa0 [ 1248.131566] do_vfs_ioctl+0x75a/0xff0 [ 1248.131579] ? ioctl_preallocate+0x1a0/0x1a0 [ 1248.131589] ? lock_downgrade+0x740/0x740 [ 1248.131603] ? __fget+0x225/0x360 [ 1248.154567] ? do_vfs_ioctl+0xff0/0xff0 [ 1248.158538] ? security_file_ioctl+0x83/0xb0 [ 1248.162941] SyS_ioctl+0x7f/0xb0 [ 1248.166301] ? do_vfs_ioctl+0xff0/0xff0 [ 1248.170262] do_syscall_64+0x1d5/0x640 [ 1248.174161] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1248.179344] RIP: 0033:0x465f69 [ 1248.182524] RSP: 002b:00007f58847ba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1248.190214] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1248.197473] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1248.204812] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1248.212079] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1248.219337] R13: 00007ffd2f6bf3cf R14: 00007f58847ba300 R15: 0000000000022000 [ 1248.233487] CPU: 1 PID: 7385 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1248.236172] warn_alloc_show_mem: 2 callbacks suppressed [ 1248.236175] Mem-Info: [ 1248.241289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.241293] Call Trace: [ 1248.241308] dump_stack+0x1b2/0x281 [ 1248.241323] warn_alloc.cold+0x96/0x1cc [ 1248.241335] ? zone_watermark_ok_safe+0x220/0x220 [ 1248.246766] active_anon:841093 inactive_anon:18063 isolated_anon:0 [ 1248.246766] active_file:9474 inactive_file:33751 isolated_file:0 [ 1248.246766] unevictable:0 dirty:225 writeback:0 unstable:0 [ 1248.246766] slab_reclaimable:16084 slab_unreclaimable:194834 [ 1248.246766] mapped:62338 shmem:8996 pagetables:17534 bounce:0 [ 1248.246766] free:494038 free_pcp:379 free_cma:0 [ 1248.249086] ? wait_for_completion_io+0x10/0x10 [ 1248.249100] __alloc_pages_nodemask+0x2127/0x2720 [ 1248.249124] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1248.258695] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1248.261013] ? perf_trace_lock+0xf7/0x490 [ 1248.261023] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1248.261043] ? do_raw_spin_unlock+0x164/0x220 [ 1248.264696] Node 1 active_anon:1255112kB inactive_anon:53480kB active_file:37888kB inactive_file:135004kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32252kB dirty:900kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1248.268598] alloc_pages_current+0x155/0x260 [ 1248.268613] kvm_mmu_create+0xda/0x1d0 [ 1248.268624] kvm_arch_vcpu_init+0x282/0x890 [ 1248.268634] ? alloc_pages_current+0x15d/0x260 [ 1248.273596] Node 0 [ 1248.307583] kvm_vcpu_init+0x26d/0x360 [ 1248.307598] vmx_create_vcpu+0xef/0x29d0 [ 1248.307612] ? __mutex_unlock_slowpath+0x75/0x770 [ 1248.307622] ? drop_futex_key_refs+0x2e/0xa0 [ 1248.307632] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1248.307647] kvm_vm_ioctl+0x4ca/0x13e0 [ 1248.307660] ? kvm_vcpu_release+0xa0/0xa0 [ 1248.312876] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1248.317155] ? check_preemption_disabled+0x35/0x240 [ 1248.317173] ? perf_trace_lock+0xf7/0x490 [ 1248.317183] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1248.317194] ? perf_trace_lock_acquire+0x510/0x510 [ 1248.322245] lowmem_reserve[]: [ 1248.351240] ? kvm_vcpu_release+0xa0/0xa0 [ 1248.351253] do_vfs_ioctl+0x75a/0xff0 [ 1248.351267] ? ioctl_preallocate+0x1a0/0x1a0 [ 1248.351276] ? lock_downgrade+0x740/0x740 [ 1248.351290] ? __fget+0x225/0x360 [ 1248.351301] ? do_vfs_ioctl+0xff0/0xff0 [ 1248.358606] 0 [ 1248.360261] ? security_file_ioctl+0x83/0xb0 [ 1248.360274] SyS_ioctl+0x7f/0xb0 [ 1248.360285] ? do_vfs_ioctl+0xff0/0xff0 [ 1248.364822] 2717 [ 1248.393112] do_syscall_64+0x1d5/0x640 [ 1248.393131] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1248.393139] RIP: 0033:0x465f69 [ 1248.393144] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1248.393159] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1248.393164] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1248.393169] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1248.393177] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1248.397800] 2718 [ 1248.401466] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1248.852732] 2718 2718 [ 1248.858637] Node 0 DMA32 free:27996kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:248kB local_pcp:128kB free_cma:0kB [ 1248.946392] lowmem_reserve[]: 0 0 0 0 0 [ 1248.950428] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1249.005423] lowmem_reserve[]: 0 0 0 0 0 [ 1249.009874] Node 1 Normal free:1941184kB min:53696kB low:67120kB high:80544kB active_anon:1254772kB inactive_anon:53480kB active_file:37892kB inactive_file:135032kB unevictable:0kB writepending:936kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15648kB pagetables:38260kB bounce:0kB free_pcp:1420kB local_pcp:720kB free_cma:0kB [ 1249.046275] lowmem_reserve[]: 0 0 0 0 0 [ 1249.050589] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1249.071325] Node 0 DMA32: 847*4kB (ME) 270*8kB (ME) 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27996kB [ 1249.086216] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1249.103223] Node 1 Normal: 198*4kB (UME) 173*8kB (UME) 182*16kB (UME) 117*32kB (UME) 84*64kB (UME) 231*128kB (UME) 299*256kB (UM) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1940992kB [ 1249.126862] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1249.135897] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1249.149874] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1249.160727] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1249.173632] 26365 total pagecache pages [ 1249.179728] 0 pages in swap cache [ 1249.183328] Swap cache stats: add 0, delete 0, find 0/0 [ 1249.192530] Free swap = 0kB [ 1249.195739] Total swap = 0kB [ 1249.200821] 2097051 pages RAM 13:27:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x111082, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) 13:27:00 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) close(r4) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x148041, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 13:27:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x4000, 0x2000}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00', r3) sendmsg$NLBL_MGMT_C_ADD(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r5, 0x101, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '!\x00'}]}, 0x2c}}, 0x0) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40890}, 0x4000) 13:27:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(r0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x5], 0x1, 0x800, 0x0, 0xffffffffffffffff}) ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000080)) [ 1249.204149] 0 pages HighMem/MovableOnly [ 1249.211738] 363840 pages reserved [ 1249.215411] 0 pages cma reserved [ 1249.335038] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1249.351440] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1249.357620] syz-executor.3: [ 1249.380074] syz-executor.4 cpuset= [ 1249.388291] syz-executor.2 cpuset= [ 1249.397527] / [ 1249.403376] / [ 1249.418107] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1249.435185] mems_allowed=0-1 [ 1249.446851] mems_allowed=0-1 [ 1249.472678] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1249.477768] CPU: 1 PID: 7431 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1249.485614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.494953] Call Trace: [ 1249.497536] dump_stack+0x1b2/0x281 [ 1249.501159] warn_alloc.cold+0x96/0x1cc [ 1249.505122] ? zone_watermark_ok_safe+0x220/0x220 [ 1249.509978] ? wait_for_completion_io+0x10/0x10 [ 1249.514646] __alloc_pages_nodemask+0x2127/0x2720 [ 1249.519516] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.524351] ? perf_trace_lock+0xf7/0x490 [ 1249.528481] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.533319] ? do_raw_spin_unlock+0x164/0x220 [ 1249.537801] alloc_pages_current+0x155/0x260 [ 1249.542223] kvm_mmu_create+0xda/0x1d0 [ 1249.546109] kvm_arch_vcpu_init+0x282/0x890 [ 1249.550445] ? alloc_pages_current+0x15d/0x260 [ 1249.555015] kvm_vcpu_init+0x26d/0x360 [ 1249.558891] vmx_create_vcpu+0xef/0x29d0 [ 1249.562946] ? __mutex_unlock_slowpath+0x75/0x770 [ 1249.567783] ? drop_futex_key_refs+0x2e/0xa0 [ 1249.572189] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1249.576263] kvm_vm_ioctl+0x4ca/0x13e0 [ 1249.580167] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.584308] ? check_preemption_disabled+0x35/0x240 [ 1249.589573] ? perf_trace_lock+0xf7/0x490 [ 1249.593797] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1249.599002] ? perf_trace_lock_acquire+0x510/0x510 [ 1249.603917] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.608175] do_vfs_ioctl+0x75a/0xff0 [ 1249.611962] ? ioctl_preallocate+0x1a0/0x1a0 [ 1249.616353] ? lock_downgrade+0x740/0x740 [ 1249.620488] ? __fget+0x225/0x360 [ 1249.623927] ? do_vfs_ioctl+0xff0/0xff0 [ 1249.627885] ? security_file_ioctl+0x83/0xb0 [ 1249.632301] SyS_ioctl+0x7f/0xb0 [ 1249.635661] ? do_vfs_ioctl+0xff0/0xff0 [ 1249.639621] do_syscall_64+0x1d5/0x640 [ 1249.643612] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1249.648788] RIP: 0033:0x465f69 [ 1249.651961] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1249.659651] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1249.666903] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1249.674153] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1249.681406] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1249.688656] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1249.695923] CPU: 0 PID: 7425 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1249.703724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.713075] Call Trace: [ 1249.715662] dump_stack+0x1b2/0x281 [ 1249.719290] warn_alloc.cold+0x96/0x1cc [ 1249.723267] ? zone_watermark_ok_safe+0x220/0x220 [ 1249.728118] ? wait_for_completion_io+0x10/0x10 [ 1249.732802] __alloc_pages_nodemask+0x2127/0x2720 [ 1249.737638] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.742464] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.747300] alloc_pages_current+0x155/0x260 [ 1249.751708] kvm_mmu_create+0xda/0x1d0 [ 1249.755581] kvm_arch_vcpu_init+0x282/0x890 [ 1249.759880] ? alloc_pages_current+0x15d/0x260 [ 1249.764444] kvm_vcpu_init+0x26d/0x360 [ 1249.769097] vmx_create_vcpu+0xef/0x29d0 [ 1249.773141] ? __mutex_unlock_slowpath+0x75/0x770 [ 1249.777981] ? drop_futex_key_refs+0x2e/0xa0 [ 1249.782394] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1249.786439] kvm_vm_ioctl+0x4ca/0x13e0 [ 1249.790323] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.794463] ? check_preemption_disabled+0x35/0x240 [ 1249.799475] ? perf_trace_lock+0xf7/0x490 [ 1249.803614] ? perf_trace_lock_acquire+0x510/0x510 [ 1249.808525] ? __fd_install+0x1ec/0x5c0 [ 1249.812481] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.816656] do_vfs_ioctl+0x75a/0xff0 [ 1249.821508] ? ioctl_preallocate+0x1a0/0x1a0 [ 1249.827942] ? lock_downgrade+0x740/0x740 [ 1249.832090] ? __fget+0x225/0x360 [ 1249.835526] ? do_vfs_ioctl+0xff0/0xff0 [ 1249.839500] ? security_file_ioctl+0x83/0xb0 [ 1249.843994] SyS_ioctl+0x7f/0xb0 [ 1249.847340] ? do_vfs_ioctl+0xff0/0xff0 [ 1249.851298] do_syscall_64+0x1d5/0x640 [ 1249.855171] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1249.860343] RIP: 0033:0x465f69 [ 1249.863514] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1249.871204] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1249.878455] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1249.885706] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1249.892972] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1249.900237] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1249.908564] CPU: 1 PID: 7433 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1249.916372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.925717] Call Trace: [ 1249.928309] dump_stack+0x1b2/0x281 [ 1249.931943] warn_alloc.cold+0x96/0x1cc [ 1249.935920] ? zone_watermark_ok_safe+0x220/0x220 [ 1249.940771] ? wait_for_completion_io+0x10/0x10 [ 1249.945448] __alloc_pages_nodemask+0x2127/0x2720 [ 1249.950314] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.955154] ? perf_trace_lock+0xf7/0x490 [ 1249.959312] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1249.964168] ? do_raw_spin_unlock+0x164/0x220 [ 1249.966348] warn_alloc_show_mem: 3 callbacks suppressed [ 1249.966351] Mem-Info: [ 1249.968676] alloc_pages_current+0x155/0x260 [ 1249.968694] kvm_mmu_create+0xda/0x1d0 [ 1249.968704] kvm_arch_vcpu_init+0x282/0x890 [ 1249.968713] ? alloc_pages_current+0x15d/0x260 [ 1249.974170] active_anon:841108 inactive_anon:18063 isolated_anon:0 [ 1249.974170] active_file:9475 inactive_file:33783 isolated_file:0 [ 1249.974170] unevictable:0 dirty:234 writeback:0 unstable:0 [ 1249.974170] slab_reclaimable:16098 slab_unreclaimable:194825 [ 1249.974170] mapped:62356 shmem:8996 pagetables:17590 bounce:0 [ 1249.974170] free:493989 free_pcp:255 free_cma:0 [ 1249.976465] kvm_vcpu_init+0x26d/0x360 [ 1249.976480] vmx_create_vcpu+0xef/0x29d0 [ 1249.976496] ? __mutex_unlock_slowpath+0x75/0x770 [ 1249.976505] ? drop_futex_key_refs+0x2e/0xa0 [ 1249.976515] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1249.976526] ? get_futex_key+0x1160/0x1160 [ 1249.976536] kvm_vm_ioctl+0x4ca/0x13e0 [ 1249.976549] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.986243] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1249.989127] ? lock_acquire+0x170/0x3f0 [ 1249.989136] ? lock_downgrade+0x740/0x740 [ 1249.989148] ? check_preemption_disabled+0x35/0x240 [ 1249.989161] ? perf_trace_lock+0xf7/0x490 [ 1249.989172] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1249.989185] ? perf_trace_lock_acquire+0x510/0x510 [ 1249.989199] ? kvm_vcpu_release+0xa0/0xa0 [ 1249.998157] Node 1 active_anon:1255172kB inactive_anon:53480kB active_file:37892kB inactive_file:135132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32324kB dirty:936kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1250.027885] do_vfs_ioctl+0x75a/0xff0 [ 1250.027899] ? ioctl_preallocate+0x1a0/0x1a0 [ 1250.027909] ? lock_downgrade+0x740/0x740 [ 1250.027925] ? __fget+0x225/0x360 [ 1250.027933] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.027943] ? security_file_ioctl+0x83/0xb0 [ 1250.027953] SyS_ioctl+0x7f/0xb0 [ 1250.027960] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.027974] do_syscall_64+0x1d5/0x640 [ 1250.032042] Node 0 13:27:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e01010c0002800500010000000000fb7107a0dd1fe885c532a3e63d529a8fe4272637972238f1b105c7d499fe53c7b944040a1e01935761f8fa0455ad2216c3915437674a6662428627c606bfe8d4a223c583097dad75b9b0c7ca4e44d1d581755d69ca1d145e4af5061d1c6928a236ab0004c385bf1444f039f4d03d158b69aba6af6b26975fe6962787f9acb875d1c7b3cf9704dbd3dc44557942c09bc7d97eb83a5b2dfdf3f5926a2d319599d9c0efb592d16ada73d817c829482de7df82f87459f7a7c6030959758d74cabf69dd04d652e302ac15cb07a5bf67f7aa69d1d15050df95542b8c647c6e211e0d57904207ffa3808aca0c48b7"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1250.035902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1250.035912] RIP: 0033:0x465f69 [ 1250.035917] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1250.035929] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1250.046133] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 13:27:01 executing program 5: ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000000)={0x6, 0x3, 0x4, 0x100, 0x2cd, {}, {0x4, 0xc, 0x8, 0x1, 0x1, 0x8, "34c01c01"}, 0x7, 0x4, @offset=0xffffff93, 0x4}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1250.049247] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1250.049252] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1250.049257] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1250.049263] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1250.241145] syz-executor.3: 13:27:01 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000080)=@usbdevfs_disconnect={0xd8}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5f454c44065b050a5cfb0b5bb356a1024338ca107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1250.264767] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1250.362490] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1250.388588] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1250.405204] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1250.419243] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1250.425621] CPU: 1 PID: 7443 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1250.433430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.442775] Call Trace: [ 1250.445358] dump_stack+0x1b2/0x281 [ 1250.446671] syz-executor.5 cpuset= [ 1250.449001] warn_alloc.cold+0x96/0x1cc [ 1250.449017] ? zone_watermark_ok_safe+0x220/0x220 [ 1250.454819] / [ 1250.456528] ? wait_for_completion_io+0x10/0x10 [ 1250.467712] __alloc_pages_nodemask+0x2127/0x2720 [ 1250.470314] mems_allowed=0-1 [ 1250.472567] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.472579] ? perf_trace_lock+0xf7/0x490 [ 1250.484613] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.489472] ? do_raw_spin_unlock+0x164/0x220 [ 1250.493971] alloc_pages_current+0x155/0x260 [ 1250.498387] kvm_mmu_create+0xda/0x1d0 [ 1250.502263] kvm_arch_vcpu_init+0x282/0x890 [ 1250.506597] ? alloc_pages_current+0x15d/0x260 [ 1250.511172] kvm_vcpu_init+0x26d/0x360 [ 1250.515047] vmx_create_vcpu+0xef/0x29d0 [ 1250.519098] ? __mutex_unlock_slowpath+0x75/0x770 [ 1250.523924] ? drop_futex_key_refs+0x2e/0xa0 [ 1250.528317] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1250.532386] kvm_vm_ioctl+0x4ca/0x13e0 [ 1250.536637] ? kvm_vcpu_release+0xa0/0xa0 [ 1250.541494] ? check_preemption_disabled+0x35/0x240 [ 1250.547537] ? perf_trace_lock+0xf7/0x490 [ 1250.551669] ? check_preemption_disabled+0x35/0x240 [ 1250.556674] ? perf_trace_lock+0xf7/0x490 [ 1250.560914] ? perf_trace_lock_acquire+0x510/0x510 [ 1250.565824] ? __fd_install+0x1ec/0x5c0 [ 1250.569794] ? kvm_vcpu_release+0xa0/0xa0 [ 1250.573925] do_vfs_ioctl+0x75a/0xff0 [ 1250.577713] ? ioctl_preallocate+0x1a0/0x1a0 [ 1250.582104] ? lock_downgrade+0x740/0x740 [ 1250.586239] ? __fget+0x225/0x360 [ 1250.589780] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.593737] ? security_file_ioctl+0x83/0xb0 [ 1250.598130] SyS_ioctl+0x7f/0xb0 [ 1250.601477] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.605436] do_syscall_64+0x1d5/0x640 [ 1250.609310] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1250.614483] RIP: 0033:0x465f69 [ 1250.617667] RSP: 002b:00007f8db8961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1250.625362] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1250.632619] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1250.639875] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1250.647135] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1250.654391] R13: 00007ffe6abe2b0f R14: 00007f8db8961300 R15: 0000000000022000 [ 1250.661668] CPU: 0 PID: 7473 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1250.669471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.678808] Call Trace: [ 1250.681382] dump_stack+0x1b2/0x281 [ 1250.684994] warn_alloc.cold+0x96/0x1cc [ 1250.688953] ? zone_watermark_ok_safe+0x220/0x220 [ 1250.693783] ? wait_for_completion_io+0x10/0x10 [ 1250.698438] __alloc_pages_nodemask+0x2127/0x2720 [ 1250.703273] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.708097] ? perf_trace_lock+0xf7/0x490 [ 1250.712226] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.717056] ? do_raw_spin_unlock+0x164/0x220 [ 1250.721538] alloc_pages_current+0x155/0x260 [ 1250.725930] kvm_mmu_create+0xda/0x1d0 [ 1250.729801] kvm_arch_vcpu_init+0x282/0x890 [ 1250.734103] ? alloc_pages_current+0x15d/0x260 [ 1250.738670] kvm_vcpu_init+0x26d/0x360 [ 1250.742543] vmx_create_vcpu+0xef/0x29d0 [ 1250.746589] ? __mutex_unlock_slowpath+0x75/0x770 [ 1250.751414] ? drop_futex_key_refs+0x2e/0xa0 [ 1250.755802] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1250.759848] kvm_vm_ioctl+0x4ca/0x13e0 [ 1250.764402] ? kvm_vcpu_release+0xa0/0xa0 [ 1250.768903] ? check_preemption_disabled+0x35/0x240 [ 1250.774638] ? perf_trace_lock+0xf7/0x490 [ 1250.778777] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1250.783887] ? perf_trace_lock_acquire+0x510/0x510 [ 1250.788820] ? kvm_vcpu_release+0xa0/0xa0 [ 1250.793044] do_vfs_ioctl+0x75a/0xff0 [ 1250.796849] ? ioctl_preallocate+0x1a0/0x1a0 [ 1250.801239] ? lock_downgrade+0x740/0x740 [ 1250.805373] ? __fget+0x225/0x360 [ 1250.808808] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.812764] ? security_file_ioctl+0x83/0xb0 [ 1250.817157] SyS_ioctl+0x7f/0xb0 [ 1250.820590] ? do_vfs_ioctl+0xff0/0xff0 [ 1250.824547] do_syscall_64+0x1d5/0x640 [ 1250.828422] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1250.833593] RIP: 0033:0x465f69 [ 1250.836766] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1250.844457] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1250.851724] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1250.859000] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1250.866252] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1250.873503] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1250.892424] CPU: 0 PID: 7468 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1250.900262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.909611] Call Trace: [ 1250.912201] dump_stack+0x1b2/0x281 [ 1250.915830] warn_alloc.cold+0x96/0x1cc [ 1250.919811] ? zone_watermark_ok_safe+0x220/0x220 [ 1250.924662] ? wait_for_completion_io+0x10/0x10 [ 1250.929338] __alloc_pages_nodemask+0x2127/0x2720 [ 1250.934198] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.939038] ? perf_trace_lock+0xf7/0x490 [ 1250.942381] warn_alloc_show_mem: 1 callbacks suppressed [ 1250.942383] Mem-Info: [ 1250.943178] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1250.955887] ? do_raw_spin_unlock+0x164/0x220 [ 1250.960492] alloc_pages_current+0x155/0x260 [ 1250.964711] active_anon:841146 inactive_anon:18063 isolated_anon:0 [ 1250.964711] active_file:9476 inactive_file:33801 isolated_file:0 [ 1250.964711] unevictable:0 dirty:266 writeback:0 unstable:0 [ 1250.964711] slab_reclaimable:16083 slab_unreclaimable:195284 [ 1250.964711] mapped:62330 shmem:8996 pagetables:17594 bounce:0 [ 1250.964711] free:493429 free_pcp:298 free_cma:0 [ 1250.964908] kvm_mmu_create+0xda/0x1d0 [ 1251.004388] kvm_arch_vcpu_init+0x282/0x890 [ 1251.008715] ? alloc_pages_current+0x15d/0x260 [ 1251.013310] kvm_vcpu_init+0x26d/0x360 [ 1251.017205] vmx_create_vcpu+0xef/0x29d0 [ 1251.021271] ? __mutex_unlock_slowpath+0x75/0x770 [ 1251.026125] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1251.030196] kvm_vm_ioctl+0x4ca/0x13e0 [ 1251.034090] ? kvm_vcpu_release+0xa0/0xa0 [ 1251.038269] ? perf_trace_lock_acquire+0x510/0x510 [ 1251.043209] ? check_preemption_disabled+0x35/0x240 [ 1251.048231] ? perf_trace_lock+0xf7/0x490 [ 1251.052383] ? lock_downgrade+0x740/0x740 [ 1251.056622] ? perf_trace_lock_acquire+0x510/0x510 [ 1251.061554] ? do_raw_spin_unlock+0x164/0x220 [ 1251.066055] ? _raw_spin_unlock+0x29/0x40 [ 1251.070211] ? kvm_vcpu_release+0xa0/0xa0 [ 1251.070393] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1251.074354] do_vfs_ioctl+0x75a/0xff0 [ 1251.074369] ? ioctl_preallocate+0x1a0/0x1a0 [ 1251.074379] ? lock_downgrade+0x740/0x740 [ 1251.074393] ? __fget+0x225/0x360 [ 1251.074404] ? do_vfs_ioctl+0xff0/0xff0 [ 1251.122091] ? security_file_ioctl+0x83/0xb0 [ 1251.126506] SyS_ioctl+0x7f/0xb0 [ 1251.129873] ? do_vfs_ioctl+0xff0/0xff0 [ 1251.133859] do_syscall_64+0x1d5/0x640 [ 1251.137760] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1251.142954] RIP: 0033:0x465f69 [ 1251.146140] RSP: 002b:00007f5884778188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1251.153850] RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000465f69 [ 1251.161120] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1251.168390] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1251.175116] Node 1 active_anon:1255324kB inactive_anon:53480kB active_file:37896kB inactive_file:135204kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32220kB dirty:1064kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1251.175656] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 [ 1251.211420] R13: 00007ffd2f6bf3cf R14: 00007f5884778300 R15: 0000000000022000 13:27:02 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f0000000400)={{r3}, "5af33c4c2032df4fa11fe3b40954c07b75e8f4640ae19858134ce0870b497191d05dbfb4e21fb9c1ed4b3c2af5a80c0816f5b7b2e0411aba1e251ba186f15361d7270b18dd9756b4789ed078d16448d54a44e1474b32af63c60b5fbf8329764b2bbf202570e74dbd31228266e8fe42cea31d06af3523f3dbd34a143f7dddab38e8d1e10d04c51d79fc9ddb1793577696d125dd6701a7a8187726b2c6d044a3a881dbae908a6273053ca9ff2f54f8cf916acd4c9f532a3ecf1ffc318713bdc829b0ce70aab1ed6d267873b15ca51dfe616badddfc8b36f6dc3af9681b4c5a0a004a56ff995a59d3e8411f64a1a7181306b048529ac422fbb65dca9e1899a4e59662d8aa5d75cb5d65cd2d473e0f7e06332753a4974402358d5e8ae8582114c60864d55fce77f629e50b0d78e7c7340badeb3e92c0bb1c5fb27a71d21a9f9a589adc9cdc1f6af8a0593c09f969a55565d7e6648c242cf3ebf44c807d10541a9212fd95a56882126e9d1ee8a844d31b722c8ae631d6862cf6a7f859156aca5a70fe29a0e2618daf347cfe5b648d40b087283b6230332e3cf09653c9cb60b70dee06af947f9bf6e377ee1607b0c59076ac8d270294a9eae83d6abec7916c41cd8ab98a0f69d65c6333f5f7774338eecd0b52b4983fb0c68a549f87df330aa36dc1a141180d2b236800f0733268eadea2077877c4110587b1207108d72e70172a569dff3eadc779029bbd41a36ee1d6276244c4d4ed0e3c4f4d4df1649f76da358f0fc1e83f9ca1a0fd41e8f1e1895b654d91b55f3116a3d16646f429a0ea981d220b3012343603dec531d0f5f6ff93669993e72dbfd1e0ee558bc24116e5d52fc5c0ca23b1ac570c438d132f358765159607fbf2fab0491b6b81eaff70b48d44ad438a499b13f53fede4f335830a13d76387f3e052c2a3a86952a11afdeb7f93115f4f477b0eca84f1693523419cc5ffe2384b90dccacda5463ef976c634ef06c1d84c4728049037a56e8c402d7a6b839b2ed791bf9ef94f3e07400bb6c0159905f32395a64476e403503c63f7c7611a0493c61e800fd2cc81771726f9382e814a895326549b68fbb65c1a08078268e6bcc16a4cde00f1b7d2bbb9722b819e9f511313347f9ffbaa76c5c0a3c04494d996fbbc9ee5cad2987d373a500d2de3656597e7b5f98b7077b9a76658ca4703ac23d35383adf858fe9422fc6f0e90a378fdfc6c928a349d3e5422b80a802563db63ec136fbbf5ae8d99a118fb88579b2b1dfbdd5bc172a77301768f62e637e999f298811d0a573055f16855c64f23a56c724023d0ffbdbb4401a65c9a83a240e56bf8c3db6ba701b5783deab23495b75712e0cef1f95fdd3b426527a2ba994f62334bbe7e1eae3086df9ec8a1abf8d5dc81c4ceb9f34c4d2dcb3c62a499f7709dc2405654c8d580677a561a07c4aed45021b32845ba76f34aba977ec8ec89afdb0f728be7cf3e84a6657423ac74484ff3a046d0d3223b6425adc932fdab194eaaf105ab52e546294f49fea5f4ad64b2557bd713cac90933d389f16aa33beccfebdddd5bf8bb803d90e9c27f94c8e17259492312014b26fbf4bcd6c66b51e4b806bdc1d05aa0c784ea8b468757815b5bf3ea24d5530b5c96acce8293f985e3bde8bcd35a0f7265430db9f59f2f4c7f550ba423abb6530e35f586c15e4cc5e38a3fff596de3a1dfac10cfc4e8728058d105a5361c7488c2b445438c6c1f399aab4d5f0ed3c8a1427a48bd2c64975648defda5be955a9114ed1e6ad3d34bacbecf386375a5217b96f4b7806d57608f188b82fc1188d162935972d0af7a5ca489aeb7896c440410881b3988b40d44fddc9071b35bb9b3ec5f762a14f2b55026e0cceb2277d78f721c8aa22ceed5e8bdc1b3549e159b52965b2a2da086619cbc0f7fb7e841f694d99cd5b54aa01763db696e19743103b094237cf3ec03ca861631c82e1ab46ff1023cddcdaf7549f1edef830919d1f64ffa9c71fbb04ce9489c1534f1eea7c2bb1ddef513e409d3a12669482280a488539be2dcfdb51f4e69774f2c78def8a758aeac0cca1883316cdd695b873b6cecf8173f1d003388ce6898e43334f2b8a5d76a374f4de65b88f576d5c5c8483c69943a49b57bbf4d8f4bcf3fe1d19527dba0b1c269de86c099236f522b42798745a5df36daf65ddc08da03d0fdf67bc0edf3796449d2afba62aff25be1c197575d3d63eec45d9faf56c7de4d3fc4bd72d9d8611ce656c8dd936048fcbc4eaff130cadcc04a56df8f926ee02e5e7595f469632717c2a483bb8d264b905fa06a1087b00acce7904cc96904ed8b457e8cff18d3ef18c9e16810b03fcf66256974eb88922c66628b96e173f40a3c9a750ec523db9523ecbbf9564197ad4f6aafc901718cc451b17e044eac0e8ef5542600db9d44d4d872c6bf34b4164be9a9769cf1f9f27eaaa0c9a0deee8251956f19480bc78cbf9c2aa947badf4fc3f3d71e59c70cb13400e31ed07a540dd834be829ba24bdcf97e566e715f7cdbcb244b86f441dd2eaee7b7f0a0e50c5e06f9922a9ce66ae7848b47aaba464f8832d4d5a22d973576b62da98c5f1cda9b499da840cf6a20ff7fdd37818a0347ad0fbd4ae48252cd6bec4f3b51299c29401f183520c35513ac61d177cac436ef22866bb15b871dc5cbf781899254fe1732aff947e80caf15973825066f44590d66e07dfcf9d945b304326643ded31d61d71f9c5147e04c7bfaaeb6098e796cca30b5be90388aa917ba36bf508c415bf3fda62c0653f1bf964b299906fc1f1cb28878fc0fc857038c326850cb5fca8abbcb481418c42a0ce2fb2f5c774f3ee9cfdb72d59f89ea3f5bc1293197dbf630027c64f8e5c5c51c8229902914c827a31c7a7621563e2724f6e7bed67b0c8ebfc9f42bf89c2a7e9c998cdabbb1d073d251eac86281cd9788de8226a28c7a3288aee76c6609c75bd36f9fae067b90e7e71151710f65f17d39ff5b483559f7ce194f16ecf18ee00c5df27e2d562ec211c3bf98934a5aaea808faf2e23cc7d5a7cc11f2f283622d1b75113f304054394db6ad098d90badf406aec7886fc83a51f9a21ecb31f42b96cb31e152118bc0bbc677eaad3dcea0139111757bbf90de81d0cdaab5f1433252cf30d3fd1f964d447cf813e8e06cd71647870a018102a53c589219f13be7b9bc870d67b4b3231346f7ac98b316d7d8cafb29e0e6291e70e31b1deda170c4aad4e0e1af0e515ec903138c7afcccfa8aec736a9477b42a81916d3b2aa70cb47571ac469cabf319c3a4142d615ded56e391b788e17377b8451ae6254a37f387bc9d95f149e1e504cd33512d871da4485638e6784a3a091244b0a3bf5ea852f910193c915f8d99ea4ca564bf51b3a37778321ea8ca165e546cea71e21c5922575f69413ef7f7e29e6821bf65544c7c8268fc451ebc76cdaccb3552752f7a636d18a4a60696c55bd7e0ea9674731a9fd04c50c391f0b645c69e6a7e5a89ec208fdae564cbd792933c3d11f0d2f61161170bb43f2bf05c05b8bb9d25f013138d6eeda207910a8c61e806eadd3ef021d10b754e17b7509e18e110551d151e92783b55dd92aad4dc56b1f617afce29399a845d45765c851b035a22dec24356edcd222996e5d82d2e0823ec735c95c2aa780939e5aa6f6d11a8b9066c4fc0d1e29f6999945fd74bd74aecbc33b7e3ec6781ec1660835203dd0b52c4304388e3c6abf094a7f119115ccb45a4bef27b66c0bdc6db82689b0d4cf54ab328920402113d762f61fba77675c17b5baa0f808ea2713f20d7e739516210ba4190bcaddc2aad18f816234f099cde76ab39b6778c3060c274ec34abcb1a2afb44c27f97d342238dd1122ffb84d61921f7ba9667e3be91db7a5b7503ea0b5f1096a9e300022e5783e8c305431f0451494d97080688fc1f2b62f440df196a449c4a009cebfa3225fc92408009096229d99cd6dd07b25c61284ee6ff1826846d3533d6d55a842a8cdcd71c865a59a4a140ae9fd6d63c474aa448611defd9ae30ad5045057686fe9221c5b0f312141034cbf00e18e883f8ca683484be40cd64e5bbdfc75195955d3c2cc0f7523250553bc465d7bcce85b0b126ed18128580c5775cd711fa1d127375333887d8f546f056b8fec755f351ff682117d6faed2aee2e068641df59c8722a3ddcc6c9311b4676eded92be33cb80630341ee8e7d7912bf23375ef9051fef3980ebb17d942955046790b981d14b86c9abbfefcafa01d33a861c699cb2c10605f144bb8a6cfbdca9c732461f375c7ea0b0703dd1c1b9eca12c8ea01c2770fc6937d018fad7a475322576e07510069a02624d65d280bf5f38c8441b2156e3e2ec3c0db3b2d6aab9c0aa5734a9cb6be5319881064886a66f6d6cedc49fe9f9b9a628465002186c4b8647982d740598580a177fed7843b02d0155210d23277afc241045d73f931d2416ebd38f958adf2fe189724753d74d63bf5ea3382b13ac42e2eabdc2e04fb398f953d033a7bcc78a7caf28e2e74606ffa96d254e9837e5f158f1b567be46b465dada3a4e35bbc14a6e30ae6018dd1e26a93b1e311ba1fa678107bb42f7afca445853d229ca5fd5dda61513445c8ad11eafb79032cd93e2890ce91dbb97317fc35e96302bfa1b55424536c93bf4ebdf1c86eb67eee3eb62099798c6a37ceb6e98634c663517a867e1bede1414b4b5f1cf6086f7f67858523a17e3847d516766d8812072da83051585ce569772b7acd1f9da57543a44abe9b3791a5b8659678b07b8aaf3e5db18d618e5091c972f1b72b0d7d04825197e37be549c57ffe681a5da069e2bfe14d573ec14630734ef66178a595ab2a8ea19a55bfcc8a5f8a1ad8beeb45dfe7a1e575ae6e72b4bdba2c9ede44659a8e5aa2ebb59ac42601c04fb664bbba97b3e271c20a0599d8663a87babaa21baa19bd3db18fd673f27f0a2792249fb0f12caff9152bb8e6e1fddd8887531912f65dc46dcd35b00de9cec39937b27d7ae7ee6361f835aaa14c01898b22f9dd9e4d80f75b28d7f7021fd927d1022460a747e1612bf7bc50ce9775510e5fe1dbb9aab5f4a3787a1629a9f91a8de1af627013089d7c3ef2be5d7d34f77534a916ead9a0f8d441b1b77031221efb3797bc10c9d6371912a8a63f9583d4813542c24375b000d4c054f40b512177ec390b4e65eb0cd3520184a20a2023a80a5d0ee924ab95d54f8c850182216ba0b8a1fd834a09f5c64460ee6e48dcefe7f580ce94b92228e640800f11f3d7b4de41f05743bde871ceb3286b5612c2fd85fb5286790ecb69e65a21844c09f64b5f6c5afc285f53a4716a30afa86e9768bd7efdce198ae373dde9be435963c31001d8c216e9561630d890e674ffa29b1743240832494fcfd072e2c00dc4c5f8c7e5f5d180a7814231dcb46fcfbb01e92166f8b36cb8118a599c81d16fcdcb82c7ef4eb2a56719db465bf10052db675deec1c79fccaadb743fe1dba5cec14f3936a80e7269927aec9841ad2866052304f071dbedff05728fb815ed39ab2233a9cc518a6abb7788a7c62a8753dc41d54c9c6dd6093013bee553925975a203da52f5391e78e621f15253c626a7e86b6bf94de56ed83fa2f88ead4085e097801400418560a5fc5944f77fda74a10e60a3bc49a6966cfed447403909b22f0db51c92c165a058f3f05ccdacb73d98e3cb7c7d4541c1e5ff92d389e2460bbff07b32ce2183953ce914f971845953972db50e207e3d9fb7067b83e470d3c446813926a35b67f988c4ece003b14134"}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1251.224169] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1251.238700] Node 0 DMA32 free:27996kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:296kB local_pcp:140kB free_cma:0kB [ 1251.271161] lowmem_reserve[]: 0 0 0 0 0 [ 1251.275955] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1251.292539] Node 0 [ 1251.302006] lowmem_reserve[]: 0 0 0 0 0 [ 1251.308633] Node 1 Normal free:1934408kB min:53696kB low:67120kB high:80544kB active_anon:1255224kB inactive_anon:53480kB active_file:37896kB inactive_file:135204kB unevictable:0kB writepending:1064kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16096kB pagetables:38868kB bounce:0kB free_pcp:1176kB local_pcp:676kB free_cma:0kB [ 1251.321436] DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1251.339531] lowmem_reserve[]: 0 0 0 0 0 [ 1251.378632] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1251.400055] Node 0 DMA32: 847*4kB (ME) 270*8kB (ME) 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27996kB [ 1251.411462] lowmem_reserve[]: [ 1251.415824] Node 0 [ 1251.425353] 0 2717 2718 2718 2718 [ 1251.438962] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 13:27:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r2, 0x40049421, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1251.446072] Node 0 DMA32 free:27996kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:300kB local_pcp:156kB free_cma:0kB [ 1251.478218] Node 1 Normal: 24*4kB (UME) 386*8kB (UME) 27*16kB (UME) 35*32kB (UME) 83*64kB (UE) 224*128kB (UME) 301*256kB (UM) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1936448kB [ 1251.520878] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1251.603799] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1251.623106] lowmem_reserve[]: 0 0 0 0 0 [ 1251.651378] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1251.659706] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1251.674235] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1251.707580] 26385 total pagecache pages [ 1251.711807] 0 pages in swap cache [ 1251.732209] Swap cache stats: add 0, delete 0, find 0/0 [ 1251.761924] lowmem_reserve[]: 0 0 0 0 0 [ 1251.770468] Node 1 Normal free:1935884kB min:53696kB low:67120kB high:80544kB active_anon:1255324kB inactive_anon:53480kB active_file:37896kB inactive_file:135204kB unevictable:0kB writepending:1064kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16096kB pagetables:38868kB bounce:0kB free_pcp:1036kB local_pcp:592kB free_cma:0kB [ 1251.801371] Free swap = 0kB [ 1251.801376] Total swap = 0kB [ 1251.801384] 2097051 pages RAM [ 1251.801387] 0 pages HighMem/MovableOnly [ 1251.801391] 363840 pages reserved [ 1251.801395] 0 pages cma reserved 13:27:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = dup(r0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000300)) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) clone(0x20084800, &(0x7f0000000180)="13b73db7ff84008d5995b3626da34b46e7da0c943a4287b2a39b3e79ea42999a3b103363f349c745ca3b1b440a0f2f791673f9f4730fb256d26b69859ffacd395d277eacc1da68aa5a4fa39e4bc60d825c9aa6815c764182d6b60d2ba227d4bb1841547fa9947e0c48cfa7b6010d3febca868a3f2ce92508e638b2f479480e1cfaaf9b21e1537e43d516c3f6d27068596c4c9fe93e9da2c823", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000240)="04762b354dc8b0b7aefe2f85d37f0fea818ff17a44c426be5eb2b369c76ee2a82fc1ad356ba5a58f4067b130c49c1a7d028669b2fef17a4b296a35fbcf3b5909bb67db88dfce5cd5c240b0f28d0b8082ed0cdc532c5550cb066f6d359ada389b0f9da80c5984c6c1ae42bd844fd0db8346db025c5a63a2ddb05dc2ff1b530f0df547d04930913b18cbe0") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = dup3(r2, r3, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) vmsplice(r5, &(0x7f0000000500)=[{&(0x7f0000000400)="27a6efbfb94e6e2c5c7bae33c6f39938e4d8e451029959b5eb047c50f8abafd79b76fbfbc03b0ba311e98959ccfb39367daa5124f2aea318d8", 0x39}, {&(0x7f0000000440)="f011e714bc1a191d499f76dd1262b75954e2cc4d7beabcdc78b27f5bde4a906512eb3c6442bed18a73219a363e746e37cb2b52fceb3981f9fac2e62600be238540ba8a92f26688899475c36c77ee87555bd3f7925e9036c6235e372b44f1a01e187f954518974143299c6d157cbe14a7a72dfb17379cfae87d8d2ee0f6beb40ff591522000f074bb", 0x88}], 0x2, 0x8) ioctl$KVM_NMI(r4, 0xae9a) 13:27:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x2, 0x10000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000140)={0x74, 0x0, [0xad1, 0x9, 0x42f, 0x100000001]}) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0xc05c2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000040)={0x2, 0x4000}) open(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x20) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) [ 1251.985564] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1252.005401] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1252.020908] lowmem_reserve[]: 0 0 0 0 0 [ 1252.029052] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1252.037067] Node 0 DMA: 33*4kB (UM) 1*8kB (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1252.061264] CPU: 1 PID: 7531 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1252.069074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.078424] Call Trace: [ 1252.078507] syz-executor.3 cpuset= [ 1252.081007] dump_stack+0x1b2/0x281 [ 1252.081023] warn_alloc.cold+0x96/0x1cc [ 1252.081035] ? zone_watermark_ok_safe+0x220/0x220 [ 1252.092586] / [ 1252.097141] ? wait_for_completion_io+0x10/0x10 [ 1252.103519] __alloc_pages_nodemask+0x2127/0x2720 [ 1252.104499] mems_allowed=0-1 [ 1252.108388] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.108398] ? perf_trace_lock+0xf7/0x490 [ 1252.108409] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.125332] ? do_raw_spin_unlock+0x164/0x220 [ 1252.129817] alloc_pages_current+0x155/0x260 [ 1252.134225] kvm_mmu_create+0xda/0x1d0 [ 1252.138100] kvm_arch_vcpu_init+0x282/0x890 [ 1252.142432] ? alloc_pages_current+0x15d/0x260 [ 1252.147005] kvm_vcpu_init+0x26d/0x360 [ 1252.150881] vmx_create_vcpu+0xef/0x29d0 [ 1252.154934] ? __mutex_unlock_slowpath+0x75/0x770 [ 1252.159767] ? drop_futex_key_refs+0x2e/0xa0 [ 1252.164163] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1252.168212] ? get_futex_key+0x1160/0x1160 [ 1252.172436] kvm_vm_ioctl+0x4ca/0x13e0 [ 1252.176340] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.180485] ? check_preemption_disabled+0x35/0x240 [ 1252.185492] ? perf_trace_lock+0xf7/0x490 [ 1252.189626] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1252.194716] ? perf_trace_lock_acquire+0x510/0x510 [ 1252.199633] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.203770] do_vfs_ioctl+0x75a/0xff0 [ 1252.207560] ? ioctl_preallocate+0x1a0/0x1a0 [ 1252.211970] ? lock_downgrade+0x740/0x740 [ 1252.216111] ? __fget+0x225/0x360 [ 1252.219581] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.223544] ? security_file_ioctl+0x83/0xb0 [ 1252.227952] SyS_ioctl+0x7f/0xb0 [ 1252.231324] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.235290] do_syscall_64+0x1d5/0x640 [ 1252.239175] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1252.244358] RIP: 0033:0x465f69 [ 1252.247545] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1252.255255] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1252.262607] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1252.269866] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1252.277130] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1252.284404] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1252.291685] CPU: 0 PID: 7534 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1252.299490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.308847] Call Trace: [ 1252.311447] dump_stack+0x1b2/0x281 [ 1252.315096] warn_alloc.cold+0x96/0x1cc [ 1252.319080] ? zone_watermark_ok_safe+0x220/0x220 [ 1252.323943] ? wait_for_completion_io+0x10/0x10 [ 1252.325861] Node 0 [ 1252.328620] __alloc_pages_nodemask+0x2127/0x2720 [ 1252.328647] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.328657] ? perf_trace_lock+0xf7/0x490 [ 1252.328667] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.328687] ? do_raw_spin_unlock+0x164/0x220 [ 1252.328700] alloc_pages_current+0x155/0x260 [ 1252.328713] kvm_mmu_create+0xda/0x1d0 [ 1252.328724] kvm_arch_vcpu_init+0x282/0x890 [ 1252.328733] ? alloc_pages_current+0x15d/0x260 [ 1252.334363] DMA32: [ 1252.335806] kvm_vcpu_init+0x26d/0x360 [ 1252.335821] vmx_create_vcpu+0xef/0x29d0 [ 1252.335833] ? __mutex_unlock_slowpath+0x75/0x770 [ 1252.335845] ? drop_futex_key_refs+0x2e/0xa0 [ 1252.347410] 847*4kB [ 1252.349643] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1252.349657] ? get_futex_key+0x1160/0x1160 [ 1252.349670] kvm_vm_ioctl+0x4ca/0x13e0 [ 1252.349683] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.356136] (ME) [ 1252.358600] ? __might_fault+0x104/0x1b0 [ 1252.358616] ? check_preemption_disabled+0x35/0x240 [ 1252.358632] ? perf_trace_lock+0xf7/0x490 [ 1252.365882] 270*8kB [ 1252.366818] ? perf_trace_lock_acquire+0x510/0x510 [ 1252.366826] ? __might_fault+0x177/0x1b0 [ 1252.366839] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1252.366846] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.366857] do_vfs_ioctl+0x75a/0xff0 [ 1252.366869] ? ioctl_preallocate+0x1a0/0x1a0 [ 1252.377066] (ME) [ 1252.377559] ? lock_downgrade+0x740/0x740 [ 1252.387374] 687*16kB [ 1252.390863] ? __fget+0x225/0x360 [ 1252.390876] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.390887] ? security_file_ioctl+0x83/0xb0 [ 1252.390897] SyS_ioctl+0x7f/0xb0 [ 1252.396630] (UME) [ 1252.397302] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.407138] 288*32kB [ 1252.409616] do_syscall_64+0x1d5/0x640 [ 1252.409638] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1252.409648] RIP: 0033:0x465f69 [ 1252.415061] (UME) [ 1252.415748] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 [ 1252.430949] 23*64kB [ 1252.432181] ORIG_RAX: 0000000000000010 [ 1252.432188] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1252.432194] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1252.432200] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1252.432206] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1252.432212] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1252.506536] warn_alloc_show_mem: 3 callbacks suppressed [ 1252.506540] Mem-Info: [ 1252.582820] active_anon:841108 inactive_anon:18063 isolated_anon:0 [ 1252.582820] active_file:9476 inactive_file:33815 isolated_file:0 [ 1252.582820] unevictable:0 dirty:256 writeback:0 unstable:0 [ 1252.582820] slab_reclaimable:16050 slab_unreclaimable:195272 [ 1252.582820] mapped:62407 shmem:8996 pagetables:17578 bounce:0 [ 1252.582820] free:493549 free_pcp:362 free_cma:0 [ 1252.603696] (U) [ 1252.624951] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1252.632908] 6*128kB [ 1252.664116] Node 1 active_anon:1255172kB inactive_anon:53480kB active_file:37896kB inactive_file:135260kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32528kB dirty:1024kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1252.678367] (UM) [ 1252.703521] Node 0 DMA free:10956kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1252.714534] 0*256kB [ 1252.739460] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1252.750229] Node 0 DMA32 free:27996kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:308kB local_pcp:144kB free_cma:0kB [ 1252.757668] 0*512kB [ 1252.790556] lowmem_reserve[]: 0 0 0 0 0 [ 1252.825795] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1252.842896] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1252.854220] 0*1024kB [ 1252.879170] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1252.885817] 0*2048kB 0*4096kB = 27996kB [ 1252.897266] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1252.898300] CPU: 0 PID: 7546 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1252.915984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.920626] Node 1 [ 1252.925338] Call Trace: [ 1252.925354] dump_stack+0x1b2/0x281 [ 1252.925369] warn_alloc.cold+0x96/0x1cc [ 1252.934157] Normal: [ 1252.937875] ? zone_watermark_ok_safe+0x220/0x220 [ 1252.937896] ? wait_for_completion_io+0x10/0x10 [ 1252.937912] __alloc_pages_nodemask+0x2127/0x2720 [ 1252.944576] 185*4kB [ 1252.945074] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.955330] (UME) [ 1252.956983] ? perf_trace_lock+0xf7/0x490 [ 1252.956994] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1252.957015] ? do_raw_spin_unlock+0x164/0x220 [ 1252.957027] alloc_pages_current+0x155/0x260 [ 1252.957040] kvm_mmu_create+0xda/0x1d0 [ 1252.957052] kvm_arch_vcpu_init+0x282/0x890 [ 1252.957059] ? alloc_pages_current+0x15d/0x260 [ 1252.957072] kvm_vcpu_init+0x26d/0x360 [ 1252.957084] vmx_create_vcpu+0xef/0x29d0 [ 1252.957097] ? __mutex_unlock_slowpath+0x75/0x770 [ 1252.957108] ? drop_futex_key_refs+0x2e/0xa0 [ 1252.957117] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1252.957132] kvm_vm_ioctl+0x4ca/0x13e0 [ 1252.957144] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.957167] ? check_preemption_disabled+0x35/0x240 [ 1252.957178] ? perf_trace_lock+0xf7/0x490 [ 1252.957187] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1252.957206] ? perf_trace_lock_acquire+0x510/0x510 [ 1252.964232] 337*8kB [ 1252.968432] ? kvm_vcpu_release+0xa0/0xa0 [ 1252.968444] do_vfs_ioctl+0x75a/0xff0 [ 1252.968457] ? ioctl_preallocate+0x1a0/0x1a0 [ 1252.968464] ? lock_downgrade+0x740/0x740 [ 1252.968478] ? __fget+0x225/0x360 [ 1252.968487] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.968498] ? security_file_ioctl+0x83/0xb0 [ 1252.968508] SyS_ioctl+0x7f/0xb0 [ 1252.968516] ? do_vfs_ioctl+0xff0/0xff0 [ 1252.968527] do_syscall_64+0x1d5/0x640 [ 1252.968544] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1252.968551] RIP: 0033:0x465f69 [ 1252.968558] RSP: 002b:00007f8db8961188 EFLAGS: 00000246 [ 1252.977828] (UME) [ 1252.977873] ORIG_RAX: 0000000000000010 [ 1252.986082] 147*16kB [ 1252.986158] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1252.996098] (UME) [ 1252.999060] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1252.999066] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1252.999072] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1252.999080] R13: 00007ffe6abe2b0f R14: 00007f8db8961300 R15: 0000000000022000 [ 1253.005322] 51*32kB [ 1253.056449] lowmem_reserve[]: [ 1253.114041] (UME) [ 1253.120691] 0 [ 1253.136079] 85*64kB [ 1253.148894] 0 [ 1253.159089] (UME) 220*128kB (UME) 296*256kB (UM) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1937468kB [ 1253.164399] 0 0 0 [ 1253.183439] Node 1 Normal free:1937656kB min:53696kB low:67120kB high:80544kB active_anon:1255044kB inactive_anon:53480kB active_file:37900kB inactive_file:135296kB unevictable:0kB writepending:1064kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15808kB pagetables:38572kB bounce:0kB free_pcp:1220kB local_pcp:640kB free_cma:0kB [ 1253.187510] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1253.223030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1253.226024] lowmem_reserve[]: 0 0 0 0 [ 1253.231758] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 13:27:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="2e0f01c4660f38802c0f79961e6d660fd7e8b808008ec00f001b66b97a0b00000f3266b9d709000066b8f300000066ba000000000f300f0139ba4000b022ee", 0x3f}], 0x1, 0x20, &(0x7f00000000c0), 0x0) 13:27:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(0xffffffffffffffff, 0x4008ae48, &(0x7f00000000c0)=0x2000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x2, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c000000311c7e4104e2a9d4d9000109503c04000000000000db0002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801411018008000100ac14140008eb07a7272259421b6ebf9fe84bf67cd48146f3058b5c4cfe0293c4fec12ff6d920d5eb7ed6d2deea16e50ceab883bdd2ea7d4d289c00c3ef472aa5b3817bdbf3ca0799aa0c2820b4667e3146aff62ef7bf87088fa0a5d63219972c2131d0a44b95990300000014c953e302279f93e33895edae820986a64d4a6f329e36e8c40bd3f6537ea8f9d7b669bd530a51cc41b17b275146bd8a0f4dc8a9e7e88231a48037f1249830287c29a36dd7679ad3a086454fe2379110d0208712dcf51ad98e98a469e15987bb9791324bb601b63b1f710a64d6a25ff9156d0f875d6020e907000000ff2e2b9fbc1df6b92fa1ec898546c6926350"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x501001, 0x100) fcntl$getown(r1, 0x9) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:04 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x2, 0x8) 13:27:04 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000100)={'erspan0\x00', 0x0, 0x10, 0x7800, 0x0, 0x7, {{0xd, 0x4, 0x2, 0x25, 0x34, 0x64, 0x0, 0x81, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp={0x44, 0x20, 0xf1, 0x0, 0x7, [0x4, 0xffffffff, 0x76, 0x2, 0x7, 0x7, 0x8000]}]}}}}}) r2 = socket(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000a000100626669666f"], 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000480)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) socket(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001e40)=@updsa={0x4d0, 0x1a, 0x8, 0x70bd26, 0x25dfdbfb, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x7, 0x4e24, 0x5, 0xa, 0x80, 0x20, 0x32, r1, 0xee01}, {@in6=@remote, 0x4d4, 0x33}, @in6=@private0={0xfc, 0x0, [], 0x1}, {0x1ff, 0x2, 0x8000, 0x6, 0x10001, 0x5, 0x4, 0x1}, {0x200, 0x5, 0xdf26, 0x727}, {0x2, 0x1}, 0x70bd2a, 0x3506, 0x2, 0x4, 0x1, 0x31}, [@XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x40}, @XFRMA_IF_ID={0x8, 0x1f, r6}, @policy={0xac, 0x7, {{@in6=@private1={0xfc, 0x1, [], 0x1}, @in=@rand_addr=0x64010101, 0x4e24, 0x20, 0x4e20, 0x4, 0x2, 0x80, 0x80, 0x88, 0x0, 0xee00}, {0x1, 0x3, 0x5, 0xec7, 0x9, 0x8000, 0x4}, {0x8000, 0x8fb, 0x80, 0x200}, 0x39, 0x6e6bb6, 0x2, 0x1, 0x1, 0x2}}, @coaddr={0x14, 0xe, @in=@multicast1}, @sec_ctx={0x47, 0x8, {0x43, 0x8, 0x1, 0x17, 0x3b, "904d92ff527a68393ef2803f7b7b36d9645d07a022886eda7200a40568acab0c0c1e62eab86c408aaad3dc042080d4b81ab918130aa009ae9e912c"}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x6}, @XFRMA_IF_ID={0x8}, @migrate={0x1cc, 0x11, [{@in6=@private2={0xfc, 0x2, [], 0x1}, @in6=@mcast1, @in6=@private2, @in6=@ipv4={[], [], @broadcast}, 0x33, 0x3, 0x0, 0x0, 0x2, 0x2}, {@in=@empty, @in=@broadcast, @in6=@empty, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x33, 0x2, 0x0, 0x3507, 0xa, 0xa}, {@in=@remote, @in=@private=0xa010101, @in6=@private1, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2b, 0x1, 0x0, 0x3503, 0x2, 0xa}, {@in6=@local, @in=@remote, @in6=@private1, @in6=@private0, 0xff, 0x2, 0x0, 0x3500, 0xa}, {@in=@local, @in6=@mcast2, @in=@private=0xa010100, @in6=@private2={0xfc, 0x2, [], 0x1}, 0x32, 0x1, 0x0, 0x3504, 0x2, 0x2}, {@in6=@mcast1, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, @in=@loopback, @in=@multicast1, 0x3c, 0x4, 0x0, 0x3500, 0xa, 0x2}]}, @sa={0xe4, 0x6, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@loopback, 0x4e21, 0x8, 0x4e21, 0x1, 0x2, 0x0, 0xa0}, {@in6=@private0={0xfc, 0x0, [], 0x1}, 0x4d6, 0x32}, @in=@remote, {0x3f, 0x4, 0x6, 0x0, 0x80, 0x4, 0x5, 0x7}, {0x20, 0x5, 0x6, 0x9}, {0x9, 0x2, 0x4}, 0x70bd2d, 0x3500, 0xa, 0x4, 0xe7}}, @extra_flags={0x8, 0x18, 0x1}]}, 0x4d0}, 0x1, 0x0, 0x0, 0x24008810}, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@md5={0x1, "acc206345ab74b81422d2cbb644ddd4f"}, 0x11, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) [ 1253.235612] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1253.253283] 26403 total pagecache pages [ 1253.257391] 0 pages in swap cache [ 1253.261031] Swap cache stats: add 0, delete 0, find 0/0 [ 1253.266512] Free swap = 0kB [ 1253.269580] Total swap = 0kB [ 1253.271518] 0 [ 1253.272645] 2097051 pages RAM [ 1253.274402] Node 0 DMA: 33*4kB (UM) 1*8kB [ 1253.277655] 0 pages HighMem/MovableOnly [ 1253.277659] 363840 pages reserved [ 1253.277662] 0 pages cma reserved [ 1253.341668] (M) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10956kB [ 1253.350484] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1253.376589] Node 0 DMA32: 847*4kB (ME) 273*8kB (UME) 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28020kB [ 1253.433812] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1253.440159] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1253.518779] Node 1 Normal: 9*4kB (ME) 356*8kB (UME) 201*16kB (UME) 29*32kB (UME) 85*64kB (UME) 218*128kB (UME) 281*256kB (M) 120*512kB (UM) 34*1024kB (UM) 14*2048kB (ME) 414*4096kB (M) = 1932980kB 13:27:05 executing program 0: mlockall(0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1253.562904] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1253.592058] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1253.604996] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1253.631447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1253.640625] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1253.640663] CPU: 1 PID: 7580 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1253.656926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1253.666376] Call Trace: [ 1253.668979] dump_stack+0x1b2/0x281 [ 1253.672629] warn_alloc.cold+0x96/0x1cc [ 1253.676622] ? zone_watermark_ok_safe+0x220/0x220 [ 1253.679774] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1253.681612] ? wait_for_completion_io+0x10/0x10 [ 1253.694944] __alloc_pages_nodemask+0x2127/0x2720 [ 1253.699819] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1253.704802] ? perf_trace_lock+0xf7/0x490 [ 1253.705987] 26403 total pagecache pages [ 1253.708954] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1253.708975] ? do_raw_spin_unlock+0x164/0x220 [ 1253.712944] 0 pages in swap cache [ 1253.717826] alloc_pages_current+0x155/0x260 [ 1253.717842] kvm_mmu_create+0xda/0x1d0 [ 1253.717853] kvm_arch_vcpu_init+0x282/0x890 [ 1253.717861] ? alloc_pages_current+0x15d/0x260 [ 1253.717877] kvm_vcpu_init+0x26d/0x360 [ 1253.726707] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1253.730216] vmx_create_vcpu+0xef/0x29d0 [ 1253.730231] ? __mutex_unlock_slowpath+0x75/0x770 [ 1253.735863] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1253.738548] ? drop_futex_key_refs+0x2e/0xa0 [ 1253.738561] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1253.738574] ? get_futex_key+0x1160/0x1160 [ 1253.738586] kvm_vm_ioctl+0x4ca/0x13e0 [ 1253.738605] ? kvm_vcpu_release+0xa0/0xa0 [ 1253.763459] Swap cache stats: add 0, delete 0, find 0/0 [ 1253.764812] ? check_preemption_disabled+0x35/0x240 [ 1253.764825] ? perf_trace_lock+0xf7/0x490 [ 1253.784884] Free swap = 0kB [ 1253.786000] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1253.786014] ? perf_trace_lock_acquire+0x510/0x510 [ 1253.786027] ? kvm_vcpu_release+0xa0/0xa0 [ 1253.791076] Total swap = 0kB [ 1253.794129] do_vfs_ioctl+0x75a/0xff0 [ 1253.794143] ? ioctl_preallocate+0x1a0/0x1a0 [ 1253.811911] 2097051 pages RAM [ 1253.816840] ? lock_downgrade+0x740/0x740 [ 1253.816856] ? __fget+0x225/0x360 [ 1253.816870] ? do_vfs_ioctl+0xff0/0xff0 [ 1253.828692] 0 pages HighMem/MovableOnly [ 1253.829094] ? security_file_ioctl+0x83/0xb0 [ 1253.838020] 363840 pages reserved [ 1253.840614] SyS_ioctl+0x7f/0xb0 [ 1253.840625] ? do_vfs_ioctl+0xff0/0xff0 [ 1253.848305] 0 pages cma reserved [ 1253.852436] do_syscall_64+0x1d5/0x640 13:27:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c00028005000100001e000034000e800600034000040000060003400000000014001180080001000a010101080002000a0101020c0002800500010001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x2000000}, 0x8004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x100) ioctl$KVM_S390_INTERRUPT_CPU(r2, 0x4010ae94, &(0x7f0000000000)={0x7, 0x200, 0x2}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xd000, 0x16000}) [ 1253.852456] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1253.884665] RIP: 0033:0x465f69 [ 1253.887865] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1253.895729] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1253.903011] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1253.910288] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1253.917564] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1253.924972] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:27:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x290380, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) 13:27:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x20400, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000140)="0f01c3b8010000000f01d9c4e17951b700000000c4e37904636d2ac4c339485ce9106c66bad00466b87c3166ef66b829000f00d0f30f09c4c3c54822f9f23664640f22a0", 0x44}], 0x1, 0x10, &(0x7f0000000140), 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x0, 0x3001, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1254.151185] warn_alloc_show_mem: 2 callbacks suppressed [ 1254.151189] Mem-Info: [ 1254.163004] active_anon:841274 inactive_anon:18063 isolated_anon:0 [ 1254.163004] active_file:9478 inactive_file:33834 isolated_file:0 [ 1254.163004] unevictable:0 dirty:296 writeback:0 unstable:0 [ 1254.163004] slab_reclaimable:16114 slab_unreclaimable:194962 [ 1254.163004] mapped:62463 shmem:8996 pagetables:17701 bounce:0 [ 1254.163004] free:492598 free_pcp:319 free_cma:0 [ 1254.204607] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1254.260118] Node 1 active_anon:1255736kB inactive_anon:53480kB active_file:37904kB inactive_file:135336kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32752kB dirty:1184kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1254.297642] Node 0 DMA free:10988kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1254.332019] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1254.337754] Node 0 DMA32 free:28004kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:392kB local_pcp:244kB free_cma:0kB [ 1254.381414] lowmem_reserve[]: 0 0 0 0 0 [ 1254.385665] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1254.424262] lowmem_reserve[]: 0 0 0 0 0 [ 1254.434591] Node 1 Normal free:1930892kB min:53696kB low:67120kB high:80544kB active_anon:1256236kB inactive_anon:53480kB active_file:37904kB inactive_file:135336kB unevictable:0kB writepending:1184kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:15968kB pagetables:39148kB bounce:0kB free_pcp:996kB local_pcp:604kB free_cma:0kB [ 1254.476936] lowmem_reserve[]: 0 0 0 0 0 [ 1254.484036] Node 0 DMA: 33*4kB (UM) 5*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10988kB [ 1254.509495] Node 0 DMA32: 847*4kB (ME) 271*8kB (UME) 687*16kB (UME) 288*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28004kB [ 1254.529721] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1254.551695] Node 1 Normal: 145*4kB (UME) 190*8kB (UME) 261*16kB (UE) 32*32kB (UE) 55*64kB (UE) 233*128kB (UME) 286*256kB (UM) 119*512kB (UM) 34*1024kB (UM) 15*2048kB (UME) 413*4096kB (M) = 1931972kB [ 1254.581672] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1254.594308] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1254.605777] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1254.620438] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1254.629086] 26414 total pagecache pages [ 1254.633068] 0 pages in swap cache [ 1254.643136] Swap cache stats: add 0, delete 0, find 0/0 [ 1254.654572] Free swap = 0kB 13:27:06 executing program 0: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x10000) getresuid(&(0x7f00000000c0), 0x0, &(0x7f0000000180)=0x0) ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f00000001c0)={0x3, @null, r1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x4201}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x3c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x3c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x8, 0x250000) ioctl$KVM_ENABLE_CAP(r4, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, [0x5, 0xfffffffffffffff9, 0x7, 0x5]}) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) 13:27:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x40, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:06 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write(r0, &(0x7f0000000240)="791c4692cad8a1d9114f700d51c3c2ca084f07e0fbe4f36a85206925fc2bc173004da64d54f0e30caa8a79baa9fbdbb16c4674213d9b69a2016906eacf662a4f866ba026c682cfd04c3300800f496b6dc78ed0fa914a2807d85f599c8e18491d05954f6ccfc5c7522e87d61597d5c2baa3673fcef4f8549bc8951ab1c43336dfa1bb64c054148c0a36d117d53f3acbc3ae42189bf1a3fc44c39a65ede81dfee3bf69499bc95026a6f92e385821b5160464d1a2362158c5d962a8208dc3ffbf2df6fac464f5b324fb309c93fb232957b98002d2b84ae90c62b939cf9ee88ca0a99cd8d3eff70b699f3cecb4da163e7146c737dc011c1c2211f5", 0xf9) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000400)="2754fbdc7945912bc36c15623cba62e7d51569d536b8934ab0d04911d798633a41225246632375e0b85f31a6f072b47c7755fc8199498d56d4604f68998d6af5ddd164d9902dc91b30471566a75e759f0d8339b7b758ddd65a09bd92d3f8516ede825d8cfff3371d0b08de25e4b301fd51bb80e1e8602d751aefe7941f80a7770a6b664e32093f0fb5794913e66e01ad39ac6acb795844a9d0336aefb7", 0x9d}, {&(0x7f0000000040)="2e055e3bce8bd7226261d74909d6073e7943399aa716bc00bd159ab5fbcc66e8c34bddd769952c2ccb42059d", 0x2c}, {&(0x7f0000000340)="09e5b825bd89c9b0ad705ea0640126a44584b64ce32a4e85a92eab5dd13d16298fb81e82fc99d4ae30db304e86756fba3fab140e98fc69ef19090f083e6214761cd64df7574473ce5518a36fc7a471a7298e73", 0x53}], 0x3) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = syz_mount_image$qnx4(&(0x7f0000000000)='qnx4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000080)="385fb108cbead45379324e94b715ee6165423e303e05116e7c78417750b646206cb090cf11adc81083fa1a67efa8c1d91121fb7e307c975a47b847fae015b1d03452d228b17e4d6647d7804fd58b4c01ee368beb20911d924d3fe8b3a1baecc411900cb82df36792190ce7c430bfc404067e92e51dcffb93f87657fb2c04a18d8b03e0277b2fec4de44e0886b074361058efcd3b3786fd419df682c4fc43bfeeb2d131589d4d57d910", 0xa9, 0x7}], 0x2a000, &(0x7f0000000240)={[{}, {'/dev/kvm\x00'}, {}, {}, {'/dev/kvm\x00'}, {'/dev/kvm\x00'}, {'\\]+@'}, {'/dev/kvm\x00'}, {'/dev/kvm\x00'}], [{@pcr={'pcr', 0x3d, 0x36}}, {@permit_directio='permit_directio'}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@pcr={'pcr', 0x3d, 0x12}}]}) ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0xc0109428, &(0x7f0000000180)={0x2, 0xfffffffffffffff9}) 13:27:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c00028005000100001e000034000e800600034000040000060003400000000014001180080001000a010101080002000a0101020c0002800500010001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x2000000}, 0x8004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:06 executing program 3: getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x93}, &(0x7f0000000040)=0x8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1254.663109] Total swap = 0kB [ 1254.666958] 2097051 pages RAM [ 1254.670077] 0 pages HighMem/MovableOnly [ 1254.674051] 363840 pages reserved [ 1254.685364] 0 pages cma reserved [ 1254.800422] warn_alloc: 5 callbacks suppressed [ 1254.800427] syz-executor.3: [ 1254.800898] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1254.850973] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1254.860593] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1254.871548] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x80000000074) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000000000000000201801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1254.900111] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1254.907826] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1254.917772] CPU: 0 PID: 7697 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1254.925713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1254.935304] Call Trace: [ 1254.937908] dump_stack+0x1b2/0x281 [ 1254.941654] warn_alloc.cold+0x96/0x1cc [ 1254.945642] ? zone_watermark_ok_safe+0x220/0x220 [ 1254.950518] ? wait_for_completion_io+0x10/0x10 [ 1254.955287] __alloc_pages_nodemask+0x2127/0x2720 [ 1254.960158] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1254.965009] ? perf_trace_lock+0xf7/0x490 [ 1254.969165] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1254.973329] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1254.974023] ? do_raw_spin_unlock+0x164/0x220 [ 1254.974037] alloc_pages_current+0x155/0x260 [ 1254.988070] kvm_mmu_create+0xda/0x1d0 [ 1254.992127] kvm_arch_vcpu_init+0x282/0x890 [ 1254.996460] ? alloc_pages_current+0x15d/0x260 13:27:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c00028005000100001e000034000e800600034000040000060003400000000014001180080001000a010101080002000a0101020c0002800500010001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x2000000}, 0x8004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1255.001065] kvm_vcpu_init+0x26d/0x360 [ 1255.004976] vmx_create_vcpu+0xef/0x29d0 [ 1255.009058] ? __mutex_unlock_slowpath+0x75/0x770 [ 1255.013911] ? drop_futex_key_refs+0x2e/0xa0 [ 1255.018334] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1255.022407] ? get_futex_key+0x1160/0x1160 [ 1255.026655] kvm_vm_ioctl+0x4ca/0x13e0 [ 1255.030901] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.035078] ? check_preemption_disabled+0x35/0x240 [ 1255.040252] ? perf_trace_lock+0xf7/0x490 [ 1255.044413] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1255.049532] ? perf_trace_lock_acquire+0x510/0x510 [ 1255.054684] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.058840] do_vfs_ioctl+0x75a/0xff0 [ 1255.062656] ? ioctl_preallocate+0x1a0/0x1a0 [ 1255.067272] ? lock_downgrade+0x740/0x740 [ 1255.071431] ? __fget+0x225/0x360 [ 1255.074897] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.078899] ? security_file_ioctl+0x83/0xb0 [ 1255.083447] SyS_ioctl+0x7f/0xb0 [ 1255.086822] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.090810] do_syscall_64+0x1d5/0x640 [ 1255.094792] entry_SYSCALL_64_after_hwframe+0x46/0xbb 13:27:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c000000003ca1883d081667a500000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1255.100102] RIP: 0033:0x465f69 [ 1255.103298] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1255.111187] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1255.118465] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1255.125743] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1255.133249] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1255.140527] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1255.147931] CPU: 1 PID: 7692 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1255.152397] syz-executor.2 cpuset= [ 1255.155757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.155762] Call Trace: [ 1255.155778] dump_stack+0x1b2/0x281 [ 1255.155792] warn_alloc.cold+0x96/0x1cc [ 1255.170416] / [ 1255.171349] ? zone_watermark_ok_safe+0x220/0x220 [ 1255.180599] mems_allowed=0-1 [ 1255.180868] ? wait_for_completion_io+0x10/0x10 [ 1255.193498] __alloc_pages_nodemask+0x2127/0x2720 [ 1255.198348] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.203398] ? perf_trace_lock+0xf7/0x490 [ 1255.207562] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.212425] ? do_raw_spin_unlock+0x164/0x220 [ 1255.216931] alloc_pages_current+0x155/0x260 [ 1255.221485] kvm_mmu_create+0xda/0x1d0 [ 1255.225384] kvm_arch_vcpu_init+0x282/0x890 [ 1255.229720] ? alloc_pages_current+0x15d/0x260 [ 1255.234316] kvm_vcpu_init+0x26d/0x360 [ 1255.238220] vmx_create_vcpu+0xef/0x29d0 [ 1255.242287] ? __mutex_unlock_slowpath+0x75/0x770 [ 1255.247131] ? drop_futex_key_refs+0x2e/0xa0 [ 1255.251552] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1255.255618] ? get_futex_key+0x1160/0x1160 [ 1255.259860] kvm_vm_ioctl+0x4ca/0x13e0 [ 1255.263793] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.267947] ? check_preemption_disabled+0x35/0x240 [ 1255.272966] ? perf_trace_lock+0xf7/0x490 [ 1255.277123] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1255.282230] ? perf_trace_lock_acquire+0x510/0x510 [ 1255.287168] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.291318] do_vfs_ioctl+0x75a/0xff0 [ 1255.295219] ? ioctl_preallocate+0x1a0/0x1a0 [ 1255.299638] ? lock_downgrade+0x740/0x740 [ 1255.303799] ? __fget+0x225/0x360 [ 1255.307321] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.311563] ? security_file_ioctl+0x83/0xb0 [ 1255.315984] SyS_ioctl+0x7f/0xb0 [ 1255.319360] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.323339] do_syscall_64+0x1d5/0x640 [ 1255.327319] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1255.332518] RIP: 0033:0x465f69 [ 1255.335718] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1255.343431] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 13:27:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c00028005000100001e000034000e800600034000040000060003400000000014001180080001000a010101080002000a0101020c0002800500010001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x2000000}, 0x8004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1255.350919] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1255.358237] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1255.365640] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1255.372973] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1255.380252] CPU: 0 PID: 7715 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1255.388315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.397674] Call Trace: [ 1255.400280] dump_stack+0x1b2/0x281 [ 1255.403923] warn_alloc.cold+0x96/0x1cc [ 1255.408151] ? zone_watermark_ok_safe+0x220/0x220 [ 1255.413019] ? wait_for_completion_io+0x10/0x10 [ 1255.417707] __alloc_pages_nodemask+0x2127/0x2720 [ 1255.422577] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.427465] ? perf_trace_lock+0xf7/0x490 [ 1255.431628] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.436614] ? do_raw_spin_unlock+0x164/0x220 [ 1255.441120] alloc_pages_current+0x155/0x260 [ 1255.445547] kvm_mmu_create+0xda/0x1d0 [ 1255.449452] kvm_arch_vcpu_init+0x282/0x890 [ 1255.453775] ? alloc_pages_current+0x15d/0x260 [ 1255.458366] kvm_vcpu_init+0x26d/0x360 [ 1255.462447] vmx_create_vcpu+0xef/0x29d0 [ 1255.466617] ? __mutex_unlock_slowpath+0x75/0x770 [ 1255.471558] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1255.475730] kvm_vm_ioctl+0x4ca/0x13e0 [ 1255.479629] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.483791] ? perf_trace_lock_acquire+0x510/0x510 [ 1255.488736] ? __lock_acquire+0x5fc/0x3f20 [ 1255.492982] ? check_preemption_disabled+0x35/0x240 [ 1255.498005] ? perf_trace_lock+0xf7/0x490 [ 1255.502157] ? lock_downgrade+0x740/0x740 [ 1255.506398] ? perf_trace_lock_acquire+0x510/0x510 [ 1255.511361] ? do_raw_spin_unlock+0x164/0x220 [ 1255.516080] ? _raw_spin_unlock+0x29/0x40 [ 1255.520237] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.524544] do_vfs_ioctl+0x75a/0xff0 [ 1255.528360] ? ioctl_preallocate+0x1a0/0x1a0 [ 1255.533104] ? lock_downgrade+0x740/0x740 [ 1255.537267] ? __fget+0x225/0x360 [ 1255.540742] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.544736] ? security_file_ioctl+0x83/0xb0 [ 1255.549460] SyS_ioctl+0x7f/0xb0 [ 1255.552834] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.556820] do_syscall_64+0x1d5/0x640 [ 1255.560729] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1255.565933] RIP: 0033:0x465f69 [ 1255.569400] RSP: 002b:00007f58847ba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1255.577123] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1255.584399] RDX: 0000000000000001 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1255.591681] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1255.598961] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1255.606322] R13: 00007ffd2f6bf3cf R14: 00007f58847ba300 R15: 0000000000022000 [ 1255.615997] CPU: 1 PID: 7708 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1255.623814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.633318] Call Trace: [ 1255.635916] dump_stack+0x1b2/0x281 [ 1255.639565] warn_alloc.cold+0x96/0x1cc [ 1255.643675] ? zone_watermark_ok_safe+0x220/0x220 [ 1255.648545] ? wait_for_completion_io+0x10/0x10 [ 1255.653238] __alloc_pages_nodemask+0x2127/0x2720 [ 1255.658113] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.663190] ? perf_trace_lock+0xf7/0x490 [ 1255.667352] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1255.672218] ? do_raw_spin_unlock+0x164/0x220 [ 1255.676727] alloc_pages_current+0x155/0x260 [ 1255.681154] kvm_mmu_create+0xda/0x1d0 [ 1255.685047] kvm_arch_vcpu_init+0x282/0x890 [ 1255.689369] ? alloc_pages_current+0x15d/0x260 [ 1255.693958] kvm_vcpu_init+0x26d/0x360 [ 1255.697855] vmx_create_vcpu+0xef/0x29d0 [ 1255.701938] ? __mutex_unlock_slowpath+0x75/0x770 [ 1255.706789] ? drop_futex_key_refs+0x2e/0xa0 [ 1255.711206] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1255.715376] kvm_vm_ioctl+0x4ca/0x13e0 [ 1255.719278] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.723448] ? check_preemption_disabled+0x35/0x240 [ 1255.728473] ? perf_trace_lock+0xf7/0x490 [ 1255.732627] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1255.737739] ? perf_trace_lock_acquire+0x510/0x510 [ 1255.742681] ? kvm_vcpu_release+0xa0/0xa0 [ 1255.746838] do_vfs_ioctl+0x75a/0xff0 [ 1255.750651] ? ioctl_preallocate+0x1a0/0x1a0 [ 1255.755173] ? lock_downgrade+0x740/0x740 [ 1255.759337] ? __fget+0x225/0x360 [ 1255.762801] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.766952] ? security_file_ioctl+0x83/0xb0 [ 1255.771370] SyS_ioctl+0x7f/0xb0 [ 1255.774743] ? do_vfs_ioctl+0xff0/0xff0 [ 1255.778728] do_syscall_64+0x1d5/0x640 [ 1255.780978] Mem-Info: [ 1255.782630] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1255.782639] RIP: 0033:0x465f69 [ 1255.782646] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 [ 1255.787469] active_anon:841369 inactive_anon:18063 isolated_anon:0 [ 1255.787469] active_file:9480 inactive_file:33839 isolated_file:0 [ 1255.787469] unevictable:0 dirty:323 writeback:0 unstable:0 [ 1255.787469] slab_reclaimable:16158 slab_unreclaimable:195981 [ 1255.787469] mapped:62491 shmem:8997 pagetables:17759 bounce:0 [ 1255.787469] free:491046 free_pcp:316 free_cma:0 [ 1255.790493] ORIG_RAX: 0000000000000010 [ 1255.790500] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1255.790506] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 13:27:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x124402, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018b08800100e000000108000200000000c00c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c000280050001000000000094276430cc756b493c142e6c37246c052de66ac41bbf3934c2328083f38e9ef42c9176d08fa1b3669980538938725b66d032ab6fd5288481bf120fcdd1"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1255.790512] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1255.790518] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1255.790523] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:27:07 executing program 1: socket$inet6(0xa, 0x4, 0x948) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000240)={0x2, {{0x2, 0x4e23, @remote}}, {{0x2, 0x4e20, @rand_addr=0x64010102}}}, 0x108) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r5], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000000000000000010000000000000201000024000180000001800800010000000c000280050001000100ac010c000280cdd8b5709e290700000000000000000000ed"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1256.099653] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:27:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="2e0f01c4660f38802c0f79961e6d660fd7e8b808008ec00f001b66b97a0b00000f3266b9d709000066b8f300000066ba000000000f300f0139ba4000b022ee", 0x3f}], 0x1, 0x20, &(0x7f00000000c0), 0x0) [ 1256.174639] Node 1 active_anon:1256084kB inactive_anon:53480kB active_file:37940kB inactive_file:135404kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32648kB dirty:1352kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1256.280407] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1256.284012] syz-executor.5: [ 1256.312911] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1256.344338] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1256.357204] Node 0 DMA32 free:28004kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1256.383182] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1256.411560] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1256.422481] CPU: 1 PID: 7811 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1256.431420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.436941] lowmem_reserve[]: [ 1256.441046] Call Trace: [ 1256.441066] dump_stack+0x1b2/0x281 [ 1256.441080] warn_alloc.cold+0x96/0x1cc [ 1256.441092] ? zone_watermark_ok_safe+0x220/0x220 [ 1256.452195] 0 [ 1256.454846] ? wait_for_completion_io+0x10/0x10 [ 1256.454862] __alloc_pages_nodemask+0x2127/0x2720 [ 1256.469352] 0 [ 1256.471304] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1256.471318] ? perf_trace_lock+0xf7/0x490 [ 1256.475517] 0 [ 1256.478287] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1256.478310] ? do_raw_spin_unlock+0x164/0x220 [ 1256.478325] alloc_pages_current+0x155/0x260 [ 1256.478345] kvm_mmu_create+0xda/0x1d0 [ 1256.478356] kvm_arch_vcpu_init+0x282/0x890 [ 1256.488952] 0 [ 1256.489224] ? alloc_pages_current+0x15d/0x260 [ 1256.498175] 0 [ 1256.498278] kvm_vcpu_init+0x26d/0x360 [ 1256.508523] vmx_create_vcpu+0xef/0x29d0 [ 1256.508539] ? __mutex_unlock_slowpath+0x75/0x770 [ 1256.508550] ? drop_futex_key_refs+0x2e/0xa0 [ 1256.530589] Node 0 [ 1256.531947] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1256.531960] ? get_futex_key+0x1160/0x1160 [ 1256.531971] kvm_vm_ioctl+0x4ca/0x13e0 [ 1256.543206] Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1256.547129] ? kvm_vcpu_release+0xa0/0xa0 [ 1256.547151] ? check_preemption_disabled+0x35/0x240 [ 1256.547165] ? perf_trace_lock+0xf7/0x490 [ 1256.547176] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1256.547187] ? perf_trace_lock_acquire+0x510/0x510 [ 1256.561311] lowmem_reserve[]: [ 1256.580146] ? kvm_vcpu_release+0xa0/0xa0 [ 1256.580159] do_vfs_ioctl+0x75a/0xff0 [ 1256.580172] ? ioctl_preallocate+0x1a0/0x1a0 [ 1256.580181] ? lock_downgrade+0x740/0x740 [ 1256.580199] ? __fget+0x225/0x360 [ 1256.606829] 0 [ 1256.606955] ? do_vfs_ioctl+0xff0/0xff0 [ 1256.618801] 0 [ 1256.620334] ? security_file_ioctl+0x83/0xb0 [ 1256.620348] SyS_ioctl+0x7f/0xb0 [ 1256.620357] ? do_vfs_ioctl+0xff0/0xff0 [ 1256.620369] do_syscall_64+0x1d5/0x640 [ 1256.628405] 0 [ 1256.628512] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1256.634540] 0 [ 1256.635603] RIP: 0033:0x465f69 [ 1256.640861] 0 [ 1256.642058] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1256.642070] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1256.642075] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1256.642081] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1256.642086] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1256.642094] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1256.663452] syz-executor.5 cpuset= [ 1256.702925] Node 1 [ 1256.706215] / mems_allowed=0-1 [ 1256.722258] Normal free:1926788kB min:53696kB low:67120kB high:80544kB active_anon:1255984kB inactive_anon:53480kB active_file:37940kB inactive_file:135404kB unevictable:0kB writepending:1352kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16352kB pagetables:39504kB bounce:0kB free_pcp:940kB local_pcp:660kB free_cma:0kB [ 1256.723306] CPU: 1 PID: 7814 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1256.762078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.771435] Call Trace: [ 1256.774197] dump_stack+0x1b2/0x281 [ 1256.777841] warn_alloc.cold+0x96/0x1cc [ 1256.781832] ? zone_watermark_ok_safe+0x220/0x220 [ 1256.786929] ? wait_for_completion_io+0x10/0x10 [ 1256.789884] lowmem_reserve[]: [ 1256.791693] __alloc_pages_nodemask+0x2127/0x2720 [ 1256.791719] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1256.801272] 0 [ 1256.805345] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1256.805356] ? perf_trace_lock_acquire+0x510/0x510 [ 1256.805376] ? do_raw_spin_unlock+0x164/0x220 [ 1256.814035] 0 [ 1256.817471] alloc_pages_current+0x155/0x260 [ 1256.817487] kvm_mmu_create+0xda/0x1d0 [ 1256.817498] kvm_arch_vcpu_init+0x282/0x890 [ 1256.817506] ? alloc_pages_current+0x15d/0x260 [ 1256.817518] kvm_vcpu_init+0x26d/0x360 [ 1256.817531] vmx_create_vcpu+0xef/0x29d0 [ 1256.829034] 0 [ 1256.832221] ? __mutex_unlock_slowpath+0x75/0x770 [ 1256.832235] ? drop_futex_key_refs+0x2e/0xa0 [ 1256.845381] 0 [ 1256.849223] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1256.849239] kvm_vm_ioctl+0x4ca/0x13e0 [ 1256.849254] ? kvm_vcpu_release+0xa0/0xa0 [ 1256.849276] ? check_preemption_disabled+0x35/0x240 [ 1256.857324] 0 [ 1256.860738] ? perf_trace_lock+0xf7/0x490 [ 1256.860749] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1256.860761] ? perf_trace_lock_acquire+0x510/0x510 [ 1256.870514] ? kvm_vcpu_release+0xa0/0xa0 [ 1256.870529] do_vfs_ioctl+0x75a/0xff0 [ 1256.877740] Node 0 [ 1256.879847] ? ioctl_preallocate+0x1a0/0x1a0 [ 1256.879856] ? lock_downgrade+0x740/0x740 [ 1256.879871] ? __fget+0x225/0x360 [ 1256.883875] DMA: [ 1256.885850] ? do_vfs_ioctl+0xff0/0xff0 [ 1256.885861] ? security_file_ioctl+0x83/0xb0 [ 1256.885871] SyS_ioctl+0x7f/0xb0 [ 1256.885879] ? do_vfs_ioctl+0xff0/0xff0 [ 1256.885891] do_syscall_64+0x1d5/0x640 [ 1256.885908] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1256.897124] 33*4kB [ 1256.900253] RIP: 0033:0x465f69 [ 1256.900259] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1256.900273] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1256.909329] (UM) [ 1256.910940] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1256.910947] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1256.910953] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1256.910959] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1256.913694] warn_alloc_show_mem: 3 callbacks suppressed [ 1256.913698] Mem-Info: [ 1256.932723] 2*8kB [ 1256.933940] active_anon:841305 inactive_anon:18063 isolated_anon:0 [ 1256.933940] active_file:9483 inactive_file:33853 isolated_file:0 [ 1256.933940] unevictable:0 dirty:345 writeback:0 unstable:0 [ 1256.933940] slab_reclaimable:16150 slab_unreclaimable:195767 [ 1256.933940] mapped:62435 shmem:8997 pagetables:17745 bounce:0 [ 1256.933940] free:491742 free_pcp:269 free_cma:0 [ 1256.959026] (UM) [ 1256.962826] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1257.010777] 4*16kB [ 1257.045323] Node 1 active_anon:1255820kB inactive_anon:53480kB active_file:37932kB inactive_file:135408kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32620kB dirty:1380kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1257.105716] (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1257.117652] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1257.136341] Node 0 DMA32: 936*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28488kB [ 1257.170834] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1257.176137] Node 0 DMA32 free:28456kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:56kB local_pcp:36kB free_cma:0kB [ 1257.210238] lowmem_reserve[]: 0 0 0 0 0 [ 1257.215964] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1257.220082] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1257.256148] lowmem_reserve[]: 0 0 0 0 0 [ 1257.260181] Node 1 Normal free:1928596kB min:53696kB low:67120kB high:80544kB active_anon:1255820kB inactive_anon:53480kB active_file:37932kB inactive_file:135408kB unevictable:0kB writepending:1380kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16064kB pagetables:39404kB bounce:0kB free_pcp:1076kB local_pcp:656kB free_cma:0kB [ 1257.261643] Node 1 [ 1257.291616] lowmem_reserve[]: 0 0 0 0 0 [ 1257.301128] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1257.316927] Node 0 DMA32: 936*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28488kB [ 1257.333915] Normal: 186*4kB (UME) 281*8kB (UME) 302*16kB (UME) 25*32kB (UME) 21*64kB (UME) 220*128kB (UME) 285*256kB (UM) 121*512kB (UM) 34*1024kB (UM) 15*2048kB (UME) 413*4096kB (M) = 1930224kB [ 1257.350198] Node 0 [ 1257.352362] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1257.353774] Normal: [ 1257.354617] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1257.376764] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1257.385699] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1257.385745] Node 1 Normal: 186*4kB (UME) 251*8kB (UME) 302*16kB (UME) 25*32kB (UME) 21*64kB (UME) 220*128kB (UME) 285*256kB (UM) 121*512kB (UM) 34*1024kB (UM) 15*2048kB (UME) 413*4096kB (M) = 1929984kB [ 1257.385824] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1257.385830] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1257.385836] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1257.385842] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1257.399638] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1257.457980] 26444 total pagecache pages [ 1257.460383] 26444 total pagecache pages [ 1257.462055] 0 pages in swap cache [ 1257.466090] 0 pages in swap cache [ 1257.466096] Swap cache stats: add 0, delete 0, find 0/0 [ 1257.466100] Free swap = 0kB [ 1257.466103] Total swap = 0kB [ 1257.466111] 2097051 pages RAM [ 1257.466114] 0 pages HighMem/MovableOnly [ 1257.466118] 363840 pages reserved [ 1257.466121] 0 pages cma reserved [ 1257.507457] Swap cache stats: add 0, delete 0, find 0/0 [ 1257.517698] Free swap = 0kB [ 1257.520813] Total swap = 0kB [ 1257.523891] 2097051 pages RAM [ 1257.529041] 0 pages HighMem/MovableOnly [ 1257.533087] 363840 pages reserved 13:27:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x4, 0x0], 0x2, 0x800, 0x0, 0xffffffffffffffff}) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x4, 0x40, 0x0, 0x7, 0x40, 0x2, 0xfa, 0x6, 0x1f, 0xa8, 0x0, 0x80000000}, {0x1, 0x101, 0x5, 0x0, 0x3, 0x4, 0x1, 0x0, 0x3, 0x8, 0x40, 0x2a, 0x8}, {0x9, 0x9, 0xe1, 0xc0, 0x2, 0xa, 0x7, 0x3, 0x0, 0x0, 0x3, 0x73, 0x100000000}], 0x4}) 13:27:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x8680, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:09 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x20000) bind$alg(r2, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) r3 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r1], 0xa) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r3) write$binfmt_misc(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="73797a309580689db4dcd30cf972ffd41e983cfdd840a546a57575418ac2d274da42471853165e1a42d79b26aabc9a2801ca1ad0ac4fa2920a202ba9c5b23fb9eaba84a1b9f89d72fee9e0b33bd6f5648e04eb1ffa8583e11a2d69329be5f8ef4afba9254901ed2808d5c8136270ece4caf82d5ccdfefb289fa47fb8b3194e0d206d306a8ece87b0407d720c7cf46e5434d6140737bc4d73bf7cb4ddecbe6a2363c06e7972462577d1ceca9d89efbff034ae10c6007bcd6acb5749594ac0af9e9a7cc3840fa449797a3a640dc697d56f3174c2d74fb3c0f7797953f61dca99a5affa8c8c66537d539ade7816dc390886cf340e56f9c0e7a4d6e7228f880fdd220ec6574c987caae59d728ce86373c01e9a08af3e00000000000000000000000000000000dbbfab15d2e0e5742b404585d10708fcae0575d0f1734c95565bd3230d1edb7d453a7ab5a4eeb8122f279a2c5cba22f82891f612846e7e2c35223baf"], 0x124) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r6 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x1, 0x2) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r6, 0x4008941a, &(0x7f00000001c0)=0x2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r3, 0x0, 0x4f0a, 0x0) 13:27:09 executing program 5: getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x93}, &(0x7f0000000040)=0x8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fcntl$setsig(r0, 0xa, 0x2e) [ 1257.537714] 0 pages cma reserved [ 1257.683379] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1257.690152] syz-executor.2: [ 1257.702307] syz-executor.5: [ 1257.711579] syz-executor.3: [ 1257.719634] page allocation failure: order:0 13:27:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) r3 = fork() perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x1f, 0x8, 0x15, 0x4, 0x0, 0x5, 0x200, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000080), 0xc}, 0x2504, 0x6, 0x8, 0x5, 0x3f, 0x100, 0x3}, r3, 0x4, r1, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1257.723050] page allocation failure: order:0 [ 1257.730715] page allocation failure: order:0 [ 1257.739084] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1257.746699] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1257.752660] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1257.752685] CPU: 0 PID: 7852 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1257.771772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1257.772840] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1257.781363] Call Trace: [ 1257.781382] dump_stack+0x1b2/0x281 [ 1257.781398] warn_alloc.cold+0x96/0x1cc [ 1257.781417] ? zone_watermark_ok_safe+0x220/0x220 [ 1257.781437] ? wait_for_completion_io+0x10/0x10 [ 1257.781450] __alloc_pages_nodemask+0x2127/0x2720 [ 1257.781473] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1257.781483] ? perf_trace_lock+0xf7/0x490 [ 1257.781492] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1257.781512] ? do_raw_spin_unlock+0x164/0x220 [ 1257.781526] alloc_pages_current+0x155/0x260 [ 1257.790140] (null) [ 1257.790227] kvm_mmu_create+0xda/0x1d0 [ 1257.802251] syz-executor.2 cpuset= [ 1257.802880] kvm_arch_vcpu_init+0x282/0x890 [ 1257.802892] ? alloc_pages_current+0x15d/0x260 [ 1257.802906] kvm_vcpu_init+0x26d/0x360 [ 1257.802920] vmx_create_vcpu+0xef/0x29d0 [ 1257.802935] ? __mutex_unlock_slowpath+0x75/0x770 [ 1257.802947] ? drop_futex_key_refs+0x2e/0xa0 [ 1257.812598] / [ 1257.812710] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1257.822288] (null) [ 1257.826626] kvm_vm_ioctl+0x4ca/0x13e0 [ 1257.826644] ? kvm_vcpu_release+0xa0/0xa0 [ 1257.826668] ? check_preemption_disabled+0x35/0x240 [ 1257.826680] ? perf_trace_lock+0xf7/0x490 [ 1257.826690] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1257.826702] ? perf_trace_lock_acquire+0x510/0x510 [ 1257.826713] ? kvm_vcpu_release+0xa0/0xa0 [ 1257.826725] do_vfs_ioctl+0x75a/0xff0 [ 1257.826737] ? ioctl_preallocate+0x1a0/0x1a0 [ 1257.826745] ? lock_downgrade+0x740/0x740 [ 1257.826759] ? __fget+0x225/0x360 [ 1257.835325] (null) [ 1257.835811] ? do_vfs_ioctl+0xff0/0xff0 [ 1257.835821] ? security_file_ioctl+0x83/0xb0 [ 1257.835831] SyS_ioctl+0x7f/0xb0 [ 1257.835840] ? do_vfs_ioctl+0xff0/0xff0 [ 1257.835851] do_syscall_64+0x1d5/0x640 [ 1257.835869] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1257.835877] RIP: 0033:0x465f69 [ 1257.835882] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1257.835891] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1257.835896] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1257.835901] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1257.835906] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1257.835912] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1258.003551] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 1258.008999] mems_allowed=0-1 [ 1258.012143] CPU: 1 PID: 7856 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1258.019950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.029575] Call Trace: [ 1258.032181] dump_stack+0x1b2/0x281 [ 1258.035830] warn_alloc.cold+0x96/0x1cc [ 1258.039821] ? zone_watermark_ok_safe+0x220/0x220 [ 1258.044687] ? wait_for_completion_io+0x10/0x10 [ 1258.049379] __alloc_pages_nodemask+0x2127/0x2720 [ 1258.054257] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.059120] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.063991] alloc_pages_current+0x155/0x260 [ 1258.068413] kvm_mmu_create+0xda/0x1d0 [ 1258.072460] kvm_arch_vcpu_init+0x282/0x890 [ 1258.076790] ? alloc_pages_current+0x15d/0x260 [ 1258.081386] kvm_vcpu_init+0x26d/0x360 [ 1258.085290] vmx_create_vcpu+0xef/0x29d0 [ 1258.086224] warn_alloc_show_mem: 1 callbacks suppressed [ 1258.086288] Mem-Info: [ 1258.089449] ? __mutex_unlock_slowpath+0x75/0x770 [ 1258.089462] ? drop_futex_key_refs+0x2e/0xa0 [ 1258.089474] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1258.089486] ? __lock_acquire+0x5fc/0x3f20 [ 1258.089499] kvm_vm_ioctl+0x4ca/0x13e0 [ 1258.089513] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.089525] ? perf_trace_lock+0xf7/0x490 [ 1258.089537] ? perf_trace_lock_acquire+0x510/0x510 [ 1258.121346] active_anon:841348 inactive_anon:18063 isolated_anon:0 [ 1258.121346] active_file:9488 inactive_file:33867 isolated_file:0 [ 1258.121346] unevictable:0 dirty:359 writeback:0 unstable:0 [ 1258.121346] slab_reclaimable:16199 slab_unreclaimable:196012 [ 1258.121346] mapped:62437 shmem:8996 pagetables:17832 bounce:0 [ 1258.121346] free:491080 free_pcp:222 free_cma:0 [ 1258.123000] ? check_preemption_disabled+0x35/0x240 [ 1258.123010] ? check_preemption_disabled+0x35/0x240 [ 1258.123024] ? perf_trace_lock+0xf7/0x490 [ 1258.123034] ? finish_task_switch+0x178/0x610 [ 1258.123048] ? perf_trace_lock_acquire+0x510/0x510 [ 1258.123058] ? lock_downgrade+0x740/0x740 [ 1258.123069] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.123079] do_vfs_ioctl+0x75a/0xff0 [ 1258.135025] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1258.166387] ? ioctl_preallocate+0x1a0/0x1a0 [ 1258.166398] ? lock_downgrade+0x740/0x740 [ 1258.166413] ? __fget+0x225/0x360 [ 1258.166424] ? do_vfs_ioctl+0xff0/0xff0 [ 1258.166436] ? security_file_ioctl+0x83/0xb0 [ 1258.166447] SyS_ioctl+0x7f/0xb0 [ 1258.166455] ? do_vfs_ioctl+0xff0/0xff0 [ 1258.166466] do_syscall_64+0x1d5/0x640 [ 1258.166483] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1258.166492] RIP: 0033:0x465f69 [ 1258.166497] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1258.166507] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1258.166512] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1258.166517] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1258.166523] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1258.166529] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1258.168150] CPU: 1 PID: 7853 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1258.287185] Node 1 active_anon:1256332kB inactive_anon:53480kB active_file:37948kB inactive_file:135464kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32748kB dirty:1436kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1258.293910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.293915] Call Trace: [ 1258.293933] dump_stack+0x1b2/0x281 [ 1258.293948] warn_alloc.cold+0x96/0x1cc [ 1258.293961] ? zone_watermark_ok_safe+0x220/0x220 [ 1258.293983] ? wait_for_completion_io+0x10/0x10 [ 1258.293998] __alloc_pages_nodemask+0x2127/0x2720 [ 1258.294025] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.325906] Node 0 [ 1258.352313] ? perf_trace_lock+0xf7/0x490 [ 1258.352327] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.352355] ? do_raw_spin_unlock+0x164/0x220 [ 1258.352369] alloc_pages_current+0x155/0x260 [ 1258.352386] kvm_mmu_create+0xda/0x1d0 [ 1258.352397] kvm_arch_vcpu_init+0x282/0x890 [ 1258.352405] ? alloc_pages_current+0x15d/0x260 [ 1258.352419] kvm_vcpu_init+0x26d/0x360 [ 1258.352432] vmx_create_vcpu+0xef/0x29d0 [ 1258.352447] ? __mutex_unlock_slowpath+0x75/0x770 [ 1258.416060] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1258.417148] ? drop_futex_key_refs+0x2e/0xa0 [ 1258.417168] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1258.417181] ? get_futex_key+0x1160/0x1160 [ 1258.417194] kvm_vm_ioctl+0x4ca/0x13e0 [ 1258.417209] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.417230] ? check_preemption_disabled+0x35/0x240 [ 1258.423368] lowmem_reserve[]: [ 1258.426562] ? perf_trace_lock+0xf7/0x490 [ 1258.426576] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1258.426588] ? perf_trace_lock_acquire+0x510/0x510 [ 1258.426619] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.426632] do_vfs_ioctl+0x75a/0xff0 [ 1258.426646] ? ioctl_preallocate+0x1a0/0x1a0 [ 1258.426654] ? lock_downgrade+0x740/0x740 [ 1258.426668] ? __fget+0x225/0x360 [ 1258.426677] ? do_vfs_ioctl+0xff0/0xff0 13:27:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x200000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904230eb99b0000000000000100c100000108000200000000000002800500010000000000242002801400018008000100ac14140008000200ac1e00010c00028005000100"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1258.426687] ? security_file_ioctl+0x83/0xb0 [ 1258.426697] SyS_ioctl+0x7f/0xb0 [ 1258.444739] 0 [ 1258.465948] ? do_vfs_ioctl+0xff0/0xff0 [ 1258.465963] do_syscall_64+0x1d5/0x640 [ 1258.465983] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1258.465991] RIP: 0033:0x465f69 [ 1258.465996] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1258.466007] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1258.466012] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1258.466018] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1258.466024] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1258.466030] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1258.467968] syz-executor.3 cpuset= [ 1258.551503] 2717 [ 1258.567812] / mems_allowed=0-1 [ 1258.567842] CPU: 1 PID: 7850 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1258.567847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.567850] Call Trace: [ 1258.567863] dump_stack+0x1b2/0x281 13:27:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x70, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f0000000300)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x3, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f00000004c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=r6, @ANYBLOB="ae0c44e5892bccb9943f5a591682a3cb50718a10a0563d35a55ab8bad4d685"]) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f00000002c0)={r6}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) r8 = socket$unix(0x1, 0x3, 0x0) epoll_ctl$EPOLL_CTL_DEL(r7, 0x2, r8) ioctl$BTRFS_IOC_INO_LOOKUP(r3, 0xd0009412, &(0x7f0000000280)={r6, 0x7}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1258.567876] warn_alloc.cold+0x96/0x1cc [ 1258.567888] ? zone_watermark_ok_safe+0x220/0x220 [ 1258.567905] ? wait_for_completion_io+0x10/0x10 [ 1258.567916] __alloc_pages_nodemask+0x2127/0x2720 [ 1258.567936] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.567943] ? perf_trace_lock+0xf7/0x490 [ 1258.567952] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.567970] ? do_raw_spin_unlock+0x164/0x220 [ 1258.567981] alloc_pages_current+0x155/0x260 [ 1258.567993] kvm_mmu_create+0xda/0x1d0 [ 1258.568002] kvm_arch_vcpu_init+0x282/0x890 [ 1258.568008] ? alloc_pages_current+0x15d/0x260 [ 1258.568021] kvm_vcpu_init+0x26d/0x360 [ 1258.568033] vmx_create_vcpu+0xef/0x29d0 [ 1258.568044] ? __mutex_unlock_slowpath+0x75/0x770 [ 1258.568050] ? perf_trace_lock+0xf7/0x490 [ 1258.568060] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1258.568071] ? check_preemption_disabled+0x35/0x240 [ 1258.568081] kvm_vm_ioctl+0x4ca/0x13e0 [ 1258.568091] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.568103] ? _raw_spin_unlock_irq+0x24/0x80 [ 1258.568112] ? trace_hardirqs_on_caller+0x3a8/0x580 13:27:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 13:27:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x8400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800800000000) [ 1258.568120] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1258.568128] ? finish_task_switch+0x178/0x610 [ 1258.568136] ? check_preemption_disabled+0x35/0x240 [ 1258.568145] ? perf_trace_lock+0xf7/0x490 [ 1258.568153] ? __schedule+0x893/0x1de0 [ 1258.568163] ? perf_trace_lock_acquire+0x510/0x510 [ 1258.568172] ? retint_kernel+0x2d/0x2d [ 1258.568180] ? kvm_vcpu_release+0xa0/0xa0 [ 1258.568190] do_vfs_ioctl+0x75a/0xff0 [ 1258.568200] ? ioctl_preallocate+0x1a0/0x1a0 [ 1258.568207] ? lock_downgrade+0x740/0x740 [ 1258.568219] ? __fget+0x225/0x360 [ 1258.568227] ? do_vfs_ioctl+0xff0/0xff0 [ 1258.568236] ? security_file_ioctl+0x83/0xb0 [ 1258.568245] SyS_ioctl+0x7f/0xb0 [ 1258.568252] ? do_vfs_ioctl+0xff0/0xff0 [ 1258.568262] do_syscall_64+0x1d5/0x640 [ 1258.568275] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1258.568282] RIP: 0033:0x465f69 [ 1258.568286] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1258.568295] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1258.568300] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1258.568305] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1258.568310] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1258.568314] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1258.673418] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1258.783132] 2718 2718 2718 [ 1258.882867] Node 0 DMA32 free:28488kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:104kB local_pcp:40kB free_cma:0kB [ 1258.923214] lowmem_reserve[]: 0 0 0 0 0 13:27:10 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="ba400066b80000000066ef660f3a22894f0057f30fb8b43d000f320f20e06635100000000f22e066b88000c0fe0f23c00f21f8663502000d000f23f80f01df660fdbc90f01caba210066ed", 0x4b}], 0x1, 0x0, &(0x7f00000000c0), 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) [ 1258.937599] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 13:27:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x434000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:10 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x280000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1259.075202] lowmem_reserve[]: 0 0 0 0 0 13:27:10 executing program 5 (fault-call:14 fault-nth:0): openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1259.100107] Node 1 Normal free:1924620kB min:53696kB low:67120kB high:80544kB active_anon:1256276kB inactive_anon:53480kB active_file:37952kB inactive_file:135536kB unevictable:0kB writepending:1800kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16416kB pagetables:40008kB bounce:0kB free_pcp:968kB local_pcp:572kB free_cma:0kB 13:27:10 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f0000000040)={0x3, [0x0, 0x0, 0x0]}) 13:27:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xfff, 0x1) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000040)="660f383f56f50fc7af000001000f0666baf80cb850750188ef66bafc0c66edc4e265b8687edcd70fc79e030000003e2e0f79b7010000003e660f38028d35000000f4", 0x42}], 0x1, 0x20, &(0x7f0000000100)=[@cr0={0x0, 0x40000000}], 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) [ 1259.238956] FAULT_INJECTION: forcing a failure. [ 1259.238956] name failslab, interval 1, probability 0, space 0, times 0 [ 1259.273489] CPU: 1 PID: 7954 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1259.281331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1259.284230] lowmem_reserve[]: [ 1259.290734] Call Trace: [ 1259.296991] dump_stack+0x1b2/0x281 [ 1259.300634] should_fail.cold+0x10a/0x149 [ 1259.303309] 0 [ 1259.304921] should_failslab+0xd6/0x130 [ 1259.304937] __kmalloc+0x2c1/0x400 [ 1259.310142] 0 [ 1259.310731] ? ext4_find_extent+0x879/0xbc0 [ 1259.320399] ext4_find_extent+0x879/0xbc0 [ 1259.322703] 0 [ 1259.324698] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1259.324712] ext4_ext_map_blocks+0x19a/0x6b10 [ 1259.324724] ? __lock_acquire+0x5fc/0x3f20 [ 1259.339837] 0 0 [ 1259.340767] ? __lock_acquire+0x5fc/0x3f20 [ 1259.340775] Node 0 [ 1259.342833] ? preempt_count_add+0xaf/0x170 [ 1259.342847] ? check_preemption_disabled+0x35/0x240 [ 1259.342862] ? perf_trace_lock+0xf7/0x490 [ 1259.363061] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1259.366032] DMA: [ 1259.368265] ? trace_hardirqs_on+0x10/0x10 [ 1259.368277] ? perf_trace_lock_acquire+0x510/0x510 [ 1259.368288] ? __lock_acquire+0x5fc/0x3f20 [ 1259.371354] 33*4kB [ 1259.374799] ? ext4_es_lookup_extent+0x321/0xac0 [ 1259.374814] ? lock_acquire+0x170/0x3f0 [ 1259.374831] ? lock_acquire+0x170/0x3f0 [ 1259.383238] (UM) [ 1259.383992] ? ext4_map_blocks+0x29f/0x1730 [ 1259.387364] 2*8kB [ 1259.391056] ext4_map_blocks+0xb19/0x1730 [ 1259.391073] ? ext4_issue_zeroout+0x150/0x150 [ 1259.391089] ? __ext4_journal_start_sb+0x105/0x3b0 [ 1259.395114] (UM) [ 1259.399014] ? ext4_alloc_file_blocks.isra.0+0x223/0x840 [ 1259.399027] ext4_alloc_file_blocks.isra.0+0x24e/0x840 [ 1259.399039] ? trace_hardirqs_on+0x10/0x10 [ 1259.399054] ? check_eofblocks_fl.part.0+0x2f0/0x2f0 [ 1259.399063] ? lock_acquire+0x170/0x3f0 [ 1259.399081] ext4_fallocate+0x713/0x1d80 [ 1259.405500] 4*16kB [ 1259.405727] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1259.407967] (UM) [ 1259.412011] ? ext4_insert_range+0x1340/0x1340 [ 1259.412023] vfs_fallocate+0x346/0x790 [ 1259.412037] SyS_fallocate+0x4a/0x80 [ 1259.416611] 4*32kB [ 1259.421443] ? compat_SyS_ftruncate+0x20/0x20 [ 1259.421457] do_syscall_64+0x1d5/0x640 [ 1259.421473] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1259.421482] RIP: 0033:0x465f69 [ 1259.423593] (U) [ 1259.428977] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1259.428987] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1259.428993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1259.428998] RBP: 00007fa37679e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1259.429004] R10: 0000000010000101 R11: 0000000000000246 R12: 0000000000000001 [ 1259.429010] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1259.562608] 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1259.592954] Node 0 DMA32: 962*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28592kB [ 1259.633071] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1259.654025] Node 1 Normal: 80*4kB (UME) 146*8kB (UE) 196*16kB (UM) 67*32kB (UME) 19*64kB (U) 213*128kB (UME) 281*256kB (M) 118*512kB (M) 34*1024kB (UM) 15*2048kB (UME) 413*4096kB (M) = 1924784kB [ 1259.676916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1259.687241] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1259.698486] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1259.722190] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB 13:27:11 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x410200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 13:27:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control\x00', 0x222241, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_DELOBJ={0x64, 0x14, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xff8b}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}]}, @NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0xc, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_DELOBJ={0x40, 0x14, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x114}, 0x1, 0x0, 0x0, 0x8000}, 0x48000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000c, 0x100010, r1, 0x3488e000) 13:27:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_config_ext={0x1ff, 0x3}, 0x40010, 0xd64, 0x2, 0x9, 0x7, 0x0, 0x200}, 0xffffffffffffffff, 0x8, r2, 0xc) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:11 executing program 5 (fault-call:14 fault-nth:1): openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1259.732681] 26476 total pagecache pages [ 1259.738023] 0 pages in swap cache [ 1259.741836] Swap cache stats: add 0, delete 0, find 0/0 [ 1259.748436] Free swap = 0kB [ 1259.751557] Total swap = 0kB [ 1259.754963] 2097051 pages RAM [ 1259.760625] 0 pages HighMem/MovableOnly [ 1259.764696] 363840 pages reserved [ 1259.777665] 0 pages cma reserved [ 1259.926372] FAULT_INJECTION: forcing a failure. [ 1259.926372] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1259.930421] warn_alloc: 3 callbacks suppressed [ 1259.930426] syz-executor.2: [ 1259.938600] CPU: 1 PID: 8008 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1259.938607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1259.938611] Call Trace: [ 1259.938629] dump_stack+0x1b2/0x281 [ 1259.938645] should_fail.cold+0x10a/0x149 [ 1259.938662] __alloc_pages_nodemask+0x22c/0x2720 [ 1259.938678] ? static_obj+0x50/0x50 [ 1259.938691] ? is_bpf_text_address+0xb8/0x150 [ 1259.938701] ? kernel_text_address+0xbd/0xf0 [ 1259.938716] ? __lock_acquire+0x5fc/0x3f20 [ 1259.938729] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1259.938740] ? static_obj+0x50/0x50 [ 1259.938754] ? __lock_acquire+0x5fc/0x3f20 [ 1259.938767] ? __lock_acquire+0x5fc/0x3f20 [ 1259.938781] cache_grow_begin+0x91/0x630 [ 1259.938791] ? ima_match_policy+0x833/0x10e0 [ 1259.938801] ? check_preemption_disabled+0x35/0x240 [ 1259.938815] cache_alloc_refill+0x273/0x350 [ 1259.938830] __kmalloc+0x378/0x400 [ 1259.938840] ? ext4_find_extent+0x879/0xbc0 [ 1259.938851] ext4_find_extent+0x879/0xbc0 [ 1259.938865] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1259.938875] ext4_ext_map_blocks+0x19a/0x6b10 [ 1259.938886] ? __lock_acquire+0x5fc/0x3f20 [ 1259.995916] page allocation failure: order:0 [ 1259.996473] ? __lock_acquire+0x5fc/0x3f20 [ 1259.996489] ? preempt_count_add+0xaf/0x170 [ 1259.996502] ? check_preemption_disabled+0x35/0x240 13:27:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1259.996514] ? perf_trace_lock+0xf7/0x490 [ 1260.024069] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1260.027437] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1260.027449] ? trace_hardirqs_on+0x10/0x10 [ 1260.027460] ? perf_trace_lock_acquire+0x510/0x510 [ 1260.027472] ? __lock_acquire+0x5fc/0x3f20 [ 1260.027483] ? ext4_es_lookup_extent+0x321/0xac0 [ 1260.027496] ? lock_acquire+0x170/0x3f0 [ 1260.027509] ? lock_acquire+0x170/0x3f0 [ 1260.027521] ? ext4_map_blocks+0x29f/0x1730 [ 1260.044353] (null) [ 1260.050041] ext4_map_blocks+0xb19/0x1730 [ 1260.050060] ? ext4_issue_zeroout+0x150/0x150 [ 1260.050078] ? __ext4_journal_start_sb+0x105/0x3b0 [ 1260.050087] ? ext4_alloc_file_blocks.isra.0+0x223/0x840 [ 1260.050100] ext4_alloc_file_blocks.isra.0+0x24e/0x840 [ 1260.050110] ? trace_hardirqs_on+0x10/0x10 [ 1260.050125] ? check_eofblocks_fl.part.0+0x2f0/0x2f0 [ 1260.073776] syz-executor.2 cpuset= [ 1260.077063] ? lock_acquire+0x170/0x3f0 [ 1260.077085] ext4_fallocate+0x713/0x1d80 [ 1260.077101] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1260.077114] ? ext4_insert_range+0x1340/0x1340 [ 1260.077125] vfs_fallocate+0x346/0x790 [ 1260.077138] SyS_fallocate+0x4a/0x80 [ 1260.077145] ? compat_SyS_ftruncate+0x20/0x20 [ 1260.077157] do_syscall_64+0x1d5/0x640 [ 1260.089941] / [ 1260.092827] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1260.106351] mems_allowed=0-1 [ 1260.110949] RIP: 0033:0x465f69 [ 1260.110955] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1260.110967] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1260.110973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1260.110979] RBP: 00007fa37679e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1260.110985] R10: 0000000010000101 R11: 0000000000000246 R12: 0000000000000001 [ 1260.110991] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1260.122275] syz-executor.3: [ 1260.166917] CPU: 0 PID: 8019 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1260.170694] page allocation failure: order:0 [ 1260.171793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1260.171797] Call Trace: [ 1260.171813] dump_stack+0x1b2/0x281 [ 1260.171828] warn_alloc.cold+0x96/0x1cc [ 1260.177485] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1260.181968] ? zone_watermark_ok_safe+0x220/0x220 [ 1260.181992] ? wait_for_completion_io+0x10/0x10 [ 1260.189535] (null) [ 1260.189590] __alloc_pages_nodemask+0x2127/0x2720 [ 1260.194277] syz-executor.3 cpuset= [ 1260.198181] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.198191] ? perf_trace_lock+0xf7/0x490 [ 1260.198203] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.203128] / [ 1260.205189] ? do_raw_spin_unlock+0x164/0x220 [ 1260.209295] mems_allowed=0-1 [ 1260.211598] alloc_pages_current+0x155/0x260 [ 1260.211614] kvm_mmu_create+0xda/0x1d0 [ 1260.211624] kvm_arch_vcpu_init+0x282/0x890 [ 1260.352647] ? alloc_pages_current+0x15d/0x260 [ 1260.357229] kvm_vcpu_init+0x26d/0x360 [ 1260.361208] vmx_create_vcpu+0xef/0x29d0 [ 1260.365267] ? __mutex_unlock_slowpath+0x75/0x770 [ 1260.370107] ? drop_futex_key_refs+0x2e/0xa0 [ 1260.374512] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1260.378572] ? get_futex_key+0x1160/0x1160 [ 1260.382976] kvm_vm_ioctl+0x4ca/0x13e0 [ 1260.386896] ? kvm_vcpu_release+0xa0/0xa0 [ 1260.391099] ? __might_fault+0x104/0x1b0 [ 1260.395272] ? check_preemption_disabled+0x35/0x240 [ 1260.400285] ? perf_trace_lock+0xf7/0x490 [ 1260.404430] ? perf_trace_lock_acquire+0x510/0x510 [ 1260.409355] ? __might_fault+0x177/0x1b0 [ 1260.413417] ? _copy_from_user+0x96/0x100 [ 1260.417560] ? kvm_vcpu_release+0xa0/0xa0 [ 1260.421702] do_vfs_ioctl+0x75a/0xff0 [ 1260.425504] ? ioctl_preallocate+0x1a0/0x1a0 [ 1260.429915] ? lock_downgrade+0x740/0x740 [ 1260.434063] ? __fget+0x225/0x360 [ 1260.437512] ? do_vfs_ioctl+0xff0/0xff0 [ 1260.441483] ? security_file_ioctl+0x83/0xb0 [ 1260.445897] SyS_ioctl+0x7f/0xb0 [ 1260.449359] ? do_vfs_ioctl+0xff0/0xff0 [ 1260.453336] do_syscall_64+0x1d5/0x640 [ 1260.457227] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1260.462428] RIP: 0033:0x465f69 [ 1260.465768] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1260.473478] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1260.480750] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1260.488013] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1260.495317] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1260.502597] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1260.509971] CPU: 1 PID: 8013 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1260.517875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1260.527223] Call Trace: [ 1260.529807] dump_stack+0x1b2/0x281 [ 1260.533517] warn_alloc.cold+0x96/0x1cc [ 1260.537693] ? zone_watermark_ok_safe+0x220/0x220 [ 1260.542544] ? wait_for_completion_io+0x10/0x10 [ 1260.547264] __alloc_pages_nodemask+0x2127/0x2720 [ 1260.552161] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.556999] ? perf_trace_lock+0xf7/0x490 [ 1260.561150] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.565997] ? do_raw_spin_unlock+0x164/0x220 [ 1260.570492] alloc_pages_current+0x155/0x260 [ 1260.574902] kvm_mmu_create+0xda/0x1d0 [ 1260.578792] kvm_arch_vcpu_init+0x282/0x890 [ 1260.583153] ? alloc_pages_current+0x15d/0x260 [ 1260.587734] kvm_vcpu_init+0x26d/0x360 [ 1260.591622] vmx_create_vcpu+0xef/0x29d0 [ 1260.595786] ? __mutex_unlock_slowpath+0x75/0x770 [ 1260.600764] ? drop_futex_key_refs+0x2e/0xa0 [ 1260.605247] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1260.609306] ? get_futex_key+0x1160/0x1160 [ 1260.613552] kvm_vm_ioctl+0x4ca/0x13e0 [ 1260.617443] ? kvm_vcpu_release+0xa0/0xa0 [ 1260.621598] ? check_preemption_disabled+0x35/0x240 [ 1260.626734] ? perf_trace_lock+0xf7/0x490 [ 1260.630881] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1260.636035] ? perf_trace_lock_acquire+0x510/0x510 [ 1260.640964] ? kvm_vcpu_release+0xa0/0xa0 [ 1260.645108] do_vfs_ioctl+0x75a/0xff0 [ 1260.648996] ? ioctl_preallocate+0x1a0/0x1a0 [ 1260.653398] ? lock_downgrade+0x740/0x740 [ 1260.657548] ? __fget+0x225/0x360 [ 1260.660997] ? do_vfs_ioctl+0xff0/0xff0 [ 1260.664973] ? security_file_ioctl+0x83/0xb0 [ 1260.669387] SyS_ioctl+0x7f/0xb0 [ 1260.672881] ? do_vfs_ioctl+0xff0/0xff0 [ 1260.676854] do_syscall_64+0x1d5/0x640 [ 1260.680832] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1260.686016] RIP: 0033:0x465f69 [ 1260.689202] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1260.697042] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1260.704307] RDX: 0000000000000002 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1260.711569] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1260.718879] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:27:12 executing program 1: ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x4008af23, &(0x7f0000000080)={0x1, 0x7f}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000040)="2c78eb90a92423b620e81f7363313f8aaf1e2190d9d7cb7ebaf6", 0x1a) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x3) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000240)={{0x2, 0x4e23, @private=0xa010101}, {0x306, @remote}, 0x8, {0x2, 0x4e21, @local}, 'nr0\x00'}) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1260.726266] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 13:27:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000008c9dcd97a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000004600000000000000000000000000000000000000000000000000000000200000000000000c0015000000000003000000"], 0xc4}}, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f0000000340)={{[], 0x2}, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)="e3b088a5de4147ae1aeaeb6135f97183133cf0def7ebff1497bf3c29f3010aeece2b8fdffbd0871a83751f72a607b9840c66491485414ca78d2fe4dca3ac6ca178114d2da1543ab0c42a6e15287c3d9db85166921d82853d8eba435a8ccaede07a62e5d2763d78caff2793cbff0a1d54cd79b722b47e130404285f0f141f7fdc0764161b82298a04f05acce0b5fc20994c0efb1c6837337630b541780aee209348ce55cfd5388c41ce3cab0bbec42bdfec29e1761381330468330dd856919c4fcd6bafe2d2ab51189abd566cad75a2a45d9e2e2b37ef2d7fb30b763e9139", 0xde, 0x0, &(0x7f00000001c0)={0x2, 0x142, {0x1, 0xc, 0xf8, "6ed74f5cff13984f458d172d439489f172fd28da39b4658f146710f95c459b82fddd1a91f2e0259f4613f6e1dcf1255b431b2309bd689c51662f40a418b200e68cd2abb0ad24e00e15b1d72df597e9834522ce0423869cfecdd6d9a737e9738f2bf733a284515269fbd680c2286a4a6e6b1386026ca7ba1a0f3adfc13b66d6d47daf4712af3865f750af73de1b73b931b3f7f41bd5b8c1cd78624153df53b7d4ac2a2e4950d07682473bd7664c49f358c805a531b29ab99a8796d8264eb48cca58716ac6e15a44b786527b46364b8638fbc6869892e6806836cefd80b19af604b89cd64523d747dbb9173437bfe856706fe94f92ccef68ca", 0x3d, "ab96a490cd6ea7a5acb11714dc18c40fe7663a6508deeb2bd4fc9f3b814e1996e895983af2b6a008cc7cd6d1cd5ad1e22388c049d23b68835cae5feda6"}, 0x31, "8fa9d197fc1b5524ef4e79efd0181af48b3952230ac993f2b55e316a1166b7f7f544e5e1da19039788ab9f7f916077b6b5"}, 0x17f}) ioctl$sock_proto_private(r1, 0x89e5, &(0x7f0000000840)="3b4d62fe85160367f643023be9af099166b3787fcf2c33ad8469f6b62d6227d90246383940c263e7a5aa1c0faef4576505024d7f68f914fbe5986fb71404049b5aeae6872a6e4154fcf51360c607c916729cceaee391e181d782865d999a03c53e5baf44999d970edf774bee7d5cb8ff0d1f3bc66149143114bc6e1454d10cf6528cd7208209fda4a943542ccc29ec5f223d7ddd39f3e551872483d41246278eea55fead0701086e8e276f2884e566a5a29873b31e95718e24c67e58c52d1ee700679f73892d13f91c94c2c9d1e1cf225bcf2a2b14f8f594e1d675abdbdfe402386a41125e440261ab440e2388796acb8b01c062e554e52075dec7af9b520f9d97d84f9b2b5b763e8351c212ade46c97ea56706cbbeeb355cd2684a7549bb0f01d395e292cf30c41c3354024acc44bab1f24153d5cc65e61b57b84c3469767e690fc35ef04b94b7ef6bb1831e07f4f73066d71e9f3d2285b6337d4d59c2cdd9d9421e4e15e1cf6d8d186f664780c533578364fcb1a525e658642b99eced0148dab374d841631c097784f94d5609ec464bf573209d31cc2982b3f1b7b7b80b6b6b793a844bf93379dd7da9fc90a5ecd6089b1db973fee8170a55d24efd91edb6a5e3e6eb8d7f5dd4d483cfbb617ae848e57eab632407895de445a40586d61ae3eca007cdc4328d50d58f0bddce540e8c3ed633f3eb199c5517b422da4bbc26c206b93ce3c39b6223ff258015070e4254b051b35fdfb1902cc7013fa93aaa9ffc1bbdaa5e95b8c07ce49595fd6cb5e6543e2d3978f933e5ac438b87a260586dd4f42a7d0b5bcee27d6186bba91376131631b9a35b040a3f68949278b0a781c268ac0696bf600f73a1f9f6672bd84a5bd44510da0b40d92c97a41c83d23c6a0e6567cb06f8f8d7d3a030fa252679325351a8ff8b7b67d2b2da52fe807a8d965391f4ea6de5c771571bf8d3fa0e2824497285386428bd5a0150f205d3739640e230cbb39f57534d7fc61e8f04ba14c911ee98a9905d001eb27f109b650508723a4d61b2f0a383c3e1d3e2199870c825ac0d17c47deb5cf29795c31dcc5d0230dcfd218ec104740ba085378ea6ab18922670eb9df47ecd2aa45460571b1c77d8ecc26b3a58fbe2b0f131f6032dccb7579cc5a91e606b9e25120e8a4bf043ab6b0619eae24e5f5d4969f050847dc029f6f526951020ab609a20f9db5df1a55e447fec83c6a35610cb6e179db0c3a38efe4b411e131d527e5b34c0846240dc7593595db7daf37cda81ad38caf82eceae7124c057b92eecb56ecdfef7f946699fffb0cc617c5e8bb70c8a92460481ae72828d8408cbf8fd22fa071d5f761143c0e60e22b4a3867a1a7cb78e69516c1af45b8449c420a0410c7933c83a4a18f1972611fc921d81d1b01c183a0419d8cb0ee4c88642e4d38de55ffd6497e3d14028d38107865248b9d4906c65136d1a6d02ff16d5983f4835035c22aaeb09dda43d0658cc54d28971fe2b0f78d820027c976011c231069d8cf37c1ed5779a08b4a2d23b7965b0dc249e2b75e79d9629cea7b9e734f01ee63978f99e81b4835eb97c40b90befd1f3f436c2be101f6b72f8a39099304e47168317a0e82518dd5a0e4e2eea570ec861b31b4ec819661a5fad825bf7978ae153fcb0b02de0c452aa8f171c5628fad4c47abba7ec2f75a3a269efb305e27604d76295e6652f34cec5392044eb299a9f8b68fc96ac0103b691f99e2cca43339ebec75337145baafd33988502b0ec14db29a928e01974c26f709233fa87cafc2d88e9b462f67b28848466516286cd60a0daab0f3c6bf63891e1f9646246164fea7b0603d5e15e6ae6e0b0ade52fd28927969b8273223129efc3f27d5ee4e175e52f8990a0aa10144d350afed1bd838531ba2140e54ff0ef000ac0ea4edf434de39c392725c1490559e32bff74a708c3b1235a35198ed6105b2e774ba2b1a499d440c12edb172e773a87ead19062f46a9733093408e2de38469a1155eaf483657f240fd82d4d4265666e0b088875d279d940b1461ab08e753212c4861c32eb391b702514dc91c77d775900ae5faf99a9195ae82e040e02dff86254276b96093ca7f209b4215730634493178ce78a722e370b9948f07fef53c9bbe219a9d318a533b7ef17e6df116e18c90091e4b6e9374ab93fe64f053c7faa3306e8dee69f89699dfda50649cb6c59d5b2df62950ac9c6649582bb644abfc701e50c223ef40329789314b64b6c8b42e16b289f5b86fef7c6efa5a8daae29ed0843ffc757f06858bf9f813e59e7e4c05033946b566595869d70c9839ad4b62fb6e61b164a3f380bf626b667c469dfee0f6b8d947f167713463eec2e53ff5e89b71f5ae352940b0824367542ee5a7830fb4ce381645a344193c23b5e14eae88f2515b4efcd65e16002b9aad4ac6501d3fb9f054f2812cd2d1fb6e7d2eca122e0700ca1479fedd0cfac7299163916d039f6a07301c294c1ae5b0d488c4acd4ab2f21573847f05537233bc4976d13441fe58d2fe7fc2cdfd69be6386f41644b51072a8b397d72cee0ebd4f264b6e3a0b44d3535bd408812f14d29a8441075d720e5373ef99b5c899789db7cc97170f37f36f86e7cd1e43cf2cd291732e2b1dcbfbe51555a05a47a477e17b529c140332be5359a68684c8914303bedbfd249279d6b9b495ea819640108ca156aae1f5cb96d064db4ae8d366dea788a9e898fe59a3e08cca6285e50ba6acd6ef964e683c8394a5e10876e7c5b529651bc543cd6a8301e58bc2d4a24dd07abaf7fca72a34cbbb248a5bf8812704ca47d329aabcc0204b4731c6f3b1e71dee4e820ef153ebaadb419d044bfa8503c8e08b7bf4615d7a5b5c8b67953803f5be333a85deb023b8bdfaade956f8eea43379d709f5567664c2eeff216afbe97d8ed33018bb93cc1e1121086331804648f6db53245e4e326d990abee1dd4529111e96cbeb717aa20515d05b6a1bd3ffa511d6b83c767ad8f3d58930bae5b387770bea88523f992694fc770a0c9991825db7c7ca57d893bd65b53c389d161e223f30a8c525b890ec5f8999272ae54b6cb4a60f6cbaf591cccd7bec970a4efc0cdf71bc4ef54524313b0f091c15e974dcd286428fca34685534d7847d38f8ef408554aaa365ad289dbab6a640d2287a28eb41344e82d15d59fbb1d63ad49b309d2d3b70af97938aaadf9bc8dba0dd6ad53d5cda6ce5fe4fdd92ca2634ffa846f2a93a3e3369c66c9258b74eddefc1c979a7b7e9814f70b74f48ce62ea7b5f3858e15dde5e736ef72a6203c83e17442828f92476a62cc9ee843c1ac2689841124fe2cb8ff18c3b2e88291e1c0c81769ef3842e571316a8cc2d942a8954da7f7f5633515b4d8970c86931c6c3f90378d31d45ea92eeaea6f4b9993db01ed13987a03facde133881d3e880b90100411e452304c9c4f9dc833a9f3fc36932ecf38ec3fa6c72a683ba2d853c5463b9a55e0e18df70e4da7a030110265054a9765d9decce5de8dea3cd7726a89e7e1b01f19a2244442097d7f826ff577f5c80d278789ab58c97df2088acf42a608d2123a7f20f34a5e5694885ed2e8b5c563b6195e91172043c60ab4e3ad36238ab3eabd77e0c1c1e5603773730ff943e4301b2921f99f462afe63879b5730a7d58ced30c764d23393107f9303f2765a9359f21d93b360737b6859780a5996f7db7c6b482d61608d346fbe5ed98a8d385a98391b98a84a1b758ece1c6dc84eb9ed862bbc35e1389ad386542efe72d2c10c5f5540f5250ac192aab9a426312daba462340618fc0971af0026176c431719b77e2ed864756319b85b07b47253fa5101ed34eb0f323d5d114af2cfe93215ab5852e9f68d58524c9f9471a0329a61c9d6a614317dfeba4861830b7477aecdbd4c71b211023c962fd19565068e47688e0a687761dd52d40c4f942d4c2456a7016f797601fb4c170f0e4daae7cc7182d84786c24d672bba7c49406a513936faaf6b5e4279b27f350c6b1bba0afc4fba64a8f153a3cbafadb28b132c785c3a134e0a83d5a0399a388a3e8c89b83db0eb33e84e67c8cbe6882e1a49c83d75e385395a2b77efb858f504706a0c2428ff150126399556b23324c9b48a85da91625534e8953b1f42c4f7167fbbbd43a0a5920f44edd398c285b7522bf477588c69f2d9d22de6452a1628c270c7c3d900eed5f9d97f9697c89cb8488be9c693774c96a2e74f942be172685311eae1fe567c4f82ebe98a772862b6fb7a8a7ee1eccb2d3dcac4b9acab81f88729940c28b200ba5ece508397633389327e6f5d98af81439f223837b04e1cf99b36b8d0cf25771ced3c0ace57e28843265cb5eddbf8ced78823deeb9b2c33109809337d41c3a4bfe2901b7e5c1bd6c47816e99b3d7af1c6b02cb519da2c770877307d1bb6489ee01c211dbe54c12de596e0d315e88a2666b1969e68c55ae207ccf425feabebac070fec45e9eecf7a1adb64a8dd7f342242f9324162b64f51794fc717112031c1092ac1d6c5038314f88a27ff4ec03517ff2669370a674b23f932ba856d81b12360ce553d7614a78ba45d312f269d648d272f91139b2f4012b72ed65a06335cc5068428120bca0d190d3cd96518e070293e5be141297f9c322349a5342ea4121977d29fffcad1a8b5f3a78750ab786cc91a71ddfc29e70cc64d428e8524cfeca9d3458d572447e28b790be62887ba023b23743f26005caf35d4e3bace561f755a98ae2e370f6999e67b711c15a7f5ef91620c53432c8199b205950d7bef2984e380d018a416f62d0083580c5dca3f0defa05095971eb9a1d83cf3e48abae25a0dfead3859eccff1145e500c5e7638e1e55c736e2fbe9b6e058686f71fb2d9ceef86eaeb85e42d65fd040462f4906d5b451013ad9777fe9dbc9e3617b0b78c70214ae875d000d54dd451147c82c2e365365cbbf9cc2d2e6d9d9014c73d544e9c798f4d6826694d6265dc6cb85b349795b1faef1964314e8e042f8df796a9b98503398348b5d9ec0554854f3d1d8cbb0d05f24a008645f5e8d177646f4b2aac6741c2f3f17394f284c50ed82c54199b1c824cbb94218305b94bde8bf5c827dd3651bd0e5ec99e28bf66304e6d38b043eba3986372e8e3bbeb926ea505293d59f6aaef315dd6da90b422e484046a139fabc882a20950546413269bb910dc2df0b729dcdc5a64ef0141e4fe99a9d265b3b03195228b23f4180201ad688389a03adca1c7ed8eec8bd971327d9d6f925c2dcb959fb3a0046011a46e7535827daad80c3c6131306ceb382c82537f092d9942b3d6d2e187dd965ab855a046397a2ead8f6d464900e3bbfda98778f5bca5bd8871df73c28ecadcb99fdbb4a483ca7c66599edbbcc5de68b563878f568d4657dfd08529a2ba531c2410ff873fd4aa9f3ede6ed44888769bec818c2ea89395e98e3a8e7154078ca3d5053cf3e53332877561220775cda0ec901ec787b8f10ea8970775ad9f4f87493a5be2afd6839cddc25c637537623cb98c70de3af5f6b1a2aa23101bcc2d87bee75601657209293aff487f0e0ff92d9737f08c3282e19796302bda9e1c035ac19e3616c8b96800f1da0d49dfc4599b8d8efe7e73ca7e2b7f90cc3eae1b31bb6d258c77c88a195ebce1104b66b857b7fb8d1127c681934cbdb8c7ad8cf7c84f258d1068763709c40ff350b2840a3a73ac876f17a6aca5b0b21093ece0b478bf7e29022f0d70146f7f8c77f8c95f4773f842b7a4e016981338d7ab69b289533cdd067102bda60745d3c7001a6d9e73ba296af961") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1260.804384] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1260.814989] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 13:27:12 executing program 5 (fault-call:14 fault-nth:2): openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000080)=0x100000) perf_event_open(&(0x7f0000000100)={0x4, 0xfffffffffffffe2b, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x10780}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="580000000001010100000000000000000200000a20000180140001800800279b10a49ca8ba0e02000a0101010600034000010000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x58}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1260.907995] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1260.919169] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1260.942522] CPU: 0 PID: 8037 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1260.950502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1260.959867] Call Trace: [ 1260.962475] dump_stack+0x1b2/0x281 [ 1260.966115] warn_alloc.cold+0x96/0x1cc [ 1260.970102] ? zone_watermark_ok_safe+0x220/0x220 [ 1260.975098] ? wait_for_completion_io+0x10/0x10 [ 1260.979801] __alloc_pages_nodemask+0x2127/0x2720 [ 1260.984672] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.989523] ? perf_trace_lock+0xf7/0x490 [ 1260.991556] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1260.993675] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1260.993700] ? do_raw_spin_unlock+0x164/0x220 [ 1260.993715] alloc_pages_current+0x155/0x260 [ 1260.993730] kvm_mmu_create+0xda/0x1d0 [ 1260.993745] kvm_arch_vcpu_init+0x282/0x890 [ 1261.024328] ? alloc_pages_current+0x15d/0x260 [ 1261.029013] kvm_vcpu_init+0x26d/0x360 [ 1261.032919] vmx_create_vcpu+0xef/0x29d0 [ 1261.036999] ? __mutex_unlock_slowpath+0x75/0x770 [ 1261.042011] ? drop_futex_key_refs+0x2e/0xa0 [ 1261.046439] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1261.050513] kvm_vm_ioctl+0x4ca/0x13e0 [ 1261.054413] ? kvm_vcpu_release+0xa0/0xa0 [ 1261.058581] ? lock_acquire+0x170/0x3f0 [ 1261.062573] ? lock_downgrade+0x740/0x740 [ 1261.066733] ? check_preemption_disabled+0x35/0x240 [ 1261.071758] ? perf_trace_lock+0xf7/0x490 [ 1261.075922] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1261.083272] ? perf_trace_lock_acquire+0x510/0x510 [ 1261.088214] ? kvm_vcpu_release+0xa0/0xa0 [ 1261.092370] do_vfs_ioctl+0x75a/0xff0 [ 1261.096183] ? ioctl_preallocate+0x1a0/0x1a0 [ 1261.100604] ? lock_downgrade+0x740/0x740 [ 1261.104768] ? __fget+0x225/0x360 13:27:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c0000000001096b04000000000000000002000000240001801400018008000100e000000108000200e8b9f6ff0b0002800500200000000000090000001400018008000100ac14140008000200ac1e00010c0002801500010000000000d5a3be911fb5fddc7b46a085bde72c2ba11a0925910c2b5c925ea244abdb3244af800d53517f385f4a493fb9d6e1a3edf1acf01fd1af975f496f816139c18b310ee8089524423b076fb693c1671c024b9e168fb467e8b7014604e905a7ace075be63bbc182dea9cb4ad878e09588b3888afea9bd7d510baf4e59"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1261.108234] ? do_vfs_ioctl+0xff0/0xff0 [ 1261.112376] ? security_file_ioctl+0x83/0xb0 [ 1261.116799] SyS_ioctl+0x7f/0xb0 [ 1261.120191] ? do_vfs_ioctl+0xff0/0xff0 [ 1261.124452] do_syscall_64+0x1d5/0x640 [ 1261.128447] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1261.133730] RIP: 0033:0x465f69 [ 1261.136928] RSP: 002b:00007f5884799188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1261.144645] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1261.152059] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1261.157906] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1261.159331] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1261.159338] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1261.159344] R13: 00007ffd2f6bf3cf R14: 00007f5884799300 R15: 0000000000022000 [ 1261.201774] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1261.241584] CPU: 0 PID: 8051 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1261.249674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1261.259275] Call Trace: [ 1261.261880] dump_stack+0x1b2/0x281 [ 1261.265520] warn_alloc.cold+0x96/0x1cc [ 1261.269530] ? zone_watermark_ok_safe+0x220/0x220 [ 1261.274417] ? wait_for_completion_io+0x10/0x10 [ 1261.279106] __alloc_pages_nodemask+0x2127/0x2720 [ 1261.283994] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1261.288847] ? perf_trace_lock+0xf7/0x490 [ 1261.293231] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1261.298121] ? do_raw_spin_unlock+0x164/0x220 [ 1261.302632] alloc_pages_current+0x155/0x260 [ 1261.307074] kvm_mmu_create+0xda/0x1d0 [ 1261.311116] kvm_arch_vcpu_init+0x282/0x890 [ 1261.312040] warn_alloc_show_mem: 3 callbacks suppressed [ 1261.312044] Mem-Info: [ 1261.316099] ? alloc_pages_current+0x15d/0x260 [ 1261.316114] kvm_vcpu_init+0x26d/0x360 [ 1261.316128] vmx_create_vcpu+0xef/0x29d0 [ 1261.316141] ? __mutex_unlock_slowpath+0x75/0x770 [ 1261.316152] ? drop_futex_key_refs+0x2e/0xa0 [ 1261.316161] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1261.316172] ? get_futex_key+0x1160/0x1160 [ 1261.316183] kvm_vm_ioctl+0x4ca/0x13e0 [ 1261.316197] ? kvm_vcpu_release+0xa0/0xa0 [ 1261.338002] active_anon:841589 inactive_anon:18063 isolated_anon:0 [ 1261.338002] active_file:9488 inactive_file:33900 isolated_file:0 [ 1261.338002] unevictable:0 dirty:469 writeback:0 unstable:0 [ 1261.338002] slab_reclaimable:16198 slab_unreclaimable:196403 [ 1261.338002] mapped:62588 shmem:8996 pagetables:18004 bounce:0 [ 1261.338002] free:490283 free_pcp:143 free_cma:0 [ 1261.341782] ? check_preemption_disabled+0x35/0x240 [ 1261.341798] ? perf_trace_lock+0xf7/0x490 [ 1261.341810] ? perf_trace_lock_acquire+0x510/0x510 [ 1261.341823] ? sock_ioctl+0x16c/0x4c0 13:27:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x400100, 0x0) exit_group(0x0) clone(0x9d0080, &(0x7f0000000080)="aa5604f18cf64d635dfa246df02428ea7be756d2f81f9d6503f31afa47b158f7e426d0438bcbb95a68eb6f21aecf615b9a9b608677070a1278fb781f512a0afca0a2ba656c74a0e755416656ddd175d8b092c1c2105a6af7b4c384fa3eace93e114eb5e2a0eb98caa00d", &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)="102bfa86abe39d0f43bf2d72349cac500170d4939ab3f90f81ec827c169d8c4ea2dc53d939d5a6158c1581a6cc36591b70eee5ab2e2b57aa4b5a3f6bc95b7541436b1bfcbbc8af874caa850ea4979b8336a0c50a8a4b3d254d2e0637975f6aa6ddec2ba6d453219f77294bf76faff51e86c7cc94af25167be3a39f9529f3f775867698dda9adbf423ca51f77e4f1dea0bfd77e") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1261.358500] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1261.358590] ? kvm_vcpu_release+0xa0/0xa0 [ 1261.358604] do_vfs_ioctl+0x75a/0xff0 [ 1261.370263] Node 1 active_anon:1257096kB inactive_anon:53480kB active_file:37944kB inactive_file:135600kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33252kB dirty:1876kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1261.396947] ? ioctl_preallocate+0x1a0/0x1a0 [ 1261.396957] ? lock_downgrade+0x740/0x740 [ 1261.396973] ? __fget+0x225/0x360 [ 1261.396982] ? do_vfs_ioctl+0xff0/0xff0 [ 1261.396992] ? security_file_ioctl+0x83/0xb0 [ 1261.397002] SyS_ioctl+0x7f/0xb0 [ 1261.397009] ? do_vfs_ioctl+0xff0/0xff0 [ 1261.397020] do_syscall_64+0x1d5/0x640 [ 1261.397035] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1261.397043] RIP: 0033:0x465f69 [ 1261.397047] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1261.397057] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1261.397062] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1261.397067] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1261.397071] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1261.397076] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1261.425260] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1261.456244] FAULT_INJECTION: forcing a failure. [ 1261.456244] name failslab, interval 1, probability 0, space 0, times 0 13:27:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x80000, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0xc0011908, 0x0, 0x80000000}, {0x316, 0x0, 0x4}]}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1261.738802] CPU: 0 PID: 8081 Comm: syz-executor.5 Not tainted 4.14.224-syzkaller #0 [ 1261.747001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1261.756508] Call Trace: [ 1261.759135] dump_stack+0x1b2/0x281 [ 1261.762774] should_fail.cold+0x10a/0x149 [ 1261.766936] should_failslab+0xd6/0x130 [ 1261.767037] Node 0 [ 1261.770918] __kmalloc+0x2c1/0x400 [ 1261.770926] ? ext4_find_extent+0x879/0xbc0 [ 1261.770937] ext4_find_extent+0x879/0xbc0 [ 1261.776540] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1261.776716] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1261.796836] lowmem_reserve[]: [ 1261.811543] ext4_ext_map_blocks+0x19a/0x6b10 [ 1261.811563] ? __lock_acquire+0x5fc/0x3f20 [ 1261.811575] ? preempt_count_add+0xaf/0x170 [ 1261.811586] ? check_preemption_disabled+0x35/0x240 [ 1261.811597] ? perf_trace_lock+0xf7/0x490 [ 1261.842361] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1261.847584] ? perf_trace_lock+0xf7/0x490 [ 1261.851743] ? perf_trace_lock_acquire+0x510/0x510 [ 1261.852274] 0 [ 1261.856765] ? ext4_es_lookup_extent+0x321/0xac0 [ 1261.856778] ? lock_acquire+0x170/0x3f0 [ 1261.856791] ? lock_acquire+0x170/0x3f0 [ 1261.856800] ? ext4_map_blocks+0x623/0x1730 [ 1261.856816] ext4_map_blocks+0x675/0x1730 [ 1261.856831] ? ext4_issue_zeroout+0x150/0x150 [ 1261.856846] ? __ext4_journal_start_sb+0x105/0x3b0 [ 1261.863081] 2717 [ 1261.863395] ? ext4_alloc_file_blocks.isra.0+0x223/0x840 [ 1261.877554] 2718 [ 1261.879991] ext4_alloc_file_blocks.isra.0+0x24e/0x840 [ 1261.880003] ? trace_hardirqs_on+0x10/0x10 [ 1261.888802] 2718 [ 1261.889429] ? check_eofblocks_fl.part.0+0x2f0/0x2f0 [ 1261.894975] 2718 [ 1261.897115] ? lock_acquire+0x170/0x3f0 [ 1261.897134] ext4_fallocate+0x713/0x1d80 [ 1261.897148] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1261.897160] ? ext4_insert_range+0x1340/0x1340 [ 1261.904494] vfs_fallocate+0x346/0x790 [ 1261.904514] SyS_fallocate+0x4a/0x80 [ 1261.919818] Node 0 [ 1261.921920] ? compat_SyS_ftruncate+0x20/0x20 [ 1261.921932] do_syscall_64+0x1d5/0x640 [ 1261.932770] DMA32 free:28592kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:84kB local_pcp:36kB free_cma:0kB [ 1261.936159] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1261.936167] RIP: 0033:0x465f69 [ 1261.936173] RSP: 002b:00007fa37679e188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1261.936183] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1261.936188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 1261.936193] RBP: 00007fa37679e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1261.936199] R10: 0000000010000101 R11: 0000000000000246 R12: 0000000000000001 [ 1261.936204] R13: 00007fff1f5f260f R14: 00007fa37679e300 R15: 0000000000022000 [ 1262.038988] lowmem_reserve[]: 0 0 0 0 0 [ 1262.043048] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1262.069098] lowmem_reserve[]: 0 0 0 0 0 [ 1262.073164] Node 1 Normal free:1924212kB min:53696kB low:67120kB high:80544kB active_anon:1256600kB inactive_anon:53480kB active_file:37968kB inactive_file:135628kB unevictable:0kB writepending:1912kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16384kB pagetables:40084kB bounce:0kB free_pcp:1388kB local_pcp:728kB free_cma:0kB [ 1262.104459] lowmem_reserve[]: 0 0 0 0 0 [ 1262.109179] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1262.124915] Node 0 DMA32: 962*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28592kB [ 1262.140346] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1262.151649] Node 1 Normal: 140*4kB (UME) 422*8kB (UME) 107*16kB (U) 68*32kB (UM) 21*64kB (UME) 205*128kB (UM) 281*256kB (M) 119*512kB (UM) 33*1024kB (M) 15*2048kB (UME) 413*4096kB (M) = 1924432kB [ 1262.179465] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1262.188423] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1262.198020] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1262.207644] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1262.223540] 26503 total pagecache pages [ 1262.228101] 0 pages in swap cache [ 1262.231570] Swap cache stats: add 0, delete 0, find 0/0 13:27:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x480b01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = fcntl$dupfd(r1, 0x406, r2) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xfffffffffffffffb) 13:27:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x2, 0x1, 0xd000, 0x2000, &(0x7f0000ff9000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000080)="9aed0000003b0166bad004ec0f352e0f0d995e0000000f01cfc4e3516b7bfaf9b9800000c00f3235000400000f30b805000000b9062c00000f01d966baf80cb80cb16588ef66bafc0cedc4c23d3e440b84", 0x51}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0x7, 0x1f, 0x8, 0x0, 0x9, 0x901, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x2, @perf_config_ext={0x27488133, 0x19b}, 0x80, 0x4, 0x80000000, 0x4, 0xe, 0x4, 0x1000}, 0x0, 0xf, 0xffffffffffffffff, 0x1) 13:27:13 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) fcntl$getflags(r0, 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:13 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x204000, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000000c0)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 13:27:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x82000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) read$FUSE(r3, &(0x7f0000002280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb30) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) syz_open_procfs(r4, &(0x7f0000000000)='wchan\x00') r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x628840, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 13:27:13 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) dup(r2) [ 1262.238692] Free swap = 0kB [ 1262.241819] Total swap = 0kB [ 1262.244982] 2097051 pages RAM [ 1262.253256] 0 pages HighMem/MovableOnly [ 1262.273814] 363840 pages reserved [ 1262.278061] 0 pages cma reserved 13:27:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1262.480055] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1262.491906] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1262.516252] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1262.527045] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1262.545844] CPU: 0 PID: 8157 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1262.553672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1262.563171] Call Trace: [ 1262.565767] dump_stack+0x1b2/0x281 [ 1262.569407] warn_alloc.cold+0x96/0x1cc [ 1262.573117] syz-executor.2 cpuset=/ [ 1262.573389] ? zone_watermark_ok_safe+0x220/0x220 [ 1262.573412] ? wait_for_completion_io+0x10/0x10 [ 1262.581802] syz-executor.4 cpuset= [ 1262.581997] __alloc_pages_nodemask+0x2127/0x2720 [ 1262.591212] mems_allowed=0-1 [ 1262.595044] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1262.595056] ? perf_trace_lock+0xf7/0x490 [ 1262.602685] / [ 1262.603069] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1262.613786] ? do_raw_spin_unlock+0x164/0x220 [ 1262.618292] alloc_pages_current+0x155/0x260 [ 1262.620038] mems_allowed=0-1 [ 1262.622705] kvm_mmu_create+0xda/0x1d0 [ 1262.622716] kvm_arch_vcpu_init+0x282/0x890 [ 1262.622727] ? alloc_pages_current+0x15d/0x260 [ 1262.638677] kvm_vcpu_init+0x26d/0x360 [ 1262.642567] vmx_create_vcpu+0xef/0x29d0 [ 1262.646634] ? __mutex_unlock_slowpath+0x75/0x770 [ 1262.651467] ? drop_futex_key_refs+0x2e/0xa0 [ 1262.655863] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1262.659913] ? get_futex_key+0x1160/0x1160 [ 1262.664138] kvm_vm_ioctl+0x4ca/0x13e0 [ 1262.668020] ? kvm_vcpu_release+0xa0/0xa0 [ 1262.672189] ? check_preemption_disabled+0x35/0x240 [ 1262.677193] ? perf_trace_lock+0xf7/0x490 [ 1262.681419] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1262.686514] ? perf_trace_lock_acquire+0x510/0x510 [ 1262.691429] ? kvm_vcpu_release+0xa0/0xa0 [ 1262.695569] do_vfs_ioctl+0x75a/0xff0 [ 1262.699389] ? ioctl_preallocate+0x1a0/0x1a0 [ 1262.703780] ? lock_downgrade+0x740/0x740 [ 1262.707915] ? __fget+0x225/0x360 [ 1262.711352] ? do_vfs_ioctl+0xff0/0xff0 [ 1262.715311] ? security_file_ioctl+0x83/0xb0 [ 1262.719705] SyS_ioctl+0x7f/0xb0 [ 1262.723055] ? do_vfs_ioctl+0xff0/0xff0 [ 1262.727012] do_syscall_64+0x1d5/0x640 [ 1262.730902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1262.736072] RIP: 0033:0x465f69 [ 1262.739248] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1262.746957] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1262.754207] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1262.761458] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1262.768711] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1262.775974] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1262.783243] CPU: 1 PID: 8155 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1262.791045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1262.800398] Call Trace: [ 1262.802989] dump_stack+0x1b2/0x281 [ 1262.806621] warn_alloc.cold+0x96/0x1cc [ 1262.810595] ? zone_watermark_ok_safe+0x220/0x220 [ 1262.815533] ? wait_for_completion_io+0x10/0x10 [ 1262.820206] __alloc_pages_nodemask+0x2127/0x2720 [ 1262.825167] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1262.830007] ? perf_trace_lock+0xf7/0x490 [ 1262.834157] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1262.839046] ? do_raw_spin_unlock+0x164/0x220 [ 1262.843546] alloc_pages_current+0x155/0x260 [ 1262.847960] kvm_mmu_create+0xda/0x1d0 [ 1262.851851] kvm_arch_vcpu_init+0x282/0x890 [ 1262.856173] ? alloc_pages_current+0x15d/0x260 [ 1262.860767] kvm_vcpu_init+0x26d/0x360 [ 1262.864654] vmx_create_vcpu+0xef/0x29d0 [ 1262.868716] ? __mutex_unlock_slowpath+0x75/0x770 [ 1262.873563] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1262.877628] kvm_vm_ioctl+0x4ca/0x13e0 [ 1262.881517] ? kvm_vcpu_release+0xa0/0xa0 [ 1262.885666] ? perf_trace_lock_acquire+0x510/0x510 [ 1262.890599] ? __lock_acquire+0x5fc/0x3f20 [ 1262.894832] ? check_preemption_disabled+0x35/0x240 [ 1262.899845] ? perf_trace_lock+0xf7/0x490 [ 1262.903993] ? lock_downgrade+0x740/0x740 [ 1262.908144] ? perf_trace_lock_acquire+0x510/0x510 [ 1262.913069] ? do_raw_spin_unlock+0x164/0x220 [ 1262.917565] ? _raw_spin_unlock+0x29/0x40 [ 1262.921707] ? kvm_vcpu_release+0xa0/0xa0 [ 1262.925861] do_vfs_ioctl+0x75a/0xff0 [ 1262.929663] ? ioctl_preallocate+0x1a0/0x1a0 [ 1262.934069] ? lock_downgrade+0x740/0x740 [ 1262.938220] ? __fget+0x225/0x360 [ 1262.941668] ? do_vfs_ioctl+0xff0/0xff0 [ 1262.945642] ? security_file_ioctl+0x83/0xb0 [ 1262.950048] SyS_ioctl+0x7f/0xb0 [ 1262.953413] ? do_vfs_ioctl+0xff0/0xff0 [ 1262.957387] do_syscall_64+0x1d5/0x640 [ 1262.961284] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1262.966469] RIP: 0033:0x465f69 [ 1262.969656] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:27:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c000000000109040000000000000000020000002400018014000180080004ebe000000108000200000000000c000280050001000000000d1498d24bd8e36be13a5a9d00240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000080)=0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1262.977361] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1262.984624] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1262.991889] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1262.999155] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1263.006420] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1263.031618] CPU: 0 PID: 8143 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1263.039427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1263.048778] Call Trace: [ 1263.051370] dump_stack+0x1b2/0x281 [ 1263.055030] warn_alloc.cold+0x96/0x1cc [ 1263.059011] ? zone_watermark_ok_safe+0x220/0x220 [ 1263.059718] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1263.063857] ? wait_for_completion_io+0x10/0x10 [ 1263.063873] __alloc_pages_nodemask+0x2127/0x2720 [ 1263.081962] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1263.086208] warn_alloc_show_mem: 3 callbacks suppressed [ 1263.086212] Mem-Info: [ 1263.086802] ? perf_trace_lock+0xf7/0x490 [ 1263.092154] active_anon:841547 inactive_anon:18064 isolated_anon:0 [ 1263.092154] active_file:9490 inactive_file:33916 isolated_file:0 [ 1263.092154] unevictable:0 dirty:491 writeback:0 unstable:0 [ 1263.092154] slab_reclaimable:16230 slab_unreclaimable:196784 [ 1263.092154] mapped:62510 shmem:8997 pagetables:18012 bounce:0 [ 1263.092154] free:489749 free_pcp:295 free_cma:0 [ 1263.094540] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1263.101071] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1263.132863] ? do_raw_spin_unlock+0x164/0x220 [ 1263.132878] alloc_pages_current+0x155/0x260 [ 1263.132894] kvm_mmu_create+0xda/0x1d0 [ 1263.132904] kvm_arch_vcpu_init+0x282/0x890 [ 1263.132912] ? alloc_pages_current+0x15d/0x260 [ 1263.132925] kvm_vcpu_init+0x26d/0x360 [ 1263.132937] vmx_create_vcpu+0xef/0x29d0 [ 1263.169658] Node 1 active_anon:1257028kB inactive_anon:53484kB active_file:37956kB inactive_file:135660kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:32940kB dirty:1964kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1263.170078] ? __mutex_unlock_slowpath+0x75/0x770 [ 1263.174475] Node 0 [ 1263.178345] ? drop_futex_key_refs+0x2e/0xa0 [ 1263.178357] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1263.178370] ? get_futex_key+0x1160/0x1160 [ 1263.178382] kvm_vm_ioctl+0x4ca/0x13e0 [ 1263.178395] ? kvm_vcpu_release+0xa0/0xa0 [ 1263.178416] ? check_preemption_disabled+0x35/0x240 [ 1263.178429] ? perf_trace_lock+0xf7/0x490 [ 1263.199632] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1263.223820] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1263.223847] ? perf_trace_lock_acquire+0x510/0x510 [ 1263.223859] ? kvm_vcpu_release+0xa0/0xa0 [ 1263.223870] do_vfs_ioctl+0x75a/0xff0 [ 1263.223882] ? ioctl_preallocate+0x1a0/0x1a0 [ 1263.223889] ? lock_downgrade+0x740/0x740 [ 1263.223906] ? __fget+0x225/0x360 [ 1263.229055] lowmem_reserve[]: [ 1263.230978] ? do_vfs_ioctl+0xff0/0xff0 [ 1263.239270] 0 [ 1263.239411] ? security_file_ioctl+0x83/0xb0 [ 1263.243621] 2717 [ 1263.247492] SyS_ioctl+0x7f/0xb0 [ 1263.247501] ? do_vfs_ioctl+0xff0/0xff0 [ 1263.247512] do_syscall_64+0x1d5/0x640 [ 1263.247529] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1263.247539] RIP: 0033:0x465f69 [ 1263.251658] 2718 [ 1263.256648] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1263.256659] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1263.256664] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1263.256669] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:27:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = dup2(r0, r1) sched_setscheduler(0x0, 0x5, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/null\x00', 0x404081, 0x0) perf_event_open(&(0x7f0000000640)={0x2, 0x70, 0x2, 0x8, 0x42, 0x80, 0x0, 0x9, 0x10038, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000600)}, 0x1a05, 0x3, 0x3, 0x7, 0x0, 0x4, 0x5}, 0x0, 0xf, r3, 0xd) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x90080011}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)={0x90, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffe00}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x22}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fff}]}]}, 0x90}}, 0x204c0d0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00', 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@private0}}, &(0x7f0000000400)=0xe8) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x44, r4, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1ff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x20}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20008000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:15 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000540)=[{&(0x7f00000000c0)="580000001400ad", 0x7}, {&(0x7f0000000040)="372ff4fe575ee756842e107a000090175cb696e1317e00ffffff4f", 0x1b}, {&(0x7f0000000080)="fe23dd11d6278283e7104292765a7c5b7c60e9e187ff8d5fff9205c9e8a28cfc98ea1079ab6bbccb9606ba175a65a1292c6414e1b765169e8456dede4c9748", 0x3f}, {&(0x7f0000000240)="e34667a671c94a1ab00647b8b30499bfd2cb844edc08279268047cc886c15c8b0adc1104ea821426a9dd6fdb3a45bb7c4930bed54035bcb54917c0009ba99887c148fb8efd33f081e791ed84b610834c7b6b5522f5b435f447851891b71c1ec646c16855e69e78a1cfaa73c1e3bcea9715557b95d9828ed11774e3c39703a661c5645c002f367098d290bea620c92f8f7f6bf534ebbaa3ebb298b22abe5c609dd83df7f1ea143dbbb66315fdb40887aeaffe67b4b3cd6ad0badbcc96b73c9847a1e3df795af3fdf0f0eba9d743cbb9d9e28926a80868f713508818476184582a655f", 0xe2}, {&(0x7f0000000400)="efaf73215fbd62a4a18d94e42dbd02adda21b07e8e610760b6f1a10ff5516bebf9a8bdb88729552b2c31636ea4cfce0025fb22652edf7a7048855e564d8e20e33fbb92cf74ca04f8575fb39dd151cdb6287fecf48fe096994d83b5a06c0644b49094f8664b3ab12f28e5fda30c962fa9546f996e45e6b921ee7a3e17e49a9e95396500f955b8a56703644aca84", 0x8d}, {&(0x7f00000001c0)="5713900b935dd22c9a13e64031d123527041f8cf14ed4b80b7152b3e114755b649d86ffbce63ec8a51c7d9ff4141f18a6bc958e3629af2d415e1524eb6ea47336ea0db390870dcefd01f986ca87c3e4e490c0101fe1ece339cacbdc2b186b2640c57e683b00d198a", 0x68}, {&(0x7f0000000340)="cb63f43fcf244eb0db7e0c8cec26bbc897d809c7bf6f2fae96ff71948a272475a526c0335d2a359d106870e906ed15f13314bf3a0d77f541a7c901d4c0e7f7c7", 0x40}, {&(0x7f0000000100)="877a1097e086e709b4342bdab82c725474b2ba31ab6a20a9cd4ed898856a2c19abc65a65e47556ab", 0x28}], 0x8) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1263.256674] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1263.256680] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1263.407661] 2718 2718 13:27:15 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1263.410708] Node 0 DMA32 free:28604kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:144kB local_pcp:0kB free_cma:0kB 13:27:15 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103903, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x101000, 0x0) ioctl$PPPIOCCONNECT(r4, 0x4004743a, &(0x7f0000000140)=0x1) r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1263.543217] lowmem_reserve[]: 0 0 0 0 0 13:27:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000000)="660f3882658ff20f5a0c18b8010000000f01d966baf80cb8a4407c8fef66bafc0ced66b8be008ed0f30f5222360f01b70a0000000f30f20f07440f20c0350f000000440f22c0", 0x46}], 0x1, 0x0, &(0x7f00000000c0)=[@flags={0x3, 0x44081}], 0x1) [ 1263.578104] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1263.643577] lowmem_reserve[]: 0 0 0 0 0 [ 1263.671311] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1263.685749] Node 1 Normal free:1921744kB min:53696kB low:67120kB high:80544kB active_anon:1257228kB inactive_anon:53484kB active_file:37956kB inactive_file:135660kB unevictable:0kB writepending:1964kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16736kB pagetables:40836kB bounce:0kB free_pcp:1152kB local_pcp:700kB free_cma:0kB [ 1263.731861] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1263.740262] CPU: 1 PID: 8229 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1263.748072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1263.757432] Call Trace: [ 1263.760021] dump_stack+0x1b2/0x281 [ 1263.763634] warn_alloc.cold+0x96/0x1cc [ 1263.767594] ? zone_watermark_ok_safe+0x220/0x220 [ 1263.772425] ? wait_for_completion_io+0x10/0x10 [ 1263.777094] __alloc_pages_nodemask+0x2127/0x2720 [ 1263.781931] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1263.786756] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1263.791609] alloc_pages_current+0x155/0x260 [ 1263.796028] kvm_mmu_create+0xda/0x1d0 [ 1263.799907] kvm_arch_vcpu_init+0x282/0x890 [ 1263.804217] ? alloc_pages_current+0x15d/0x260 [ 1263.808789] kvm_vcpu_init+0x26d/0x360 [ 1263.812687] vmx_create_vcpu+0xef/0x29d0 [ 1263.816737] ? __mutex_unlock_slowpath+0x75/0x770 [ 1263.821570] ? drop_futex_key_refs+0x2e/0xa0 [ 1263.825968] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1263.830014] ? get_futex_key+0x1160/0x1160 [ 1263.834232] kvm_vm_ioctl+0x4ca/0x13e0 [ 1263.838106] ? kvm_vcpu_release+0xa0/0xa0 [ 1263.842246] ? check_preemption_disabled+0x35/0x240 [ 1263.847246] ? perf_trace_lock+0xf7/0x490 [ 1263.851378] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1263.856463] ? perf_trace_lock_acquire+0x510/0x510 [ 1263.861375] ? kvm_vcpu_release+0xa0/0xa0 [ 1263.865505] do_vfs_ioctl+0x75a/0xff0 [ 1263.869288] ? ioctl_preallocate+0x1a0/0x1a0 [ 1263.873678] ? lock_downgrade+0x740/0x740 [ 1263.877811] ? __fget+0x225/0x360 [ 1263.881246] ? do_vfs_ioctl+0xff0/0xff0 [ 1263.885202] ? security_file_ioctl+0x83/0xb0 [ 1263.889594] SyS_ioctl+0x7f/0xb0 [ 1263.892942] ? do_vfs_ioctl+0xff0/0xff0 [ 1263.896900] do_syscall_64+0x1d5/0x640 [ 1263.900773] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1263.905944] RIP: 0033:0x465f69 [ 1263.909113] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1263.916821] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1263.924089] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1263.931342] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1263.938595] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1263.945845] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1263.965884] lowmem_reserve[]: 0 0 0 0 0 [ 1263.969919] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1263.993836] Node 0 DMA32: 965*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28604kB [ 1264.008606] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1264.022662] Node 1 Normal: 44*4kB (UME) 295*8kB (UME) 394*16kB (UE) 63*32kB (UE) 21*64kB (UME) 199*128kB (M) 283*256kB (UME) 119*512kB (ME) 34*1024kB (ME) 13*2048kB (M) 412*4096kB (M) = 1920040kB [ 1264.040973] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1264.050491] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1264.059727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1264.069407] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1264.086791] 26523 total pagecache pages [ 1264.097090] 0 pages in swap cache [ 1264.104926] Swap cache stats: add 0, delete 0, find 0/0 [ 1264.123823] Free swap = 0kB [ 1264.131514] Total swap = 0kB [ 1264.138205] 2097051 pages RAM [ 1264.142483] 0 pages HighMem/MovableOnly [ 1264.153495] 363840 pages reserved [ 1264.161676] 0 pages cma reserved 13:27:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x391000, 0x0) 13:27:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x50000, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00fc05d1a5369c6f55c30391682fb009fb00efff000904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1264.202069] warn_alloc_show_mem: 2 callbacks suppressed [ 1264.202073] Mem-Info: [ 1264.245333] active_anon:841564 inactive_anon:18064 isolated_anon:0 [ 1264.245333] active_file:9493 inactive_file:33927 isolated_file:0 [ 1264.245333] unevictable:0 dirty:503 writeback:0 unstable:0 [ 1264.245333] slab_reclaimable:16219 slab_unreclaimable:195991 [ 1264.245333] mapped:62553 shmem:8997 pagetables:18075 bounce:0 [ 1264.245333] free:490616 free_pcp:278 free_cma:0 13:27:16 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="a868b9a8065b05107311"], 0xa) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$VIDIOC_QUERYMENU(r3, 0xc02c5625, &(0x7f0000000040)={0x0, 0x6, @name="4db5d7b1e6798846f9cce326ef7c8dde33afa7dff89cc3ce3fb5fae4d21538ad"}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r6, 0xc) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r6, 0x2405, r3) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:16 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f00000018c0)=""/246) r3 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000003c0)=0x16452d0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000)=0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000140)={"003ffbb4d7fee8145b86d2ecff569b36", 0x0, r4, {0x81, 0x7fff}, {0x4, 0x81}, 0x401, [0x6, 0x0, 0x3, 0x1ff, 0xffffffff, 0x9, 0x81, 0x956f, 0x37, 0xffffffffffffffff, 0x200, 0x5, 0x2, 0x9, 0x7, 0x9]}) pwritev(r3, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r5 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r6, 0x800) fallocate(r5, 0x20, 0x0, 0xfffffeff000) fallocate(r5, 0x0, 0x0, 0x10000101) fallocate(r5, 0x3, 0x0, 0xffff) fallocate(r5, 0x0, 0x0, 0x10000101) [ 1264.266772] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1264.362212] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1264.393404] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1264.400852] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1264.414121] CPU: 1 PID: 8258 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1264.421928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1264.431278] Call Trace: [ 1264.433870] dump_stack+0x1b2/0x281 [ 1264.437505] warn_alloc.cold+0x96/0x1cc [ 1264.441486] ? zone_watermark_ok_safe+0x220/0x220 [ 1264.446346] ? wait_for_completion_io+0x10/0x10 [ 1264.452326] __alloc_pages_nodemask+0x2127/0x2720 [ 1264.457188] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1264.462025] ? perf_trace_lock+0xf7/0x490 [ 1264.466169] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1264.471021] ? do_raw_spin_unlock+0x164/0x220 [ 1264.475516] alloc_pages_current+0x155/0x260 [ 1264.479930] kvm_mmu_create+0xda/0x1d0 [ 1264.483822] kvm_arch_vcpu_init+0x282/0x890 [ 1264.488139] ? alloc_pages_current+0x15d/0x260 [ 1264.492718] kvm_vcpu_init+0x26d/0x360 [ 1264.496638] vmx_create_vcpu+0xef/0x29d0 [ 1264.500705] ? __mutex_unlock_slowpath+0x75/0x770 [ 1264.505549] ? drop_futex_key_refs+0x2e/0xa0 [ 1264.509953] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1264.514016] ? get_futex_key+0x1160/0x1160 [ 1264.518241] kvm_vm_ioctl+0x4ca/0x13e0 [ 1264.522139] ? kvm_vcpu_release+0xa0/0xa0 [ 1264.526306] ? check_preemption_disabled+0x35/0x240 [ 1264.531328] ? perf_trace_lock+0xf7/0x490 [ 1264.535593] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1264.540688] ? perf_trace_lock_acquire+0x510/0x510 [ 1264.545632] ? kvm_vcpu_release+0xa0/0xa0 [ 1264.549785] do_vfs_ioctl+0x75a/0xff0 [ 1264.553579] ? ioctl_preallocate+0x1a0/0x1a0 [ 1264.557973] ? lock_downgrade+0x740/0x740 [ 1264.562118] ? __fget+0x225/0x360 [ 1264.565572] ? do_vfs_ioctl+0xff0/0xff0 [ 1264.569542] ? security_file_ioctl+0x83/0xb0 [ 1264.573933] SyS_ioctl+0x7f/0xb0 [ 1264.577287] ? do_vfs_ioctl+0xff0/0xff0 [ 1264.581263] do_syscall_64+0x1d5/0x640 [ 1264.585145] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1264.590322] RIP: 0033:0x465f69 [ 1264.593503] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1264.601203] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1264.608466] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1264.615720] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1264.622976] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1264.630237] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1264.637513] CPU: 0 PID: 8253 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1264.645311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1264.654649] Call Trace: [ 1264.657222] dump_stack+0x1b2/0x281 [ 1264.660838] warn_alloc.cold+0x96/0x1cc [ 1264.664798] ? zone_watermark_ok_safe+0x220/0x220 [ 1264.669632] ? wait_for_completion_io+0x10/0x10 [ 1264.674284] __alloc_pages_nodemask+0x2127/0x2720 [ 1264.679119] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1264.683954] ? perf_trace_lock+0xf7/0x490 [ 1264.688101] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1264.692933] ? do_raw_spin_unlock+0x164/0x220 [ 1264.697414] alloc_pages_current+0x155/0x260 [ 1264.701806] kvm_mmu_create+0xda/0x1d0 [ 1264.705690] kvm_arch_vcpu_init+0x282/0x890 [ 1264.709992] ? alloc_pages_current+0x15d/0x260 [ 1264.714561] kvm_vcpu_init+0x26d/0x360 [ 1264.718445] vmx_create_vcpu+0xef/0x29d0 [ 1264.722489] ? __mutex_unlock_slowpath+0x75/0x770 [ 1264.727316] ? drop_futex_key_refs+0x2e/0xa0 [ 1264.731706] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1264.735754] ? get_futex_key+0x1160/0x1160 [ 1264.739974] kvm_vm_ioctl+0x4ca/0x13e0 [ 1264.743844] ? kvm_vcpu_release+0xa0/0xa0 [ 1264.747985] ? check_preemption_disabled+0x35/0x240 [ 1264.752984] ? perf_trace_lock+0xf7/0x490 [ 1264.757115] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1264.762200] ? perf_trace_lock_acquire+0x510/0x510 [ 1264.767110] ? kvm_vcpu_release+0xa0/0xa0 [ 1264.771242] do_vfs_ioctl+0x75a/0xff0 [ 1264.775026] ? ioctl_preallocate+0x1a0/0x1a0 [ 1264.779413] ? lock_downgrade+0x740/0x740 [ 1264.783632] ? __fget+0x225/0x360 [ 1264.787070] ? do_vfs_ioctl+0xff0/0xff0 [ 1264.791025] ? security_file_ioctl+0x83/0xb0 [ 1264.795416] SyS_ioctl+0x7f/0xb0 [ 1264.798760] ? do_vfs_ioctl+0xff0/0xff0 [ 1264.802715] do_syscall_64+0x1d5/0x640 [ 1264.806592] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1264.811759] RIP: 0033:0x465f69 [ 1264.814931] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1264.822620] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1264.829869] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1264.837117] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1264.844369] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1264.851617] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1264.877852] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1264.907061] Node 1 active_anon:1257032kB inactive_anon:53484kB active_file:37964kB inactive_file:135736kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33048kB dirty:2040kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1264.943354] Node 0 DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1264.970476] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1264.975962] Node 0 DMA32 free:28604kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:148kB local_pcp:8kB free_cma:0kB [ 1265.005801] lowmem_reserve[]: 0 0 0 0 0 [ 1265.010061] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1265.037085] lowmem_reserve[]: 0 0 0 0 0 [ 1265.041364] Node 1 Normal free:1920608kB min:53696kB low:67120kB high:80544kB active_anon:1257128kB inactive_anon:53484kB active_file:37964kB inactive_file:135748kB unevictable:0kB writepending:2052kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16896kB pagetables:40748kB bounce:0kB free_pcp:1004kB local_pcp:612kB free_cma:0kB [ 1265.073106] lowmem_reserve[]: 0 0 0 0 0 [ 1265.077766] Node 0 DMA: 33*4kB (UM) 2*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10964kB [ 1265.098353] Node 0 DMA32: 965*4kB (UME) 277*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28604kB [ 1265.113716] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 13:27:16 executing program 5: ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000280)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000140)="3e0f06b9800000c00f3235004000000f3066b8fc000f00d8b9800000c00f3235000400000f300f01d10ff3ba95000000c7442400a0000000c744240200980000ff1c2466baf80cb8fc243d80ef66bafc0cedc4e1fd50c566b833010f00d8", 0x5e}], 0x1, 0x12, &(0x7f00000001c0)=[@flags={0x3, 0x280c05}], 0x1) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) fallocate(r4, 0x20, 0x0, 0xfffffeff000) fallocate(r4, 0x0, 0x0, 0x10000101) fallocate(r4, 0x3, 0x0, 0xffff) fallocate(r4, 0x0, 0x0, 0x10000101) [ 1265.126569] Node 1 Normal: 108*4kB (UME) 180*8kB (UME) 420*16kB (UME) 65*32kB (UME) 22*64kB (UE) 202*128kB (UM) 283*256kB (UME) 119*512kB (ME) 34*1024kB (ME) 13*2048kB (M) 412*4096kB (M) = 1920304kB 13:27:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:16 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="a9000073110000000000"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1265.171103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1265.205159] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1265.250784] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1265.292037] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1265.310905] warn_alloc_show_mem: 1 callbacks suppressed [ 1265.310909] Mem-Info: [ 1265.327599] 26533 total pagecache pages 13:27:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0xe4, 0x0, 0x0, 0x7fff}, {0x4, 0x2, 0x4, 0x80000000}, {0x1, 0x1d, 0x6, 0x834}, {0x80, 0x8, 0x6, 0xffffffff}, {0x8e, 0x7, 0x90, 0x7}]}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="6000000000010904000000000000000002000000200001801400000200000000000600034000060005000000000000008008000100ac14140008000200ac1e00010c0002800500010000000000080003400000000400"/96], 0x60}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1265.342953] 0 pages in swap cache [ 1265.360957] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1265.367049] Swap cache stats: add 0, delete 0, find 0/0 [ 1265.373025] active_anon:841747 inactive_anon:18064 isolated_anon:0 [ 1265.373025] active_file:9493 inactive_file:33937 isolated_file:0 [ 1265.373025] unevictable:0 dirty:513 writeback:0 unstable:0 [ 1265.373025] slab_reclaimable:16200 slab_unreclaimable:196334 [ 1265.373025] mapped:62619 shmem:8997 pagetables:18138 bounce:0 [ 1265.373025] free:490015 free_pcp:114 free_cma:0 [ 1265.383730] Free swap = 0kB [ 1265.411568] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1265.411585] Node 1 active_anon:1257728kB inactive_anon:53484kB active_file:37964kB inactive_file:135748kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33376kB dirty:2052kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1265.469062] syz-executor.4 cpuset= [ 1265.473830] Node 0 [ 1265.476409] / mems_allowed=0-1 [ 1265.486533] DMA free:10964kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1265.494409] CPU: 1 PID: 8300 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1265.516965] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1265.521136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1265.521141] Call Trace: [ 1265.521157] dump_stack+0x1b2/0x281 [ 1265.521170] warn_alloc.cold+0x96/0x1cc [ 1265.521185] ? zone_watermark_ok_safe+0x220/0x220 [ 1265.529902] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1265.539101] ? wait_for_completion_io+0x10/0x10 [ 1265.539119] __alloc_pages_nodemask+0x2127/0x2720 [ 1265.539146] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1265.539164] ? perf_trace_lock+0xf7/0x490 [ 1265.573772] lowmem_reserve[]: [ 1265.577038] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1265.577063] ? do_raw_spin_unlock+0x164/0x220 [ 1265.581620] 0 [ 1265.584286] alloc_pages_current+0x155/0x260 [ 1265.584304] kvm_mmu_create+0xda/0x1d0 [ 1265.591375] 2717 [ 1265.593618] kvm_arch_vcpu_init+0x282/0x890 [ 1265.593626] ? alloc_pages_current+0x15d/0x260 [ 1265.593640] kvm_vcpu_init+0x26d/0x360 [ 1265.596907] 2718 [ 1265.599830] vmx_create_vcpu+0xef/0x29d0 [ 1265.599846] ? __mutex_unlock_slowpath+0x75/0x770 [ 1265.603753] 2718 [ 1265.605773] ? drop_futex_key_refs+0x2e/0xa0 [ 1265.605784] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1265.605800] kvm_vm_ioctl+0x4ca/0x13e0 [ 1265.605814] ? kvm_vcpu_release+0xa0/0xa0 [ 1265.612881] 2718 [ 1265.614690] ? check_preemption_disabled+0x35/0x240 [ 1265.620618] ? perf_trace_lock+0xf7/0x490 [ 1265.620627] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1265.620639] ? perf_trace_lock_acquire+0x510/0x510 [ 1265.626471] Node 0 [ 1265.629515] ? kvm_vcpu_release+0xa0/0xa0 [ 1265.629529] do_vfs_ioctl+0x75a/0xff0 13:27:17 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:17 executing program 0: sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0xc4, 0x0, 0x8, 0x3, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7e}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xfff}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2ba}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffff81}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x101}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_DATA={0x54, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xc7}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x8c}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x6330}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x100}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9f}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x3ff}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_L4PROTO={0x5}]}, 0xc4}, 0x1, 0x0, 0x0, 0x8000181}, 0x40810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e0000001080002800500010000000000240002801400018008000100ac14140008000200ac1e0095264e418005000100000000003f88b63024ca00000000000000004272a41499a5a589f947e34e9ec2296a99ec6b6efe4235c6f6bbbd49b7359a1c7043f1cedea8b2b0f0182297ddcee2ccbcb8afd57de693a88bdd5e17f699111386d27a7f7ee09599527d6968b4cbef782588e8f3df0611784174257c78c0382875d1a99506bef7f3b42aa036406dc06b34492581806739229ed82acdf8333733002e1928dfd42b84078cde7437f02d8516"], 0x5c}}, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000480)="263e0f01c9660f320f20c035000000200f22c0430f01df66b8c2000f00d866baf80cb8d6a6b880ef66bafc0cec400f0866b873000f00d866b834018ec8b9a90200000f32", 0x44}], 0x1, 0x40, &(0x7f0000000500)=[@dstype0={0x6, 0x4}], 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1265.631611] DMA32 free:28604kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:148kB local_pcp:140kB free_cma:0kB [ 1265.635972] ? ioctl_preallocate+0x1a0/0x1a0 [ 1265.635982] ? lock_downgrade+0x740/0x740 [ 1265.635997] ? __fget+0x225/0x360 [ 1265.636009] ? do_vfs_ioctl+0xff0/0xff0 [ 1265.645053] lowmem_reserve[]: [ 1265.648063] ? security_file_ioctl+0x83/0xb0 [ 1265.648076] SyS_ioctl+0x7f/0xb0 [ 1265.648084] ? do_vfs_ioctl+0xff0/0xff0 [ 1265.648095] do_syscall_64+0x1d5/0x640 [ 1265.648112] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1265.650208] 0 [ 1265.655173] RIP: 0033:0x465f69 [ 1265.655178] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1265.655189] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1265.655194] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1265.655200] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1265.655205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1265.655211] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1265.721727] Total swap = 0kB [ 1265.742285] 0 [ 1265.810422] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1265.814428] 2097051 pages RAM [ 1265.821584] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1265.856095] 0 pages HighMem/MovableOnly [ 1265.876251] 363840 pages reserved [ 1265.877776] 0 0 0 [ 1265.894152] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1265.894877] 0 pages cma reserved [ 1265.921246] lowmem_reserve[]: 0 0 0 0 0 [ 1265.939789] Node 1 Normal free:1921620kB min:53696kB low:67120kB high:80544kB active_anon:1257312kB inactive_anon:53480kB active_file:37988kB inactive_file:135780kB unevictable:0kB writepending:2096kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16768kB pagetables:40932kB bounce:0kB free_pcp:748kB local_pcp:264kB free_cma:0kB [ 1265.976703] lowmem_reserve[]: 0 0 0 0 0 [ 1265.980782] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB 13:27:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) r3 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x400180, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x1c001, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x5) [ 1266.011688] Node 0 DMA32: 965*4kB (UME) 279*8kB (UMEH) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28620kB [ 1266.076468] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1266.110413] Node 1 Normal: 71*4kB (UME) 8*8kB (UE) 473*16kB (UME) 75*32kB (UME) 24*64kB (UE) 196*128kB (M) 283*256kB (UME) 119*512kB (ME) 34*1024kB (ME) 13*2048kB (M) 412*4096kB (M) = 1919308kB [ 1266.163721] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1266.181066] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1266.191032] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1266.199630] CPU: 0 PID: 8362 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1266.207433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.216782] Call Trace: [ 1266.219370] dump_stack+0x1b2/0x281 [ 1266.223001] warn_alloc.cold+0x96/0x1cc [ 1266.226974] ? zone_watermark_ok_safe+0x220/0x220 [ 1266.231824] ? wait_for_completion_io+0x10/0x10 [ 1266.236976] __alloc_pages_nodemask+0x2127/0x2720 [ 1266.241843] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1266.246691] ? perf_trace_lock+0xf7/0x490 [ 1266.250839] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1266.255693] ? do_raw_spin_unlock+0x164/0x220 [ 1266.260188] alloc_pages_current+0x155/0x260 [ 1266.264599] kvm_mmu_create+0xda/0x1d0 [ 1266.268485] kvm_arch_vcpu_init+0x282/0x890 [ 1266.272916] ? alloc_pages_current+0x15d/0x260 [ 1266.277500] kvm_vcpu_init+0x26d/0x360 [ 1266.281386] vmx_create_vcpu+0xef/0x29d0 [ 1266.285458] ? __mutex_unlock_slowpath+0x75/0x770 [ 1266.290301] ? drop_futex_key_refs+0x2e/0xa0 [ 1266.294707] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1266.298772] kvm_vm_ioctl+0x4ca/0x13e0 [ 1266.302662] ? kvm_vcpu_release+0xa0/0xa0 [ 1266.306825] ? check_preemption_disabled+0x35/0x240 [ 1266.311844] ? perf_trace_lock+0xf7/0x490 [ 1266.315987] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1266.321092] ? perf_trace_lock_acquire+0x510/0x510 [ 1266.326024] ? kvm_vcpu_release+0xa0/0xa0 [ 1266.330171] do_vfs_ioctl+0x75a/0xff0 [ 1266.333975] ? ioctl_preallocate+0x1a0/0x1a0 [ 1266.338378] ? lock_downgrade+0x740/0x740 [ 1266.342525] ? __fget+0x225/0x360 [ 1266.345981] ? do_vfs_ioctl+0xff0/0xff0 [ 1266.349959] ? security_file_ioctl+0x83/0xb0 [ 1266.354367] SyS_ioctl+0x7f/0xb0 [ 1266.357730] ? do_vfs_ioctl+0xff0/0xff0 [ 1266.361707] do_syscall_64+0x1d5/0x640 [ 1266.365598] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1266.370785] RIP: 0033:0x465f69 [ 1266.373969] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1266.379282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1266.381695] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1266.381701] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1266.381707] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1266.381715] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1266.419326] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1266.424927] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1266.449464] warn_alloc_show_mem: 1 callbacks suppressed [ 1266.449469] Mem-Info: [ 1266.457662] active_anon:841643 inactive_anon:18063 isolated_anon:0 [ 1266.457662] active_file:9499 inactive_file:33945 isolated_file:0 [ 1266.457662] unevictable:0 dirty:524 writeback:0 unstable:0 [ 1266.457662] slab_reclaimable:16211 slab_unreclaimable:196228 [ 1266.457662] mapped:62652 shmem:8996 pagetables:18073 bounce:0 [ 1266.457662] free:490332 free_pcp:323 free_cma:0 [ 1266.470398] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1266.493906] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1266.529608] Node 1 active_anon:1257212kB inactive_anon:53480kB active_file:37988kB inactive_file:135780kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33208kB dirty:2096kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1266.546115] 26546 total pagecache pages [ 1266.559936] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1266.581007] 0 pages in swap cache [ 1266.590450] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1266.598083] Node 0 DMA32 free:28604kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:128kB local_pcp:8kB free_cma:0kB [ 1266.604541] Swap cache stats: add 0, delete 0, find 0/0 [ 1266.628437] lowmem_reserve[]: 0 0 0 0 0 [ 1266.637722] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1266.664140] lowmem_reserve[]: 0 0 0 0 0 [ 1266.664687] Free swap = 0kB [ 1266.669220] Node 1 Normal free:1921024kB min:53696kB low:67120kB high:80544kB active_anon:1257212kB inactive_anon:53480kB active_file:37988kB inactive_file:135780kB unevictable:0kB writepending:2096kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16480kB pagetables:40784kB bounce:0kB free_pcp:1424kB local_pcp:708kB free_cma:0kB [ 1266.679245] Total swap = 0kB [ 1266.702909] lowmem_reserve[]: 0 0 0 0 0 [ 1266.709085] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1266.726234] Node 0 DMA32: 969*4kB (UME) 280*8kB (UME) 690*16kB (UME) 289*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28644kB [ 1266.740704] 2097051 pages RAM [ 1266.741036] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1266.751243] 0 pages HighMem/MovableOnly [ 1266.756713] Node 1 Normal: 85*4kB (UME) 26*8kB (UME) 457*16kB (UME) 140*32kB (UME) 25*64kB (UME) 196*128kB (M) 282*256kB (ME) 120*512kB (UME) 35*1024kB (UME) 14*2048kB (UM) 411*4096kB (M) = 1920628kB [ 1266.771229] 363840 pages reserved [ 1266.779391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1266.790119] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1266.790187] 0 pages cma reserved [ 1266.799735] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 13:27:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x8002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:18 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000000)={0x61, 0x18, 0x0, 0xcf4d, "dd260c8cc170b58bd2e8168687dc5aa2d6519cf2ac41ba071ccf258690ed9efd"}) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000001, 0x8010, r0, 0xb7bcb000) pwritev(0xffffffffffffffff, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r2, 0x0) syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000200)="f30f09dee50f1ee0660f156ce30f20d86635080000000f22d80f5dc466b8128e00000f23d80f21f86635000000000f23f8f2360f186a303e67670f01c20f7830", 0x40}], 0x1, 0x48, &(0x7f0000000280)=[@dstype0={0x6, 0xf}, @efer={0x2, 0x800}], 0x2) clone(0x20022204ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c000000000109040000000000000000020000ee230001801400018008000100e000000108000200000000000c000280050001001400018008000100ac14140008000200ac1e00010c00028005000100000000003121ad2f1a1734e5f74f3fb58ebc82e8b765cf09ca57f43fcd881c9d621835e39c6a63b72219770aba481616a6e51fefd3bae7bfcefdc91e2deb9e18be3e4d143091ef8274493872ab32ef7c8d16d4dc202865877720145588e42604d21add709ec9162500000000000000002781de406588bcb9cb00000000000000079f341fa74f04f529144538e8d300c62e1ba8a777ef03a374e744321e7b3734ef3c7a71d04e7ba72131e9afa6561bbb7e42acdab68d4171adc425860cde"], 0x5c}}, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x280001, 0x10a) perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x20, 0x3f, 0x19, 0xe1, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x40144, 0x7, 0x8, 0x0, 0x6, 0x1, 0x3}, 0xffffffffffffffff, 0x8, r4, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:18 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000040)="58e5ff8014c940", 0xfffffffffffffcdb}], 0x1) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYBLOB="5530105a9f6f6818bd9f"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r8, @ANYBLOB="00000000ffffffff000000000a000100626669666f"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000480)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000240)={'syztnl1\x00', r8, 0x7800, 0x8, 0x2, 0xffff763a, {{0x18, 0x4, 0x3, 0x1, 0x60, 0x64, 0x0, 0x12, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x27, 0xeb, [@initdev={0xac, 0x1e, 0x1, 0x0}, @local, @rand_addr=0x64010101, @loopback, @empty, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101, @loopback]}, @ra={0x94, 0x4, 0x1}, @noop, @timestamp={0x44, 0x1c, 0xaf, 0x0, 0x1, [0x5, 0x4, 0x4, 0x3, 0x1, 0x6]}]}}}}}) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) pread64(r3, &(0x7f0000000140)=""/180, 0xb4, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0xd10, 0x70bd25, 0x25dfdbfe, {0xa, 0x20, 0x20, 0x2, 0xfd, 0x4, 0xfe, 0x7, 0x2000}, [@RTA_EXPIRES={0x8, 0x17, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000040}, 0x40800) [ 1266.811939] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1266.825104] 26546 total pagecache pages [ 1266.831028] 0 pages in swap cache [ 1266.837692] Swap cache stats: add 0, delete 0, find 0/0 [ 1266.843136] Free swap = 0kB [ 1266.850123] Total swap = 0kB [ 1266.853145] 2097051 pages RAM [ 1266.856980] 0 pages HighMem/MovableOnly [ 1266.876969] 363840 pages reserved [ 1266.895702] 0 pages cma reserved [ 1266.921886] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1266.957297] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x800, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x3, 0x30040) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x200040, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r2, 0x4040ae75, &(0x7f0000000100)={0x7, 0x0, 0x1efb4d1c, 0x802}) [ 1266.971189] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1266.987927] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1266.995294] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1267.033372] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1267.050590] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1267.061004] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1267.070752] CPU: 0 PID: 8394 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1267.078558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.087908] Call Trace: [ 1267.090503] dump_stack+0x1b2/0x281 [ 1267.094140] warn_alloc.cold+0x96/0x1cc [ 1267.098118] ? zone_watermark_ok_safe+0x220/0x220 [ 1267.102970] ? wait_for_completion_io+0x10/0x10 [ 1267.107647] __alloc_pages_nodemask+0x2127/0x2720 [ 1267.112513] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.117359] ? perf_trace_lock+0xf7/0x490 [ 1267.121506] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.126361] ? do_raw_spin_unlock+0x164/0x220 [ 1267.130867] alloc_pages_current+0x155/0x260 [ 1267.135282] kvm_mmu_create+0xda/0x1d0 [ 1267.139170] kvm_arch_vcpu_init+0x282/0x890 [ 1267.143491] ? alloc_pages_current+0x15d/0x260 [ 1267.148079] kvm_vcpu_init+0x26d/0x360 [ 1267.151969] vmx_create_vcpu+0xef/0x29d0 [ 1267.156057] ? __mutex_unlock_slowpath+0x75/0x770 [ 1267.160898] ? drop_futex_key_refs+0x2e/0xa0 [ 1267.165306] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1267.169375] kvm_vm_ioctl+0x4ca/0x13e0 [ 1267.173274] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.177443] ? check_preemption_disabled+0x35/0x240 [ 1267.182461] ? perf_trace_lock+0xf7/0x490 [ 1267.186611] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1267.191714] ? perf_trace_lock_acquire+0x510/0x510 [ 1267.196646] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.200796] do_vfs_ioctl+0x75a/0xff0 [ 1267.204599] ? ioctl_preallocate+0x1a0/0x1a0 [ 1267.209006] ? lock_downgrade+0x740/0x740 [ 1267.213160] ? __fget+0x225/0x360 [ 1267.216615] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.220589] ? security_file_ioctl+0x83/0xb0 [ 1267.225001] SyS_ioctl+0x7f/0xb0 [ 1267.228363] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.232340] do_syscall_64+0x1d5/0x640 [ 1267.236320] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1267.241505] RIP: 0033:0x465f69 [ 1267.244695] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1267.252402] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1267.257608] syz-executor.3 cpuset= [ 1267.259673] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1267.259680] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:27:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000180)=""/212, 0xd4}, {&(0x7f0000000080)=""/19, 0x13}, {&(0x7f0000000280)=""/155, 0x9b}, {&(0x7f00000000c0)=""/32, 0x20}], 0x4, 0xe6, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008050000001e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1267.259686] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1267.259692] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1267.274309] CPU: 0 PID: 8389 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1267.300210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.309566] Call Trace: [ 1267.312158] dump_stack+0x1b2/0x281 [ 1267.315792] warn_alloc.cold+0x96/0x1cc [ 1267.319770] ? zone_watermark_ok_safe+0x220/0x220 [ 1267.324629] ? wait_for_completion_io+0x10/0x10 [ 1267.329311] __alloc_pages_nodemask+0x2127/0x2720 [ 1267.332966] / [ 1267.334176] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.340714] ? perf_trace_lock+0xf7/0x490 [ 1267.341062] mems_allowed=0-1 [ 1267.344855] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.344880] ? do_raw_spin_unlock+0x164/0x220 [ 1267.344893] alloc_pages_current+0x155/0x260 [ 1267.344907] kvm_mmu_create+0xda/0x1d0 [ 1267.344918] kvm_arch_vcpu_init+0x282/0x890 [ 1267.344926] ? alloc_pages_current+0x15d/0x260 [ 1267.344939] kvm_vcpu_init+0x26d/0x360 [ 1267.344953] vmx_create_vcpu+0xef/0x29d0 [ 1267.344966] ? __mutex_unlock_slowpath+0x75/0x770 [ 1267.344978] ? drop_futex_key_refs+0x2e/0xa0 [ 1267.373985] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1267.374573] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1267.374586] ? get_futex_key+0x1160/0x1160 [ 1267.408494] kvm_vm_ioctl+0x4ca/0x13e0 [ 1267.412395] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.416562] ? check_preemption_disabled+0x35/0x240 [ 1267.421586] ? perf_trace_lock+0xf7/0x490 [ 1267.425734] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1267.430854] ? perf_trace_lock_acquire+0x510/0x510 [ 1267.435785] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.439932] do_vfs_ioctl+0x75a/0xff0 [ 1267.443778] ? ioctl_preallocate+0x1a0/0x1a0 [ 1267.448181] ? lock_downgrade+0x740/0x740 [ 1267.452326] ? __fget+0x225/0x360 [ 1267.455784] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.459758] ? security_file_ioctl+0x83/0xb0 [ 1267.464168] SyS_ioctl+0x7f/0xb0 [ 1267.467533] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.471512] do_syscall_64+0x1d5/0x640 [ 1267.475415] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1267.480609] RIP: 0033:0x465f69 [ 1267.483791] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1267.491499] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1267.498765] RDX: 0000000000000001 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1267.506033] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1267.513301] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1267.520570] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1267.529550] Mem-Info: 13:27:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1267.532126] active_anon:841699 inactive_anon:18063 isolated_anon:0 [ 1267.532126] active_file:9497 inactive_file:33953 isolated_file:0 [ 1267.532126] unevictable:0 dirty:534 writeback:0 unstable:0 [ 1267.532126] slab_reclaimable:16252 slab_unreclaimable:196765 [ 1267.532126] mapped:62579 shmem:8996 pagetables:18139 bounce:0 [ 1267.532126] free:489297 free_pcp:251 free_cma:0 [ 1267.562399] CPU: 1 PID: 8406 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1267.574210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.583477] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1267.583558] Call Trace: [ 1267.611702] Node 1 active_anon:1257636kB inactive_anon:53480kB active_file:37976kB inactive_file:135816kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33316kB dirty:2136kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1267.614069] dump_stack+0x1b2/0x281 [ 1267.614085] warn_alloc.cold+0x96/0x1cc [ 1267.614100] ? zone_watermark_ok_safe+0x220/0x220 [ 1267.645094] Node 0 [ 1267.646153] ? wait_for_completion_io+0x10/0x10 [ 1267.646171] __alloc_pages_nodemask+0x2127/0x2720 [ 1267.646196] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.650253] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1267.654967] ? perf_trace_lock+0xf7/0x490 [ 1267.654979] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1267.655002] ? do_raw_spin_unlock+0x164/0x220 [ 1267.655014] alloc_pages_current+0x155/0x260 [ 1267.655029] kvm_mmu_create+0xda/0x1d0 [ 1267.655040] kvm_arch_vcpu_init+0x282/0x890 [ 1267.662486] lowmem_reserve[]: [ 1267.666756] ? alloc_pages_current+0x15d/0x260 [ 1267.666772] kvm_vcpu_init+0x26d/0x360 [ 1267.666786] vmx_create_vcpu+0xef/0x29d0 [ 1267.666800] ? __mutex_unlock_slowpath+0x75/0x770 [ 1267.666811] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1267.666825] kvm_vm_ioctl+0x4ca/0x13e0 [ 1267.666838] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.674741] 0 [ 1267.697504] ? perf_trace_lock_acquire+0x510/0x510 [ 1267.697515] ? __lock_acquire+0x5fc/0x3f20 [ 1267.697528] ? check_preemption_disabled+0x35/0x240 [ 1267.697541] ? perf_trace_lock+0xf7/0x490 [ 1267.697552] ? lock_downgrade+0x740/0x740 [ 1267.697564] ? perf_trace_lock_acquire+0x510/0x510 [ 1267.697572] ? do_raw_spin_unlock+0x164/0x220 [ 1267.697582] ? _raw_spin_unlock+0x29/0x40 [ 1267.697590] ? kvm_vcpu_release+0xa0/0xa0 [ 1267.697602] do_vfs_ioctl+0x75a/0xff0 [ 1267.705016] 2717 [ 1267.706576] ? ioctl_preallocate+0x1a0/0x1a0 [ 1267.706586] ? lock_downgrade+0x740/0x740 [ 1267.706602] ? __fget+0x225/0x360 [ 1267.706611] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.706622] ? security_file_ioctl+0x83/0xb0 [ 1267.712337] 2718 [ 1267.715521] SyS_ioctl+0x7f/0xb0 [ 1267.715530] ? do_vfs_ioctl+0xff0/0xff0 [ 1267.715542] do_syscall_64+0x1d5/0x640 [ 1267.715559] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1267.715568] RIP: 0033:0x465f69 [ 1267.715572] RSP: 002b:00007f8db8961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1267.715583] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1267.715590] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1267.722904] 2718 [ 1267.723763] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1267.731526] 2718 13:27:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xfffffffffffffff7, 0x200501) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x102, 0x0) finit_module(r3, &(0x7f00000000c0)='/dev/kvm\x00', 0x1) r4 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x4cd9, 0x4440) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$RNDADDENTROPY(r2, 0x40085203, &(0x7f0000000140)={0x1, 0xbd, "d521feeb35574cb0b93ee810dea6d1eb4c3ec1f2781df5fcd28e7099b59a835a2239ae74f197da31425ebbc46e985880bf81d635e64a1f56e4feec00a0bb093da06c5e96c2c9a408bf5a935dd7ad929fbe997773b470d69cbf4065bb6d6a440fbd2dcf4c7f478326e7508603bb2f3ccabe8670bf56dd1647f45e3918500d3ce109cb612c81d786ee2bc1375c0e729f7f38d0d768f29a22d4c1a121432cafabc3d53e9f0dfdcdfdcab8650bcbb31cbd0f0b94843b69d6fadf381eaaf7eb"}) [ 1267.735295] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1267.735302] R13: 00007ffe6abe2b0f R14: 00007f8db8961300 R15: 0000000000022000 [ 1267.748570] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 13:27:19 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1=0xe000eb00, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1, 0x0, 0x64}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28, 'icmp\x00'}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40, 'connlimit\x00'}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'veth0_to_batadv\x00', 0x2}, 0x18) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x10) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={r1, 0x1, 0x7ff, 0x3}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) [ 1267.992653] Node 0 DMA32 free:28668kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:184kB local_pcp:8kB free_cma:0kB [ 1268.036290] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1268.042154] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:19 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x557cd8760d39aefe, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1268.104112] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1268.141507] CPU: 0 PID: 8476 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1268.149336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.158704] Call Trace: [ 1268.161294] dump_stack+0x1b2/0x281 [ 1268.164931] warn_alloc.cold+0x96/0x1cc [ 1268.168912] ? zone_watermark_ok_safe+0x220/0x220 [ 1268.173767] ? wait_for_completion_io+0x10/0x10 [ 1268.178442] __alloc_pages_nodemask+0x2127/0x2720 [ 1268.183300] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1268.188142] ? perf_trace_lock+0xf7/0x490 [ 1268.192294] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1268.197149] ? do_raw_spin_unlock+0x164/0x220 [ 1268.201648] alloc_pages_current+0x155/0x260 [ 1268.206059] kvm_mmu_create+0xda/0x1d0 [ 1268.209943] kvm_arch_vcpu_init+0x282/0x890 [ 1268.214263] ? alloc_pages_current+0x15d/0x260 [ 1268.218844] kvm_vcpu_init+0x26d/0x360 [ 1268.222732] vmx_create_vcpu+0xef/0x29d0 [ 1268.226881] ? __mutex_unlock_slowpath+0x75/0x770 [ 1268.231729] ? drop_futex_key_refs+0x2e/0xa0 [ 1268.236137] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1268.240198] ? get_futex_key+0x1160/0x1160 [ 1268.244442] kvm_vm_ioctl+0x4ca/0x13e0 [ 1268.248336] ? kvm_vcpu_release+0xa0/0xa0 [ 1268.252500] ? check_preemption_disabled+0x35/0x240 [ 1268.257524] ? perf_trace_lock+0xf7/0x490 [ 1268.261675] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1268.266784] ? perf_trace_lock_acquire+0x510/0x510 [ 1268.271721] ? kvm_vcpu_release+0xa0/0xa0 [ 1268.275872] do_vfs_ioctl+0x75a/0xff0 [ 1268.279679] ? ioctl_preallocate+0x1a0/0x1a0 [ 1268.284094] ? lock_downgrade+0x740/0x740 [ 1268.288250] ? __fget+0x225/0x360 [ 1268.291715] ? do_vfs_ioctl+0xff0/0xff0 [ 1268.295694] ? security_file_ioctl+0x83/0xb0 [ 1268.300113] SyS_ioctl+0x7f/0xb0 [ 1268.303479] ? do_vfs_ioctl+0xff0/0xff0 [ 1268.307567] do_syscall_64+0x1d5/0x640 [ 1268.311472] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1268.316660] RIP: 0033:0x465f69 [ 1268.319851] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1268.327562] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1268.334826] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 13:27:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x1000, 0x0, 0xa, 0x0, 0x80}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000000)={0x0, r3, 0x2, 0x3, 0xffff, 0x578}) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x301400, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1268.342091] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1268.349360] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1268.356629] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1268.375534] lowmem_reserve[]: 0 0 0 0 0 13:27:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000080)={0x100, 0x9}) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x64, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @remote}}}]}]}, 0x64}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1268.379632] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1268.422835] lowmem_reserve[]: 0 0 0 0 0 [ 1268.434968] Node 1 Normal free:1919284kB min:53696kB low:67120kB high:80544kB active_anon:1257776kB inactive_anon:53484kB active_file:37980kB inactive_file:135868kB unevictable:0kB writepending:2204kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17024kB pagetables:41336kB bounce:0kB free_pcp:804kB local_pcp:408kB free_cma:0kB [ 1268.478696] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1268.496014] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1268.501500] CPU: 0 PID: 8506 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1268.509286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.518638] Call Trace: [ 1268.521207] dump_stack+0x1b2/0x281 [ 1268.524818] warn_alloc.cold+0x96/0x1cc [ 1268.528790] ? zone_watermark_ok_safe+0x220/0x220 [ 1268.533710] ? wait_for_completion_io+0x10/0x10 [ 1268.538372] __alloc_pages_nodemask+0x2127/0x2720 [ 1268.543211] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1268.548033] ? perf_trace_lock+0xf7/0x490 [ 1268.552162] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1268.556992] ? do_raw_spin_unlock+0x164/0x220 [ 1268.561471] alloc_pages_current+0x155/0x260 [ 1268.565861] kvm_mmu_create+0xda/0x1d0 [ 1268.569731] kvm_arch_vcpu_init+0x282/0x890 [ 1268.574041] ? alloc_pages_current+0x15d/0x260 [ 1268.578628] kvm_vcpu_init+0x26d/0x360 [ 1268.582522] vmx_create_vcpu+0xef/0x29d0 [ 1268.586610] ? __mutex_unlock_slowpath+0x75/0x770 [ 1268.591434] ? drop_futex_key_refs+0x2e/0xa0 [ 1268.595831] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1268.599875] ? get_futex_key+0x1160/0x1160 [ 1268.604102] kvm_vm_ioctl+0x4ca/0x13e0 [ 1268.607975] ? kvm_vcpu_release+0xa0/0xa0 [ 1268.612122] ? lock_acquire+0x170/0x3f0 [ 1268.616093] ? lock_downgrade+0x740/0x740 [ 1268.620224] ? check_preemption_disabled+0x35/0x240 [ 1268.625237] ? perf_trace_lock+0xf7/0x490 [ 1268.629368] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1268.634462] ? perf_trace_lock_acquire+0x510/0x510 [ 1268.639401] ? kvm_vcpu_release+0xa0/0xa0 [ 1268.643530] do_vfs_ioctl+0x75a/0xff0 [ 1268.647314] ? ioctl_preallocate+0x1a0/0x1a0 [ 1268.651721] ? lock_downgrade+0x740/0x740 [ 1268.655867] ? __fget+0x225/0x360 [ 1268.659317] ? do_vfs_ioctl+0xff0/0xff0 [ 1268.663276] ? security_file_ioctl+0x83/0xb0 [ 1268.667666] SyS_ioctl+0x7f/0xb0 [ 1268.671015] ? do_vfs_ioctl+0xff0/0xff0 [ 1268.674972] do_syscall_64+0x1d5/0x640 [ 1268.678862] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1268.684032] RIP: 0033:0x465f69 [ 1268.687202] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1268.694893] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1268.702143] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1268.709391] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1268.716640] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1268.723891] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1268.732522] lowmem_reserve[]: 0 0 0 0 0 [ 1268.746974] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1268.768110] Node 0 DMA32: 969*4kB (UME) 279*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28668kB [ 1268.785736] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1268.800944] Node 1 Normal: 40*4kB (UME) 106*8kB (UE) 376*16kB (UE) 121*32kB (UME) 22*64kB (U) 206*128kB (UM) 288*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1920784kB [ 1268.827404] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1268.836682] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 13:27:20 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="5f654c44065b0510731100687f9b396c43d693829b4b452aaddb2bcc68c87ea665add9fd49fddd68a962518e03ac612df1898b6bb490c821b52858a3e5eb151f39144f15ca409982f87ff345792b6eaee05bb6fc9b453c78dab8e1e2a4330c8052c4c5e55c4943c621558c19152b87dcd53e5800bd8f4e7194234ef46aff4982e2923c830ef84934ef9c81f3a66cb8e312cce0e2c57978c3"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) ftruncate(r3, 0x7fffffff) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x12, r5, 0x7e360000) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) getsockopt$ax25_int(r1, 0x101, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r6 = socket$inet_icmp(0x2, 0x2, 0x1) splice(r0, 0x0, r6, 0x0, 0x0, 0xd) 13:27:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000001090400000000000000000200000024000180140001806908000100e000000108000200000000000c0002800500010000000000df5090000100ac14140008000200ac1e00010c0002800500"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/netstat\x00') [ 1268.846034] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1268.856617] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1268.865584] 26566 total pagecache pages [ 1268.869781] 0 pages in swap cache [ 1268.883372] Swap cache stats: add 0, delete 0, find 0/0 [ 1268.902866] Free swap = 0kB [ 1268.910183] Total swap = 0kB [ 1268.913439] 2097051 pages RAM [ 1268.916834] 0 pages HighMem/MovableOnly [ 1268.921267] 363840 pages reserved [ 1268.925101] 0 pages cma reserved [ 1268.946573] warn_alloc_show_mem: 2 callbacks suppressed 13:27:20 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) [ 1268.946577] Mem-Info: [ 1268.971769] active_anon:841743 inactive_anon:18064 isolated_anon:0 [ 1268.971769] active_file:9498 inactive_file:33975 isolated_file:0 [ 1268.971769] unevictable:0 dirty:562 writeback:0 unstable:0 [ 1268.971769] slab_reclaimable:16218 slab_unreclaimable:195699 [ 1268.971769] mapped:62622 shmem:8997 pagetables:18192 bounce:0 [ 1268.971769] free:490371 free_pcp:258 free_cma:0 [ 1269.020076] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:27:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000080)='./file0\x00', 0x109141, 0x0) mmap$perf(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000003, 0x810, r1, 0x226) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x104, 0x0, 0x1, 0x801, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0xb4, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @dev={0xfe, 0x80, [], 0xa}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}]}, 0x104}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r5, @ANYBLOB="0000fe1f0000000028000076657468f571542a00"], 0x48}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000004c0)={0x280, 0x1, 0x3, 0x801, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFQA_CT={0x10c, 0xb, 0x0, 0x1, [@CTA_SYNPROXY={0x14, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x3ff}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x1}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_NAT_DST={0xac, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @private=0xa010100}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010102}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast2}, @CTA_NAT_PROTO={0x44, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @local}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}]}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x82}}]}, @CTA_STATUS={0x8}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}]}, @NFQA_EXP={0xcc, 0xf, 0x0, 0x1, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_HELP_NAME={0xf, 0x6, 'sane-20000\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x317}, @CTA_EXPECT_HELP_NAME={0xb, 0x6, 'amanda\x00'}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xaf4}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x800}, @CTA_EXPECT_MASTER={0x90, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x29}}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, @NFQA_PAYLOAD={0x91, 0xa, "7bf3d58e76466c04e702d73e65a37ecafa641f827567a0d715ae6a7d5ce5fe97ad6f37ff57562093b5b7e4d69f1f60f375067bcee95a8f3d1c344644a37c732069f437385888e0e18229f42a658d43bc2d7826adaccaefbeac8a9eea88003bc9fd6f8b171e6f7c84812850904c774a3d8926409461d98e81b0977efd7502725f09d4b92d7f7a2405a91aa75603"}]}, 0x280}, 0x1, 0x0, 0x0, 0x4004004}, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x1040c0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1269.053118] Node 1 active_anon:1257712kB inactive_anon:53484kB active_file:37984kB inactive_file:135900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33388kB dirty:2248kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 13:27:20 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x71, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={r5}, &(0x7f00000003c0)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000340)={r5, 0x68, &(0x7f00000000c0)=[@in={0x2, 0x0, @multicast2}, @in6={0xa, 0x4e22, 0x20, @loopback, 0x8}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e20, 0x5b96, @dev={0xfe, 0x80, [], 0x2a}, 0xff}, @in={0x2, 0x4e20, @multicast2}]}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x775, 0xa870, 0x0, 0x40, 0x6, 0x6, 0xa25, {r5, @in={{0x2, 0x4e24, @multicast1}}, 0xc4, 0x3f, 0x7fffffff, 0x4445, 0xfffffff7}}, &(0x7f0000000200)=0xb0) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r2, 0x8, 0xffff, 0x9) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1269.115920] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1269.154278] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1269.169106] CPU: 0 PID: 8506 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1269.176916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.186263] Call Trace: [ 1269.188850] dump_stack+0x1b2/0x281 [ 1269.192484] warn_alloc.cold+0x96/0x1cc [ 1269.196463] ? zone_watermark_ok_safe+0x220/0x220 [ 1269.201316] ? wait_for_completion_io+0x10/0x10 [ 1269.205993] __alloc_pages_nodemask+0x2127/0x2720 [ 1269.210893] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1269.217045] ? perf_trace_lock+0xf7/0x490 [ 1269.221194] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1269.226504] ? do_raw_spin_unlock+0x164/0x220 [ 1269.231013] alloc_pages_current+0x155/0x260 [ 1269.235426] kvm_mmu_create+0xda/0x1d0 [ 1269.239346] kvm_arch_vcpu_init+0x282/0x890 [ 1269.243667] ? alloc_pages_current+0x15d/0x260 [ 1269.248259] kvm_vcpu_init+0x26d/0x360 [ 1269.252152] vmx_create_vcpu+0xef/0x29d0 [ 1269.256220] ? __mutex_unlock_slowpath+0x75/0x770 [ 1269.261063] ? drop_futex_key_refs+0x2e/0xa0 [ 1269.265478] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1269.269547] kvm_vm_ioctl+0x4ca/0x13e0 [ 1269.273443] ? kvm_vcpu_release+0xa0/0xa0 [ 1269.277601] ? lock_acquire+0x170/0x3f0 [ 1269.281575] ? lock_downgrade+0x740/0x740 [ 1269.285725] ? check_preemption_disabled+0x35/0x240 [ 1269.293786] ? perf_trace_lock+0xf7/0x490 [ 1269.297938] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1269.303043] ? perf_trace_lock_acquire+0x510/0x510 [ 1269.308088] ? kvm_vcpu_release+0xa0/0xa0 [ 1269.312242] do_vfs_ioctl+0x75a/0xff0 [ 1269.316046] ? ioctl_preallocate+0x1a0/0x1a0 [ 1269.320451] ? lock_downgrade+0x740/0x740 [ 1269.324603] ? __fget+0x225/0x360 [ 1269.328058] ? do_vfs_ioctl+0xff0/0xff0 [ 1269.332031] ? security_file_ioctl+0x83/0xb0 [ 1269.336439] SyS_ioctl+0x7f/0xb0 [ 1269.339801] ? do_vfs_ioctl+0xff0/0xff0 [ 1269.343775] do_syscall_64+0x1d5/0x640 [ 1269.347669] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1269.352854] RIP: 0033:0x465f69 [ 1269.356040] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1269.363743] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1269.371011] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1269.378280] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1269.385891] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1269.393154] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1269.404517] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1269.442674] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1269.448069] Node 0 DMA32 free:28668kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:180kB local_pcp:8kB free_cma:0kB [ 1269.482640] lowmem_reserve[]: 0 0 0 0 0 [ 1269.501817] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1269.528254] lowmem_reserve[]: 0 0 0 0 0 [ 1269.532325] Node 1 Normal free:1919636kB min:53696kB low:67120kB high:80544kB active_anon:1257812kB inactive_anon:53484kB active_file:37984kB inactive_file:135900kB unevictable:0kB writepending:2248kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16800kB pagetables:41260kB bounce:0kB free_pcp:1420kB local_pcp:712kB free_cma:0kB [ 1269.565244] lowmem_reserve[]: 0 0 0 0 0 [ 1269.569323] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1269.584225] Node 0 DMA32: 969*4kB (UME) 279*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28668kB [ 1269.617128] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1269.628003] Node 1 Normal: 108*4kB (UME) 28*8kB (UME) 111*16kB (UME) 129*32kB (UME) 24*64kB (UE) 213*128kB (UM) 295*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1919264kB [ 1269.652500] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1269.673653] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1269.682430] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1269.692240] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1269.701982] 26576 total pagecache pages [ 1269.706584] 0 pages in swap cache [ 1269.713450] Swap cache stats: add 0, delete 0, find 0/0 [ 1269.723485] Free swap = 0kB [ 1269.732726] Total swap = 0kB [ 1269.736439] 2097051 pages RAM [ 1269.739690] 0 pages HighMem/MovableOnly [ 1269.758791] 363840 pages reserved [ 1269.779072] 0 pages cma reserved 13:27:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x70, 0x4, 0xb3, 0x6, 0x2, 0x0, 0x5, 0x510, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc6b9, 0x2, @perf_bp={&(0x7f0000000080), 0x2}, 0x400b8, 0x3, 0x80, 0x6, 0x5, 0x613, 0x1}, 0xffffffffffffffff, 0x9, r1, 0x2) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000200)={0x0, 0x70, 0x7, 0x2, 0x1, 0x40, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x1, 0x8}, 0x40, 0x0, 0xff000000, 0x3, 0x3f, 0x2, 0x8}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000008240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:21 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f0000000000)=0x3f) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:21 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0x58800, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x8, 0x80, 0x80000000, 0x4, {{0x33, 0x4, 0x2, 0x1, 0xcc, 0x68, 0x0, 0x0, 0x4, 0x0, @multicast2, @remote, {[@generic={0x86, 0x8, "32d65c889ed5"}, @lsrr={0x83, 0x17, 0x4d, [@empty, @broadcast, @broadcast, @multicast1, @multicast1]}, @timestamp_addr={0x44, 0x34, 0x18, 0x1, 0x9, [{@dev={0xac, 0x14, 0x14, 0x3d}, 0x800}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@multicast1, 0x2}, {@loopback, 0x800}, {@multicast2, 0x1ff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}]}, @rr={0x7, 0x7, 0xb4, [@multicast1]}, @cipso={0x86, 0x1c, 0x3, [{0x1, 0x8, "5dbb453a1d2e"}, {0x0, 0xe, "edda3f07ced7940e6eac55aa"}]}, @cipso={0x86, 0xd, 0x1, [{0x2, 0x7, "384bd77399"}]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x24, 0x3c, 0x0, 0xa, [0x5, 0x10001, 0x2, 0x7fff, 0xff2, 0x0, 0xffffffff, 0x7fffffff]}, @timestamp={0x44, 0xc, 0x1f, 0x0, 0x8, [0x3, 0x2a7]}]}}}}}) sendmsg$nl_route(r5, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=@delneigh={0x34, 0x1d, 0x1, 0x70bd2b, 0x25dfdbfd, {0x5, 0x0, 0x0, r6, 0x40, 0x2, 0x8}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @NDA_DST_MAC={0xa, 0x1, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x8000) 13:27:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:21 executing program 4: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) read$dsp(r1, &(0x7f0000000280)=""/239, 0xef) r2 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x26, 0xff, 0x0, 0x0, 0x7, 0x40, 0xc, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_config_ext={0x100000000000000}, 0x48010, 0xd64, 0x2, 0x3, 0x80000001, 0x0, 0x9}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r4, 0x4}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) 13:27:21 executing program 4: mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x709f98ab6ee697c1, &(0x7f0000000000)=0xffffffffffff292c, 0x6, 0x3) mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x401, 0x8000) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000003, 0xffffffffffff8001, 0x100000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000080)={0x4, 0x0, &(0x7f0000ffd000/0x2000)=nil}) mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) [ 1269.902017] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1269.981970] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1270.018642] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1270.023948] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1270.042862] CPU: 1 PID: 8618 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1270.050671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.060011] Call Trace: [ 1270.062616] dump_stack+0x1b2/0x281 [ 1270.066259] warn_alloc.cold+0x96/0x1cc [ 1270.070233] ? zone_watermark_ok_safe+0x220/0x220 [ 1270.075065] ? wait_for_completion_io+0x10/0x10 [ 1270.079717] __alloc_pages_nodemask+0x2127/0x2720 [ 1270.084565] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.089419] ? perf_trace_lock+0xf7/0x490 [ 1270.093565] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.103264] ? do_raw_spin_unlock+0x164/0x220 [ 1270.108208] alloc_pages_current+0x155/0x260 [ 1270.112604] kvm_mmu_create+0xda/0x1d0 [ 1270.116492] kvm_arch_vcpu_init+0x282/0x890 [ 1270.120794] ? alloc_pages_current+0x15d/0x260 [ 1270.125361] kvm_vcpu_init+0x26d/0x360 [ 1270.129247] vmx_create_vcpu+0xef/0x29d0 [ 1270.133294] ? __mutex_unlock_slowpath+0x75/0x770 [ 1270.138132] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1270.142182] kvm_vm_ioctl+0x4ca/0x13e0 [ 1270.146069] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.150201] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.155115] ? __lock_acquire+0x5fc/0x3f20 [ 1270.159353] ? check_preemption_disabled+0x35/0x240 [ 1270.164350] ? perf_trace_lock+0xf7/0x490 [ 1270.168476] ? lock_downgrade+0x740/0x740 [ 1270.172624] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.177535] ? do_raw_spin_unlock+0x164/0x220 [ 1270.182015] ? _raw_spin_unlock+0x29/0x40 [ 1270.186141] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.190271] do_vfs_ioctl+0x75a/0xff0 [ 1270.194058] ? ioctl_preallocate+0x1a0/0x1a0 [ 1270.198446] ? lock_downgrade+0x740/0x740 [ 1270.202580] ? __fget+0x225/0x360 [ 1270.206016] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.209973] ? security_file_ioctl+0x83/0xb0 [ 1270.214365] SyS_ioctl+0x7f/0xb0 [ 1270.217729] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.221692] do_syscall_64+0x1d5/0x640 [ 1270.225565] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.230742] RIP: 0033:0x465f69 [ 1270.233915] RSP: 002b:00007f58847ba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1270.241603] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1270.248867] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1270.256116] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1270.263369] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1270.270625] R13: 00007ffd2f6bf3cf R14: 00007f58847ba300 R15: 0000000000022000 [ 1270.277989] CPU: 0 PID: 8594 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1270.290220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.299558] Call Trace: [ 1270.302136] dump_stack+0x1b2/0x281 [ 1270.305748] warn_alloc.cold+0x96/0x1cc [ 1270.309720] ? zone_watermark_ok_safe+0x220/0x220 [ 1270.314556] ? wait_for_completion_io+0x10/0x10 [ 1270.319216] __alloc_pages_nodemask+0x2127/0x2720 [ 1270.324053] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.328874] ? perf_trace_lock+0xf7/0x490 [ 1270.333003] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.337832] ? do_raw_spin_unlock+0x164/0x220 [ 1270.342310] alloc_pages_current+0x155/0x260 [ 1270.346708] kvm_mmu_create+0xda/0x1d0 [ 1270.350575] kvm_arch_vcpu_init+0x282/0x890 [ 1270.354880] ? alloc_pages_current+0x15d/0x260 [ 1270.359446] kvm_vcpu_init+0x26d/0x360 [ 1270.363317] vmx_create_vcpu+0xef/0x29d0 [ 1270.367362] ? __mutex_unlock_slowpath+0x75/0x770 [ 1270.372359] ? drop_futex_key_refs+0x2e/0xa0 [ 1270.376750] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1270.380794] ? get_futex_key+0x1160/0x1160 [ 1270.385021] kvm_vm_ioctl+0x4ca/0x13e0 [ 1270.388893] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.393030] ? check_preemption_disabled+0x35/0x240 [ 1270.398040] ? perf_trace_lock+0xf7/0x490 [ 1270.402174] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1270.407258] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.412169] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.416302] do_vfs_ioctl+0x75a/0xff0 [ 1270.420087] ? ioctl_preallocate+0x1a0/0x1a0 [ 1270.424476] ? lock_downgrade+0x740/0x740 [ 1270.428607] ? __fget+0x225/0x360 [ 1270.432040] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.436084] ? security_file_ioctl+0x83/0xb0 [ 1270.440473] SyS_ioctl+0x7f/0xb0 [ 1270.443818] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.447772] do_syscall_64+0x1d5/0x640 [ 1270.451644] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.456811] RIP: 0033:0x465f69 [ 1270.459979] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1270.467669] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1270.474918] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1270.482273] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1270.489535] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1270.496784] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1270.554447] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1270.584714] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1270.602323] CPU: 0 PID: 8628 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1270.610135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.619483] Call Trace: [ 1270.622075] dump_stack+0x1b2/0x281 [ 1270.625716] warn_alloc.cold+0x96/0x1cc [ 1270.629693] ? zone_watermark_ok_safe+0x220/0x220 [ 1270.634552] ? wait_for_completion_io+0x10/0x10 [ 1270.639223] __alloc_pages_nodemask+0x2127/0x2720 [ 1270.644085] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.648922] ? perf_trace_lock+0xf7/0x490 [ 1270.653066] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.657920] ? do_raw_spin_unlock+0x164/0x220 [ 1270.662501] alloc_pages_current+0x155/0x260 [ 1270.666919] kvm_mmu_create+0xda/0x1d0 [ 1270.670807] kvm_arch_vcpu_init+0x282/0x890 [ 1270.675124] ? alloc_pages_current+0x15d/0x260 [ 1270.679705] kvm_vcpu_init+0x26d/0x360 [ 1270.683593] vmx_create_vcpu+0xef/0x29d0 [ 1270.687655] ? __mutex_unlock_slowpath+0x75/0x770 [ 1270.692593] ? drop_futex_key_refs+0x2e/0xa0 [ 1270.697004] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1270.701073] kvm_vm_ioctl+0x4ca/0x13e0 [ 1270.704960] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.709110] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.714039] ? userfaultfd_unmap_complete+0x225/0x320 [ 1270.719228] ? check_preemption_disabled+0x35/0x240 [ 1270.724248] ? perf_trace_lock+0xf7/0x490 [ 1270.728401] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.733347] ? kvm_vcpu_release+0xa0/0xa0 [ 1270.737493] do_vfs_ioctl+0x75a/0xff0 [ 1270.741302] ? ioctl_preallocate+0x1a0/0x1a0 [ 1270.745706] ? lock_downgrade+0x740/0x740 [ 1270.749854] ? __fget+0x225/0x360 [ 1270.753304] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.757276] ? security_file_ioctl+0x83/0xb0 [ 1270.761683] SyS_ioctl+0x7f/0xb0 [ 1270.765045] ? do_vfs_ioctl+0xff0/0xff0 [ 1270.769015] do_syscall_64+0x1d5/0x640 [ 1270.772908] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.778095] RIP: 0033:0x465f69 [ 1270.781279] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1270.788991] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1270.796257] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1270.803528] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1270.810793] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1270.818061] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1270.839766] warn_alloc_show_mem: 2 callbacks suppressed [ 1270.839769] Mem-Info: 13:27:22 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x149000, 0x0) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000180)=0x1a362374) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) fallocate(r4, 0x20, 0x0, 0xfffffeff000) fallocate(r4, 0x0, 0x0, 0x10000101) fallocate(r4, 0x3, 0x0, 0xffff) fallocate(r4, 0x0, 0x0, 0x10000101) 13:27:22 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r4 = socket(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r7, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYBLOB, @ANYBLOB="00000000ffffffff000000000a000100626669666f", @ANYRESDEC=r0, @ANYRESDEC=0x0], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="240000002400012c3d236ae4f724ae80cc90c6ef74634900000000000000000000000000a62fe86cf4ccbd2337157a99ef646a39f538907a35c4b6f6b221892166246356d69f62ea5cd2ddba50c3eb9899bff328848dd14b3908703964e04671b77089ee39c6c5e0acc322641b0590ab21ca8f6b818322e11e7e039fb0836985d2d0b09207541865733c2126458619c294df0b718877d44e4fcece76be342dceba40de019ce887d29e9c3487f2fcd6059e172ea7344bb086a5305f8b6379b0fe542b618f533e8e", @ANYRES32=r7, @ANYRES16=r0], 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x20040000) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xa9f94ecac01c90f1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_deladdr={0x3c, 0x15, 0x8, 0x70bd2d, 0x25dfdbfb, {0x2, 0xc1, 0xdb, 0xfd, r7}, [@IFA_CACHEINFO={0x14, 0x6, {0x8, 0x7f, 0x6, 0x2}}, @IFA_FLAGS={0x8}, @IFA_FLAGS={0x8, 0x8, 0x420}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0xc0) close(r2) r8 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1270.860631] active_anon:841780 inactive_anon:18063 isolated_anon:0 [ 1270.860631] active_file:9500 inactive_file:33981 isolated_file:0 [ 1270.860631] unevictable:0 dirty:575 writeback:0 unstable:0 [ 1270.860631] slab_reclaimable:16171 slab_unreclaimable:195992 [ 1270.860631] mapped:62669 shmem:8996 pagetables:18267 bounce:0 [ 1270.860631] free:490018 free_pcp:298 free_cma:0 [ 1270.954458] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 13:27:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x7}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000180)="650fc7aa3400dd8a0b00c4c211cf7b4af20f2b0e5c0066b9e50b00000f3265f20f5fa30a0064660f3036f30f1f78bf0f01cf0f20d86635080000000f22d8", 0x3e}], 0x1, 0x2, &(0x7f0000000280)=[@efer={0x2, 0x8800}, @cstype3={0x5, 0xa}], 0x2) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x5) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x10003, 0x1, 0x1, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x6, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xecb, 0x4, @perf_config_ext={0xfffffffffffffffe, 0x8000}, 0x9050, 0xd66, 0x1, 0x6, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r6, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="66baf80cb854d9c48ec42109f2eb66ba4300b003ee41de650b66eff083770079440f3041e30048b86d730000000000000f23c80f21f835000020000f23f826650f2086430f303e64460f06c744240001010000c74424026a2e0000ff2c243e0f22d4", 0x62}], 0x1, 0x40, &(0x7f0000000280), 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0x5, 0xcb, 0x80, 0x5, 0x2, 0x4, 0x40, 0x5, 0x0, 0x2, 0x7f, 0x0, 0x4, 0xb0}, 0xe) [ 1271.068855] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1271.077873] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1271.141391] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1271.166718] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1271.175713] CPU: 0 PID: 8673 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1271.183542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.192890] Call Trace: [ 1271.195671] dump_stack+0x1b2/0x281 [ 1271.199303] warn_alloc.cold+0x96/0x1cc [ 1271.203279] ? zone_watermark_ok_safe+0x220/0x220 [ 1271.208126] ? wait_for_completion_io+0x10/0x10 [ 1271.212796] __alloc_pages_nodemask+0x2127/0x2720 [ 1271.217742] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1271.222583] ? perf_trace_lock+0xf7/0x490 [ 1271.226730] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1271.231582] ? do_raw_spin_unlock+0x164/0x220 [ 1271.236077] alloc_pages_current+0x155/0x260 [ 1271.240490] kvm_mmu_create+0xda/0x1d0 [ 1271.244379] kvm_arch_vcpu_init+0x282/0x890 [ 1271.248699] ? alloc_pages_current+0x15d/0x260 [ 1271.253282] kvm_vcpu_init+0x26d/0x360 [ 1271.257175] vmx_create_vcpu+0xef/0x29d0 [ 1271.261241] ? __mutex_unlock_slowpath+0x75/0x770 [ 1271.266082] ? drop_futex_key_refs+0x2e/0xa0 [ 1271.270494] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1271.274562] kvm_vm_ioctl+0x4ca/0x13e0 [ 1271.278458] ? kvm_vcpu_release+0xa0/0xa0 [ 1271.282633] ? __might_fault+0x104/0x1b0 [ 1271.286783] ? check_preemption_disabled+0x35/0x240 [ 1271.291798] ? perf_trace_lock+0xf7/0x490 [ 1271.295950] ? perf_trace_lock_acquire+0x510/0x510 [ 1271.308517] ? __might_fault+0x177/0x1b0 [ 1271.312579] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1271.313514] syz-executor.2: [ 1271.317411] ? kvm_vcpu_release+0xa0/0xa0 [ 1271.317425] do_vfs_ioctl+0x75a/0xff0 [ 1271.317440] ? ioctl_preallocate+0x1a0/0x1a0 [ 1271.317449] ? lock_downgrade+0x740/0x740 [ 1271.317463] ? __fget+0x225/0x360 13:27:23 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_mount_image$gfs2meta(&(0x7f0000000200)='gfs2meta\x00', &(0x7f0000000380)='./bus\x00', 0x5, 0x3, &(0x7f0000000600)=[{&(0x7f0000000400)="9162285f928f10e98dc59a2e95ba52df9de8be8c9164336d205de0ff885c68aa09f0bf7eb41d336d054aac67fd44252f551adf57157167ba87353c942ec2c021cb52587f042d4d2e952417d384f14186e112d09bcb48f3a3b387b14f9fd3521d759eedb826a8eb4609c438353f9a6350abbc8cd5b0de69d2cbc173eb338d580fcb5cf4712a14704e14abb36b61862679ab25f2f3722a5b2bda985ffe2abbbd4eac19752db4cc5a3a1c2ebd7289168db226390ebef0df5401", 0xb8, 0x1}, {&(0x7f00000004c0)="e8f5ebf521ea933107c7cd92ca5c6d35fbd3bcee20a9fe6db33f2ebe7dd402b9e16155d6b706d64c7fa7601354e3be7f7a7161aba77a0f8d3fb502ab2d1faefd8d98de74815e9b215a92dd18a2425ddd7b20b27612ffd408093e06fbf209b1c41ed243baed6e10f4ecac773f54c836c045d50e88eba7a1c2833aa3f8ec53517ff9aded0ad5e3e842e112cbe42ec2b99946e9bec9907fe90c7e89d1e71e8dd99c1dc6a556795767ba85c1b8ae5f268ea87d31b08351ea15b116e0c332bccb241a678ff9f4b31b4efefac0bea5056157993a3075b88526e2eae9315851fb3eabf0d72659f33e0f1c26d4a01af240fcdf", 0xef, 0x8}, {&(0x7f00000005c0)="a2204f637c0454e032", 0x9, 0x7}], 0x4010, &(0x7f0000000680)={[{'^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'}], [{@fowner_lt={'fowner<', 0xee00}}, {@fowner_eq={'fowner', 0x3d, 0xee00}}, {@fsname={'fsname', 0x3d, '^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'}}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000780)={0x0, 0x0}) getresuid(&(0x7f0000000800)=0x0, &(0x7f0000000840), &(0x7f0000000880)) sendmsg$unix(r3, &(0x7f0000000900)={&(0x7f0000000140)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000280)="40c443a9bb9c72921d0426aed6eed42a133be56332ef092b9aba6d8496e480033f4d3827469d2090edf2e39175240ce120a95c91b5b8d679e344a547d34969b1adadcd4b1ca9fc7874405ae0feb426046e2edc6edbee54f5295fd6976da849d66cf5a1592d11cf41ad4f3d449ab7f1f43508c3f8e580f481360d96cf18bc0eac5b5a56b5511d7d035757ee4b69ce42724dc436214859501d9f81036286d8ab063ca56ee4b5566496d4b50a76a539b678f8cb5c480de09839c5652b895f678850b3796fed9582d6e36f304d7383608fec82d7a94f4dddb16019db62", 0xdb}], 0x1, &(0x7f00000008c0)=[@rights={{0x20, 0x1, 0x1, [r0, r1, 0xffffffffffffffff, r4]}}, @cred={{0x1c, 0x1, 0x2, {r5, r6, 0xee01}}}], 0x40, 0x14}, 0x8c1) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r7 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r8, 0x800) fallocate(r7, 0x20, 0x0, 0xfffffeff000) fallocate(r7, 0x0, 0x0, 0x10000101) fallocate(r7, 0x3, 0x0, 0xffff) fallocate(r7, 0x0, 0x0, 0x10000101) [ 1271.317472] ? do_vfs_ioctl+0xff0/0xff0 [ 1271.317482] ? security_file_ioctl+0x83/0xb0 [ 1271.317493] SyS_ioctl+0x7f/0xb0 [ 1271.317500] ? do_vfs_ioctl+0xff0/0xff0 [ 1271.317512] do_syscall_64+0x1d5/0x640 [ 1271.317531] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1271.317538] RIP: 0033:0x465f69 [ 1271.317543] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1271.350642] page allocation failure: order:0 [ 1271.352383] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1271.352390] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1271.352396] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1271.352402] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1271.352408] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1271.356086] Node 1 active_anon:1258096kB inactive_anon:53480kB active_file:37992kB inactive_file:135968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33764kB dirty:2344kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1271.412066] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1271.428563] Node 0 [ 1271.459164] gfs2: gfs2 mount does not exist [ 1271.469406] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1271.504843] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1271.510045] Node 0 DMA32 free:28692kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:224kB local_pcp:8kB free_cma:0kB [ 1271.539973] lowmem_reserve[]: 0 0 0 0 0 [ 1271.544135] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1271.584385] (null) [ 1271.589043] lowmem_reserve[]: 0 0 0 0 0 [ 1271.590207] syz-executor.2 cpuset= [ 1271.593156] Node 1 [ 1271.597927] gfs2: gfs2 mount does not exist [ 1271.604515] / mems_allowed=0-1 [ 1271.610068] Normal free:1917596kB min:53696kB low:67120kB high:80544kB active_anon:1257996kB inactive_anon:53480kB active_file:37992kB inactive_file:135968kB unevictable:0kB writepending:1012kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17248kB pagetables:41580kB bounce:0kB free_pcp:1156kB local_pcp:516kB free_cma:0kB [ 1271.625977] CPU: 1 PID: 8676 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1271.650871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.660225] Call Trace: [ 1271.662835] dump_stack+0x1b2/0x281 [ 1271.666471] warn_alloc.cold+0x96/0x1cc [ 1271.669817] lowmem_reserve[]: 0 [ 1271.670446] ? zone_watermark_ok_safe+0x220/0x220 [ 1271.670466] ? wait_for_completion_io+0x10/0x10 [ 1271.683208] __alloc_pages_nodemask+0x2127/0x2720 [ 1271.686838] 0 [ 1271.688062] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1271.690257] 0 [ 1271.694789] ? perf_trace_lock+0xf7/0x490 [ 1271.694801] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1271.694822] ? do_raw_spin_unlock+0x164/0x220 [ 1271.708393] 0 [ 1271.710044] alloc_pages_current+0x155/0x260 [ 1271.710060] kvm_mmu_create+0xda/0x1d0 [ 1271.712181] 0 [ 1271.716322] kvm_arch_vcpu_init+0x282/0x890 [ 1271.716332] ? alloc_pages_current+0x15d/0x260 [ 1271.716346] kvm_vcpu_init+0x26d/0x360 [ 1271.716358] vmx_create_vcpu+0xef/0x29d0 [ 1271.716373] ? __mutex_unlock_slowpath+0x75/0x770 [ 1271.726341] ? drop_futex_key_refs+0x2e/0xa0 [ 1271.726354] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1271.726369] kvm_vm_ioctl+0x4ca/0x13e0 [ 1271.726382] ? kvm_vcpu_release+0xa0/0xa0 [ 1271.732363] Node 0 [ 1271.734825] ? check_preemption_disabled+0x35/0x240 [ 1271.734839] ? perf_trace_lock+0xf7/0x490 [ 1271.734853] ? perf_trace_lock_acquire+0x510/0x510 [ 1271.740315] DMA: [ 1271.743708] ? lock_downgrade+0x740/0x740 [ 1271.743720] ? kvm_vcpu_release+0xa0/0xa0 [ 1271.743731] do_vfs_ioctl+0x75a/0xff0 [ 1271.749597] 33*4kB [ 1271.752165] ? ioctl_preallocate+0x1a0/0x1a0 [ 1271.752177] ? lock_downgrade+0x740/0x740 [ 1271.757116] (UM) [ 1271.760191] ? __fget+0x225/0x360 [ 1271.760203] ? do_vfs_ioctl+0xff0/0xff0 [ 1271.762442] 3*8kB [ 1271.767509] ? security_file_ioctl+0x83/0xb0 [ 1271.767519] SyS_ioctl+0x7f/0xb0 [ 1271.767528] ? do_vfs_ioctl+0xff0/0xff0 [ 1271.767539] do_syscall_64+0x1d5/0x640 [ 1271.767555] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1271.767564] RIP: 0033:0x465f69 [ 1271.775194] (UM) [ 1271.776592] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1271.776604] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1271.776612] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1271.778682] 4*16kB [ 1271.782781] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1271.782787] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1271.782793] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1271.912007] (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1271.933043] Node 0 DMA32: 969*4kB (UME) 281*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28684kB [ 1271.961286] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1271.973691] Node 1 Normal: 138*4kB (UME) 474*8kB (UME) 128*16kB (UME) 148*32kB (UE) 44*64kB (UE) 191*128kB (UM) 285*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1919736kB [ 1271.995029] warn_alloc_show_mem: 3 callbacks suppressed [ 1271.995032] Mem-Info: [ 1272.003734] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1272.011912] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1272.019929] active_anon:841808 inactive_anon:18064 isolated_anon:0 [ 1272.019929] active_file:9502 inactive_file:34001 isolated_file:0 [ 1272.019929] unevictable:0 dirty:85 writeback:0 unstable:0 [ 1272.019929] slab_reclaimable:16180 slab_unreclaimable:196470 [ 1272.019929] mapped:62712 shmem:8997 pagetables:18178 bounce:0 [ 1272.019929] free:489618 free_pcp:313 free_cma:0 [ 1272.060234] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1272.066554] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1272.080812] CPU: 1 PID: 8727 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1272.085361] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1272.088612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.088617] Call Trace: [ 1272.088632] dump_stack+0x1b2/0x281 [ 1272.088646] warn_alloc.cold+0x96/0x1cc [ 1272.097522] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1272.106803] ? zone_watermark_ok_safe+0x220/0x220 [ 1272.106825] ? wait_for_completion_io+0x10/0x10 [ 1272.106840] __alloc_pages_nodemask+0x2127/0x2720 [ 1272.112653] 26606 total pagecache pages [ 1272.113034] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.117789] 0 pages in swap cache [ 1272.125542] ? perf_trace_lock+0xf7/0x490 [ 1272.125553] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.125580] ? do_raw_spin_unlock+0x164/0x220 [ 1272.125595] alloc_pages_current+0x155/0x260 [ 1272.132193] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1272.135074] kvm_mmu_create+0xda/0x1d0 [ 1272.135086] kvm_arch_vcpu_init+0x282/0x890 [ 1272.135095] ? alloc_pages_current+0x15d/0x260 [ 1272.135110] kvm_vcpu_init+0x26d/0x360 [ 1272.141672] Node 1 active_anon:1257772kB inactive_anon:53484kB active_file:38000kB inactive_file:136004kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33548kB dirty:340kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1272.143894] vmx_create_vcpu+0xef/0x29d0 [ 1272.149731] Swap cache stats: add 0, delete 0, find 0/0 [ 1272.152150] ? __mutex_unlock_slowpath+0x75/0x770 [ 1272.152163] ? drop_futex_key_refs+0x2e/0xa0 [ 1272.157515] Node 0 [ 1272.161117] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1272.161130] ? get_futex_key+0x1160/0x1160 [ 1272.166859] Free swap = 0kB [ 1272.169996] kvm_vm_ioctl+0x4ca/0x13e0 [ 1272.170010] ? kvm_vcpu_release+0xa0/0xa0 [ 1272.200380] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1272.201715] ? check_preemption_disabled+0x35/0x240 [ 1272.201728] ? perf_trace_lock+0xf7/0x490 [ 1272.207431] lowmem_reserve[]: [ 1272.210702] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1272.210718] ? perf_trace_lock_acquire+0x510/0x510 [ 1272.215743] 0 [ 1272.243027] ? kvm_vcpu_release+0xa0/0xa0 [ 1272.243039] do_vfs_ioctl+0x75a/0xff0 [ 1272.243052] ? ioctl_preallocate+0x1a0/0x1a0 [ 1272.243060] ? lock_downgrade+0x740/0x740 [ 1272.243075] ? __fget+0x225/0x360 [ 1272.249293] Total swap = 0kB [ 1272.252471] ? do_vfs_ioctl+0xff0/0xff0 [ 1272.252481] ? security_file_ioctl+0x83/0xb0 [ 1272.252492] SyS_ioctl+0x7f/0xb0 [ 1272.258827] 2097051 pages RAM [ 1272.261713] ? do_vfs_ioctl+0xff0/0xff0 [ 1272.261725] do_syscall_64+0x1d5/0x640 [ 1272.261743] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1272.263971] 0 pages HighMem/MovableOnly [ 1272.267989] RIP: 0033:0x465f69 [ 1272.267994] RSP: 002b:00007f5884799188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1272.268006] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1272.268011] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1272.268017] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1272.268022] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1272.268031] R13: 00007ffd2f6bf3cf R14: 00007f5884799300 R15: 0000000000022000 [ 1272.274530] 363840 pages reserved [ 1272.413902] 2717 [ 1272.419710] 0 pages cma reserved [ 1272.431667] 2718 2718 2718 13:27:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0xff, 0x6, 0x0, 0x0, 0x0, 0x100000000007, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2e2, 0x9, 0x80000001, 0x0, 0x200}, r2, 0x7, r1, 0xe) perf_event_open(&(0x7f0000000140)={0xbf78a6dd6b78372b, 0x70, 0x8, 0x0, 0xa4, 0x0, 0x0, 0x4, 0x48, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xbc, 0x0, @perf_bp, 0x40028, 0x7, 0x80, 0x6, 0x5d77ead1, 0x6, 0x7fff}, 0x0, 0xf, 0xffffffffffffffff, 0x8) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x4) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) perf_event_open(0xfffffffffffffffe, 0x0, 0x0, r4, 0xa) 13:27:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000080)='/dev/kvm\x00') ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:24 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x1, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$BTRFS_IOC_SNAP_DESTROY(r5, 0x5000940f, &(0x7f0000000400)={{r0}, "25ff0b192337e72c3e551c97c0bda69586f55de1b1971249e86941f596f9fd6566bfd2ed82a1a5ef11d946287de2ca151767777c2b9a8e6b7f0e232a060523cdbf2bceae63b7832397d668cbc74741505a05b8af41c53fc5b2a9ade2931174a3a736620f3d6b0b0c8e0cb52ff15d9d4711c2d94e542b28e902348cd1f0258ce4c95fce16355887bc6ee0cd9a81972be6f9767cd4db54d3b76287a8174bf74c3a821dc75a76fcb2b849518be9ec4b883dfd24dd058a99a61fca86e6f81f376dd6549a2693cd35acfd44668c5d418e615576627ac8b53bd8f20c9a89cccb6456bbd9a893bdeb774039caad8e4b559ac16f66cb886f3a110c219cd687816ee87e919a40af74e6450e6b3238f4baee80a546f1adcd9989f55bfb5be2adfb1f396bb967fad0e53351dc46e8b281e7f52b0441c184243acc469821f466108b40d77e7f859600f38a018dda723744684b16dd72f8becac4edc11c15ef8fc871462d2d28988ebdc5a9b37cd2698eece7a69dc034dc61cd82a4abefd5b54aca167c1f5e1dc5f6c9c57ad6ccbcd76a939881f5c5eb58beae314cb34c3238b4a47b39e5fb2e1108d8745de203b4207053f6e9f469ccd2f9a83bc098e2cf194a648661451a99bb9a78b6a04c1e3c3c49b79c7ff1f2abb4b842ca4cffe97df0835c746e89519e287645c3f5e950840f197028a53af28f6b46f2c1d99af3972b265110b4f0c8c747329cf201c6cf80fe40cc172816ea2d17dad19e2737edb7e2fcd2f6b2a2d9dcc5a38e3821782a54634853af454595a1cd847240060c8a4b10583375f8f5c868e3249df3741505f606255d5fa7e7645a1040f165d86f18ba25856bfdbb5781027204d7eefbd4ee5b6a0c26892eedc2b41ef6706f5dbbfc643bab8382e1a30227f4af4e50234a9a01aefc7348f8463476843c73f46008424ccafa949a9ea5c28416266c11e9cfd6e309a07f6bc37a355634c9b71a399ca7b55ece52e6075d9711033408e6a6cba571dccf7a56e3fe8c2b5b94e8cde2c8352071c91ba8c20cd6bb0b82cf7823d4bb575dbe1edd0b9a6f4a14a44a2017c8a1b20cb831bc1ff27574ac33a069bd8c533de8b7103d5c3c2dc5eb2437268ca8e69906e538ec4e96ec3fc83d6d9fd3d435311d6e5a138413f7503e3f6c4374f96a37efed151f149b006f4961425eb7474555f99fa4890fba652f336c94d7048036a2cc8ea6cb482678fe9bc0b4d7aae6da4bf21a3f597d609d72af409d60e356d0493d170746c29aa629afeedba4c03a02e517bd9379aee5e4c4ac18e91a96bb6b8f67be87b41f77c6ba0c8530fdf6ede2b4830f63e0b17b17bb42e1eb59d305e4c673d111c598f0a3cde4f28f61ceb66f10434ab6f983c8927372d1b7ad9196a05abba6e6f675421c5222255a62a4af850d8b05619c9e87f72e79b9b41b2b6f06f30c013957c207c98152ed18a7021a7dc2235faf1ab089bf476e546f6001a05b6c874d3e718376d5e85f64dbd772abe522e2be82b8de4142a0f70a08ba9ebc5226b57ae3c89cd5b220c78402612dc47e7a515f15bb5a062a6cb53b221bf9abde717c4baf5879d781ac61d05f959ed30135e298a6cee2335390d86d5edc0f989ebc48c410f1fc573d62163e79bfd90eab349290c74c8c583b73ae222ee2b14b85123e4b328b6f774dc8e8490c5e2f9cb172b4c51e2e9b83d2d7fafdea096c0ea80839ef0c1e37327e8ac01ad0e62dc2604fd2995b40b35ba5c2c35561ed1dcb1aaabcc7cd979c85ef8623c021daf72c984f562fefdf3daab8a08e9519ba6ae6fc50081f9f0041600b0e55e6cb9dea01530f938c6dfdd2f85dfd4b0a075244aad0dc907645b677479ac27c773a162ca611373c02a3227010a1307d4832bea0a8cb56ecfd6644c4b4fd4d23c6822b8e5a14afe4d358ee630c20c6c411a41a2ace778a33821b35adcf7bd79f56a4e0a84ce8c6298c890c95a79d6cd198f6eb3e846d071b1b84f565ce721cce460c32b045cabb2ba2d79505f4a87ca28282edb843469a21a8afdbe88cc784d4f080e629f6a17fb2e2d44245d4a781347c2011de663e7e005b91665414826d97afd595ef475a9a2279488a7fd4a42dca5e7bb33dfe0b9d67dae01eda598555b09ffa22271fb031674f417c7d80499b9f0cdab79563bc000ddee30e560465c525bf930fa84d9a7f5f6b00507b591c4eef40409ea2cfc8c6e1a55106ed75c542f0da6cd608b3ba1426466fc87e09ba0c933325ccaccd01cdde23f919648c62c355d8aad66d25b6565c4e9904ccbbe27706d8e2ae9b954d20b11e2b1af62c8e73b3dcb8a735a7909be9e29cccbf6c17ea2b0eb7a68003b9701367fe0c826b90fdd0ad70699723a74fc59dd36236a76f6a26d600abef036b7f360f6b746bb7146f00a5e4afb237bd97fa376309e212f97dc0f60c7a9207681dca623b4d1ac78108519412bee4df9c2117a62a7399a8a45bdbf68ce52d8e04a25e336a44e2bc37bb6c431d54c2e8329e2e2e266c7615cc3377df81ab6ead32ee7d9adab0f4ca4832e4ac6b0a5447d571c52c0c7f9228db60c310c8ff1e5056d46f6c8a3783fae3dc69bf276d60031e9a603ce504619337899852c789a1235e76dcf4de0b4e6d90ddcdb50d1cf8451c58fccd0237c41d2df1596f9315bc6975bf76fc4edb65d7ca385dd276ccb0eea5e1ac1f1bfd13532ad97dbb2ffc51058320112f981413592f94616624e34d913bf672b7896e1c239b0d45036b1112627a934d2ce2971733f49330a9028f0503b34f538efdce818b7dd881a4bf0e7d2ac2f019156c11d95de998d365d6b4c67acd91a9536ed0f4b73352a14880514251e7b73d9b9c8f410cc472a1e7293d2af749304436c870388b38d93dee31d69808825346de0a0ff93e9aa124f8c6aaa20f2ce4d151dc20859b4c7daf05bd497193c5d6cc569261931496731098a5b84779eb784eb7f6090c2827ad3be473646b6ca08674405ac05ee7e8e8289274efa95155c6c51d705b8c980930eaa76ca380b4452a36e0dc593b29e353b0ec7f3c6357e9d52a764cca348226ba799d71199b78b58686fe250973d8961ab3e99137b00c1aaa6781f7161ece66c3c88632d1b14e5e1a196cd0edfb7fe7f1e6efd9d837c9b9d7e1e730ae53faaafb6b12589e245224646e7ea8f4fa0ffe31b5394cf5b60dc5abd3b6e22b7df14815a78b0b57b880eae1f8a760f03b84b404ff12b21774e9a1ad5510fed236b176eb49a193184095777f3fafaa33274cfb397e219de40d56a07c8aa9e8ed21f2bc5b98307258b10a2cf6470c9ef7e706a39d12c1c3a1290db4dd7df6ca2c0a376f716a9c7dd3464b1b49acb9fcd9c643e394f15839364d9e0bceb59bacd1d62a1b60c8aa3de29cdb40d260a0ce6426d5caeedc55b2c0eb55250b56435f6e821789a66378ec9e8db92c5841b4aecfc4175f8f79a00bd11cba1215c36c03879cab622e6c7b73335a0e82f69e458d4684afac3478d5a32b17cda65be71ca3950b2871416179059542ad8830d32fc296861d3208cee1df088dc934d084897bbc4824e87cede4369efa3a2ed6db6bcaf585ad85a97ccc6f58e8f3765d9881167d14d792fa076b23c57aef7ceeda38a816062b44a7954c30981bf3e5ca0d3d7e2cbfa5257cde3e301b0ecf47b992f7bbc14b0b8b8fc06fe539d37f9cd64ab6dd92af1b5945e6921205f311c5f17919860c38ceaa105993d9a7cb907b607f74293464ff1d2082232ed23fd0f151acbfaaa50f71cc3f588f54e0f2c8c011233dc05300725379f3999f2353b12cf261e9a5f282188a9a3e0930331778327a1038bebaf8ecc59a74ed05773ebc4087551e2d616f85948bc0e16a1d84b0d548140fa019de8edf96dbe47923e05cf8dd3bc476dfbeee7b212de1b669ec2c82b2a720f9f618acd7aca63ffa7b804250bbcfaa93ef94de3f9c667f1ce7aa15e49558d282e9c3ec704d30af9d20a7470e90c9696f12fcfcc978eae1435a8e34c65dd60be7fc10b127afbaedea55eb3f585348b631783bbdd7dbb62a33e629d47b1a6f742238b39321321bccc69db9be60947eaaa718176420595798aa87ef95bf1b0277ecbcbdafbaf4b2ecab193d420fbb102aa8518160389b4220073c28df4d7cfb95accc98cbcc646fcae706ea1ebf081ec135a859a410653bb73bc931088eaae82b16af2af28af536bcdc777f33c1de330c1184fedb80b7f2ae245315498bf62202ef048c8ae55c35fec306f9c58236e9e274c6efa97dbcec8ea5657906674e219b32f8f64894df9a1a7f43221884c36755f0be0e773c514cb111163593581327d232309af70cab18d9b277f62d0c83dbe51907986f20e823d3dab4ee4ea2f5ad6dfe7a3b6e3d2bf2ef7686081664998d98a16d1a43baf59199f5781e1f10dcddc472799d243ac4c0edc82e2057ab56853a6aa8e6393c9dff8a25ae91301bf9169527bbf0a95e28c47b5d24776c849954ab8ef3e801564f40e284c70c220c1df88e5668f6a7dc16d9723c160c7099e073b656f7d8235b8cd35504bb8586f509befb54e4c3b3e9f6f74ebd2fdaf6fa07c36e374e7ed402e3880f64a807fb9441535c4176841bfc03da21806423079b38b5cda8ff7558c93eeb8adeb5cfb9d7a574a9357439422370558cb1f916a5f8c938c68eb51081e2d3e8cb4d97bb559395fb260fe8aad412b03f51294fd3761aad315534a1b62e82cd8c83f73627cb7620927bfef8957806fccd9df7ba11e62bdeba234cbd69b78f6b0ca85963b28ac90bb9878fba1af1ef60348b1576bb6edadf8671b30758dcc1a043dcd4734305ed032908242d9556866d4c9dabccf59fc1e56385a724b8ba22480908d5eb583dca5aa43ba79ea410b1103d2b377006647655d42a079125ce8292410d5965ea888a095596ef0a8bf95677589af2bd79e51b73b465146b48e30c408ea2d6acc49912fd7fb02bf5fe39c8b5d03428a1ea16b6a56bfbaec3d6bcb63e24e25ea944708397cd629940cb41bd3908d390c9d48ec2f567a9518f1849a75f289155e302a54fe1f54e76b8a79a76198fc542cccb7c33c6a10dab0ec32b8b055e64a43f995f6c3cb02059c02b9b8ab8cc508af0fca9025f020742eda11234f38a730270c179354c79ec1b4206fd962a858cec7c7c374e3161a9459d3256433c1245a24a09138102b2b9a14dff6588d97af554caa04f88c8e8420fbc9cb53faa412751991a98956e526100e292f6e515387f8ede02bdd757f245a9c1e25e0542aa32a3568f1741541a47a4a4b66092427f093b79bd96de1044bf3ed643c89755017e4883ee95df3108dc210515a60bd0bbecc64d18483366a80da314f65489099755fb35c4f734af34c163a46ab2d390b160f86a19de50f64d245a726426cd918e0c8e1550c99880f1bb8d1542023f9fade5c030dafdac13502d9df58daa7eff28f36e49c860bd8623e2832f29bf2e6626dfc9c84634972209581fce19f4d97642ab0659aad44f7608387c7c30c583897f3c6c1916b9426e1307a12bc3e9d17ff5d324a7d10fcc49577192f0724407838e3c9576c123c1b358e75a577c8132145c712c7b9616701b44e73ba535a2b20c4838e2638046764f919e1f6a9a2261f2bd91e24168cbc891df8100c3b3d1bf3acebfa85fc46af7c8c5cd4ffc807700d61f547c7f7eaa99081868ecd32cca35e4f2ac4a3e23af7a42b7b001d9bf37ee15d891d81f8ae2a3d7a250ac4724a864c634cfc5029a3a4d09d93c538973ec45149d0ac6e3f3a4e7a58c3d2ee56cbb9e262b80ca08fb6c3d4c"}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x8, 0x40) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) 13:27:24 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) ioctl$PPPIOCGNPMODE(0xffffffffffffffff, 0xc008744c, &(0x7f0000000000)={0x29}) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1272.466159] Node 0 DMA32 free:28684kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:224kB local_pcp:216kB free_cma:0kB [ 1272.562707] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1272.572112] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1272.587078] lowmem_reserve[]: 0 0 0 0 0 [ 1272.608136] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1272.620689] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1272.651671] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1272.663702] CPU: 0 PID: 8749 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1272.671521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.682523] Call Trace: [ 1272.685107] dump_stack+0x1b2/0x281 [ 1272.688741] warn_alloc.cold+0x96/0x1cc [ 1272.692709] ? zone_watermark_ok_safe+0x220/0x220 [ 1272.697552] ? wait_for_completion_io+0x10/0x10 [ 1272.702225] __alloc_pages_nodemask+0x2127/0x2720 [ 1272.707085] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.712014] ? perf_trace_lock+0xf7/0x490 [ 1272.716160] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.721029] ? do_raw_spin_unlock+0x164/0x220 [ 1272.725522] alloc_pages_current+0x155/0x260 [ 1272.730021] kvm_mmu_create+0xda/0x1d0 [ 1272.733906] kvm_arch_vcpu_init+0x282/0x890 [ 1272.733912] lowmem_reserve[]: [ 1272.738213] ? alloc_pages_current+0x15d/0x260 [ 1272.738227] kvm_vcpu_init+0x26d/0x360 [ 1272.738240] vmx_create_vcpu+0xef/0x29d0 [ 1272.738256] ? __mutex_unlock_slowpath+0x75/0x770 [ 1272.738267] ? drop_futex_key_refs+0x2e/0xa0 [ 1272.738276] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1272.738287] ? get_futex_key+0x1160/0x1160 [ 1272.738299] kvm_vm_ioctl+0x4ca/0x13e0 [ 1272.738312] ? kvm_vcpu_release+0xa0/0xa0 [ 1272.738333] ? check_preemption_disabled+0x35/0x240 [ 1272.758429] 0 [ 1272.759176] ? perf_trace_lock+0xf7/0x490 [ 1272.789294] 0 [ 1272.790923] ? perf_trace_lock_acquire+0x510/0x510 [ 1272.790938] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1272.790947] ? kvm_vcpu_release+0xa0/0xa0 [ 1272.790958] do_vfs_ioctl+0x75a/0xff0 [ 1272.801710] 0 [ 1272.802533] ? ioctl_preallocate+0x1a0/0x1a0 [ 1272.816660] ? lock_downgrade+0x740/0x740 [ 1272.820804] ? __fget+0x225/0x360 [ 1272.824247] ? do_vfs_ioctl+0xff0/0xff0 [ 1272.828218] ? security_file_ioctl+0x83/0xb0 [ 1272.830365] 0 [ 1272.832625] SyS_ioctl+0x7f/0xb0 [ 1272.832635] ? do_vfs_ioctl+0xff0/0xff0 [ 1272.832648] do_syscall_64+0x1d5/0x640 [ 1272.832665] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1272.832675] RIP: 0033:0x465f69 [ 1272.854079] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1272.856600] 0 [ 1272.861770] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1272.861777] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1272.861782] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1272.861788] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1272.861795] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1272.903083] CPU: 1 PID: 8752 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1272.910891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.920253] Call Trace: [ 1272.922842] dump_stack+0x1b2/0x281 [ 1272.926478] warn_alloc.cold+0x96/0x1cc [ 1272.930458] ? zone_watermark_ok_safe+0x220/0x220 [ 1272.935312] ? wait_for_completion_io+0x10/0x10 [ 1272.939985] __alloc_pages_nodemask+0x2127/0x2720 [ 1272.944845] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.949691] ? perf_trace_lock+0xf7/0x490 [ 1272.953842] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.958697] ? do_raw_spin_unlock+0x164/0x220 13:27:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10201, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x181080, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1272.963189] alloc_pages_current+0x155/0x260 [ 1272.967598] kvm_mmu_create+0xda/0x1d0 [ 1272.971483] kvm_arch_vcpu_init+0x282/0x890 [ 1272.975803] ? alloc_pages_current+0x15d/0x260 [ 1272.980822] kvm_vcpu_init+0x26d/0x360 [ 1272.984716] vmx_create_vcpu+0xef/0x29d0 [ 1272.988786] ? __mutex_unlock_slowpath+0x75/0x770 [ 1272.993631] ? drop_futex_key_refs+0x2e/0xa0 [ 1272.998039] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1273.004184] ? __lock_acquire+0x5fc/0x3f20 [ 1273.008410] kvm_vm_ioctl+0x4ca/0x13e0 [ 1273.012451] ? kvm_vcpu_release+0xa0/0xa0 [ 1273.016613] ? perf_trace_lock+0xf7/0x490 [ 1273.020745] ? perf_trace_lock_acquire+0x510/0x510 [ 1273.025666] ? check_preemption_disabled+0x35/0x240 [ 1273.030675] ? check_preemption_disabled+0x35/0x240 [ 1273.035674] ? perf_trace_lock+0xf7/0x490 [ 1273.039809] ? finish_task_switch+0x178/0x610 [ 1273.044304] ? perf_trace_lock_acquire+0x510/0x510 [ 1273.049476] ? lock_downgrade+0x740/0x740 [ 1273.053606] ? kvm_vcpu_release+0xa0/0xa0 [ 1273.057778] do_vfs_ioctl+0x75a/0xff0 [ 1273.061565] ? ioctl_preallocate+0x1a0/0x1a0 [ 1273.065974] ? lock_downgrade+0x740/0x740 [ 1273.070106] ? __fget+0x225/0x360 [ 1273.073540] ? do_vfs_ioctl+0xff0/0xff0 [ 1273.077512] ? security_file_ioctl+0x83/0xb0 [ 1273.081902] SyS_ioctl+0x7f/0xb0 [ 1273.085248] ? do_vfs_ioctl+0xff0/0xff0 [ 1273.089202] do_syscall_64+0x1d5/0x640 [ 1273.093076] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1273.098245] RIP: 0033:0x465f69 [ 1273.101415] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:27:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x41004, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x41290, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x5, r1, 0xc) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4}) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r3 = openat$incfs(r1, &(0x7f00000000c0)='.log\x00', 0x14000, 0x42) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) perf_event_open(&(0x7f0000000300)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x2}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x1, 0x3, 0xa1, 0x4, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x200, 0x200, 0x0, 0x4, 0x3ff, 0x7, 0x1f}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xa) [ 1273.109236] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1273.116492] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1273.123750] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1273.131008] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1273.138264] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:27:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x1}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0xffffffffffffff2d, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:24 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f0000000140)="c2540587daafd4c904772ed3f6cb51c34bc2c89b8e8cb5dfb92f373b678ec610406bd643c8f2d98a722ba8111e5b1f8fd3994424007dd9e0b939058532e7de8ad5dbe2a1b736bc8e38b16d", 0x4b}, {&(0x7f0000000000)="6f1e83b6618d2a2f00f15470826f5009258308862ffc52d3c72178658d88f4bdb27311800e492bd5ec7f32d2eaf7f5be8702c0da5c526a91", 0x38}, {&(0x7f0000000280)="5760aa921d8cf5e829149bb244ee43820b20aaf18b4554d47b5722ef3b1b09ddc941126fd90276b89c5ff23fc5e8099227074a2185cdcdf256096a9548c5a4f1f146a45440c45b9a4398dc9bed8c686d90bfc5d4c06fb0d328ef5d81232ec2415a617c842450bf46fb28b2c2650f37a5baea1db9ca631635ea1a38ec28712f4ba1067860f3e086cb69b519dcbd6e544375d8da7b70dade0201c574c8ae3bb36d510dacbcc52ae86ad248eee50a50b70692dd1f241d30289912a04016092e9eff8b7dc073a1f7d377815322f6806c7cd40ec0f6dcd6d931a2bd5a59797e817fea015d8d4434f267641a52142a158d61676123561874a7bff29a52f668", 0xfc}, {&(0x7f0000000400)="9cf87840704c26428881920ab19020bccc2d08e4fb7d333d0bc9ed47577d6909ab1104155e0dd9444f9539fc285092b5440e3efa9796bced60eaf4b0ed7e71d9e1b981fb8830a2f4a29270fbaa9227a767aecb3d895de2e4aafdbf9d307b20ebcd8bac9a2dbfc21f46822cf8eb31f12ba65f58116a8a8ed87384d08c14a67e8b19fde7fdc12b91df", 0x88}, {&(0x7f00000004c0)="3841d4ccb65c7ac7926f615307f0ea921a8eb779d8dafa8ba96ad7424e03166cd2969b06a029f3b5476a4b045e448aca528fe8b437e5352bfe83cd9fda141381f4af8d736f4ea0356ac9adedb9287c092ed1ca4970f402e1b6c12d9925f36b58e9e62f5d3aae223dc41b0b4432d23b5d1a06049fff8c107341b237047a5837bf52", 0x81}], 0x5, 0x7, 0x6) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(0xffffffffffffffff, 0x20, 0x10000000, 0x100000fe) [ 1273.223347] Node 1 Normal free:1922324kB min:53696kB low:67120kB high:80544kB active_anon:1257920kB inactive_anon:53484kB active_file:38000kB inactive_file:136048kB unevictable:0kB writepending:592kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17152kB pagetables:41784kB bounce:0kB free_pcp:748kB local_pcp:272kB free_cma:0kB [ 1273.392327] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1273.401194] lowmem_reserve[]: 0 0 0 0 0 [ 1273.415818] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1273.452942] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1273.472413] CPU: 0 PID: 8765 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1273.476127] Node 0 [ 1273.480220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1273.480225] Call Trace: [ 1273.480242] dump_stack+0x1b2/0x281 [ 1273.480256] warn_alloc.cold+0x96/0x1cc [ 1273.489963] DMA32: [ 1273.492022] ? zone_watermark_ok_safe+0x220/0x220 [ 1273.492046] ? wait_for_completion_io+0x10/0x10 [ 1273.499137] 969*4kB [ 1273.502177] __alloc_pages_nodemask+0x2127/0x2720 [ 1273.502204] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1273.512299] (UME) [ 1273.513999] ? perf_trace_lock+0xf7/0x490 [ 1273.514030] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1273.514051] ? do_raw_spin_unlock+0x164/0x220 [ 1273.522404] 284*8kB [ 1273.526006] alloc_pages_current+0x155/0x260 [ 1273.526023] kvm_mmu_create+0xda/0x1d0 [ 1273.526034] kvm_arch_vcpu_init+0x282/0x890 [ 1273.526043] ? alloc_pages_current+0x15d/0x260 [ 1273.526056] kvm_vcpu_init+0x26d/0x360 [ 1273.526069] vmx_create_vcpu+0xef/0x29d0 [ 1273.526084] ? __mutex_unlock_slowpath+0x75/0x770 [ 1273.536488] (UME) [ 1273.537170] ? drop_futex_key_refs+0x2e/0xa0 [ 1273.550478] 690*16kB [ 1273.552211] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1273.552223] ? get_futex_key+0x1160/0x1160 [ 1273.552236] kvm_vm_ioctl+0x4ca/0x13e0 [ 1273.563278] (UME) [ 1273.564975] ? kvm_vcpu_release+0xa0/0xa0 [ 1273.564998] ? check_preemption_disabled+0x35/0x240 [ 1273.565012] ? perf_trace_lock+0xf7/0x490 [ 1273.565025] ? perf_trace_lock_acquire+0x510/0x510 [ 1273.565033] ? __might_fault+0x177/0x1b0 [ 1273.565042] ? _copy_from_user+0x96/0x100 [ 1273.565050] ? kvm_vcpu_release+0xa0/0xa0 [ 1273.565061] do_vfs_ioctl+0x75a/0xff0 [ 1273.576702] 290*32kB [ 1273.580458] ? ioctl_preallocate+0x1a0/0x1a0 [ 1273.580468] ? lock_downgrade+0x740/0x740 [ 1273.580482] ? __fget+0x225/0x360 [ 1273.588480] (UME) [ 1273.591130] ? do_vfs_ioctl+0xff0/0xff0 [ 1273.591142] ? security_file_ioctl+0x83/0xb0 [ 1273.591156] SyS_ioctl+0x7f/0xb0 [ 1273.601785] 23*64kB [ 1273.606287] ? do_vfs_ioctl+0xff0/0xff0 [ 1273.606301] do_syscall_64+0x1d5/0x640 [ 1273.606319] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1273.606328] RIP: 0033:0x465f69 [ 1273.606333] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1273.606343] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1273.606348] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1273.606353] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1273.606359] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1273.606364] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1273.614429] warn_alloc_show_mem: 2 callbacks suppressed [ 1273.614432] Mem-Info: [ 1273.640496] (U) [ 1273.647488] active_anon:841895 inactive_anon:18064 isolated_anon:0 [ 1273.647488] active_file:9502 inactive_file:34012 isolated_file:0 [ 1273.647488] unevictable:0 dirty:148 writeback:0 unstable:0 [ 1273.647488] slab_reclaimable:16144 slab_unreclaimable:195539 [ 1273.647488] mapped:62757 shmem:8997 pagetables:18286 bounce:0 [ 1273.647488] free:490343 free_pcp:275 free_cma:0 [ 1273.660153] 6*128kB (UM) [ 1273.677322] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1273.696657] 0*256kB [ 1273.723825] Node 1 active_anon:1258020kB inactive_anon:53484kB active_file:38000kB inactive_file:136048kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33728kB dirty:592kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1273.763785] 0*512kB [ 1273.773645] Node 0 [ 1273.835989] 0*1024kB 0*2048kB 0*4096kB = 28708kB [ 1273.850556] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1273.859648] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1273.908440] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1273.913588] Node 0 DMA32 free:28708kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:228kB local_pcp:8kB free_cma:0kB [ 1273.920522] Node 1 [ 1273.950900] lowmem_reserve[]: 0 0 0 0 0 [ 1273.959368] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1273.965653] Normal: [ 1273.990963] lowmem_reserve[]: 0 0 0 0 0 [ 1273.998680] Node 1 Normal free:1924644kB min:53696kB low:67120kB high:80544kB active_anon:1257872kB inactive_anon:53484kB active_file:38004kB inactive_file:136040kB unevictable:0kB writepending:600kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:16768kB pagetables:41356kB bounce:0kB free_pcp:1300kB local_pcp:656kB free_cma:0kB [ 1274.005756] 119*4kB (UME) 187*8kB (UME) 329*16kB (UME) 162*32kB (UE) 44*64kB (UE) 203*128kB (UM) 293*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1924612kB [ 1274.035423] lowmem_reserve[]: [ 1274.046274] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1274.059144] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1274.061774] 0 [ 1274.068276] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1274.077694] 0 [ 1274.079835] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1274.080065] 0 [ 1274.081679] 26620 total pagecache pages [ 1274.102365] 0 0 [ 1274.102912] 0 pages in swap cache [ 1274.105534] Node 0 [ 1274.109163] Swap cache stats: add 0, delete 0, find 0/0 [ 1274.111267] DMA: [ 1274.111506] Free swap = 0kB [ 1274.122296] 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1274.128354] Total swap = 0kB [ 1274.139343] 2097051 pages RAM [ 1274.142488] 0 pages HighMem/MovableOnly [ 1274.150511] Node 0 DMA32: 969*4kB (UME) 284*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28708kB [ 1274.152609] 363840 pages reserved [ 1274.176022] 0 pages cma reserved [ 1274.180602] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 13:27:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000240)={0x1, 0x0, @pic={0xfb, 0x0, 0xe0, 0xfb, 0x4b, 0x2, 0xff, 0x5, 0x80, 0xe1, 0xf2, 0x7, 0x40, 0x6, 0x4, 0x1}}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:25 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r2, 0x40189429, &(0x7f0000000240)={0x1, 0x9, 0x6}) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000080)="00000000000000d725ab1bd5206fbe669a37bc89c049c63a", 0x18}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="5f454c44065b05107311d66d56027f551bfd4966e8327b2ed52e6071d3b1a885f3073aff65e66129259875732287d5dcb869953c7f4aa9a3dcb692ef3bace12567304de77eaa0d5f78b6fd293b251f3235f70ed180710ab172466da981671b4e6108507bcc731f1dce0673824b272589896b74760c444665d6b81dcda4b89393d0a44c26946670dadc623a951d4b128ea62aea0ff8d825551adb8f67507de00aea052fc51ed9848479d1b42c65cb1372ae03109fa47304b89ddb9d4629070a3c7c051efeba07d1abcdfd53a339669019efb75ff7a42f865950952d3aebe676100dc070b0b440f0a2eb8a"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@getrule={0x14, 0x22, 0x800, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000400)=0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r5, 0x89f4, &(0x7f0000000cc0)={'ip6tnl0\x00', &(0x7f0000000c40)={'ip6gre0\x00', r6, 0x0, 0x2, 0x2, 0x20000000, 0x2, @remote, @loopback, 0x1, 0x80, 0x1, 0x5}}) sendmsg$nl_route(r0, &(0x7f0000000dc0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)=@newlink={0x7c, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r6, 0x12, 0x400}, [@IFLA_NET_NS_PID={0x8, 0x13, r7}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_macvtap\x00'}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x767b}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MAP={0x24, 0xe, {0x7, 0x100, 0x1, 0xd1f, 0xe6, 0x6}}, @IFLA_BROADCAST={0xa, 0x2, @multicast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20040045}, 0x0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) clone(0x2800, &(0x7f0000000280)="3040034a2e195556f63bb99722490baf6334152b609389e49421cd89ff8cafcfd8269f12dfcda0ba67c3554909fcb6d2b5d6807eadd017d6908d11417c94390a46914a42b3bf7dbc05062fd272189393176b7211", &(0x7f0000000300), &(0x7f0000000500), &(0x7f0000000540)="40609aa3166f4b945592109c9899ff7ba164c16a2f0b2ca75ce14cded3701d1f9686960ffce4ecc28eca558f06b0359f116de41ea5b788c94d70b0462def7cfd3c08ccd0d1670149d32f9ca8a92d10b7a263436169afc9cb95d47ecd5758b7c47beba43f5ddb614bc828f33dd116de270dd3862320881a94bfa56d068fe5820ce27792c5ae4bf1cea93a5a0c97d35d65be576aa5c33b81aad26bef0dba50a48169fbe4df101e01367cabc1a0125009b708a5fa9e9204a8914167ae32a21ef499747648e89c75c01d776b9f7ab467e7907a495476f8d90bcfef381d00b2af3ce0b3d1d36d4ac3cbe745189425487f2b59752badd35434f8d01dda9bd7") sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b9d3000000000000000000000000000000000000000c0015000000000003000000"], 0xc4}}, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x21121480, &(0x7f0000000180)="6a6cf5bc2a33907922df85285e5bf0b4ad818bb65cceb1952df8c1cbf29d105cf37afd8b9d46c190438436ce7bd7c899e160f46fd80b3c04a2ee58dd216693b3fc98380ef0abbffa92beaa8ccbbb1fb29a55d74541aad5964c652bfd9d2edc5661cf622baf9946b25bf76c8550db61238393dd6ce673ea683b4ad4c3a795840174db7861d83c46d6d3538228f34b32f1e58260eb870bb8258f19054fadb41a42b9d80f2398bb6f70aada46b945e60a67a0cc234b870a15e5cc4f809f5c5c83442fbbe6f9ff92b2c2fab4174747bc413747eea31737afae2c", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000400)="6e1846d8c96a0dda824cac73ecd77a205b4d5e8888a5ca64698bdcfd9fea0ad5234065af4d84e0a893777c8f56e787fae5db374d759a59851fc0713ceed8c777d8bb432febd9c49886fe70ba9d8e896d1a666c5688c954ab8404e113076d5bb03322626cc2d792267ecae4e4f2a3a8c66fce2606cb0391eb12da7d4e9dcf820d32f5ccb9d2fb49449432f0ea6de27596ed8a97d3fc9f5928eec1f2776d54df8e325003c1628f93b839d12c425d795691429e3f5c987f83dac330f790e28e4201422bab509090051c31d7781ca1d155ce6c7ab15c57818014db") 13:27:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x80200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000000)="66baf80cb89a7b2d84ef66bafc0c66b8030066ef0f1c78002e0f71d766c4e2f9414c080066b81e000f00d80f210b7707660fc776010f01c5660ffa9171000000", 0x40}], 0x1, 0x1, &(0x7f0000000080)=[@cstype3={0x5, 0x6}, @dstype0={0x6, 0x9}], 0x2) 13:27:25 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400)=""/237) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x80) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x7, 0xffff) r5 = socket$pptp(0x18, 0x1, 0x2) ioctl$sock_inet_SIOCGIFDSTADDR(r5, 0x8917, &(0x7f0000000000)={'rose0\x00', {0x2, 0x0, @empty}}) fallocate(r3, 0x0, 0x0, 0x10000101) r6 = eventfd2(0x6, 0x1) sendfile(r0, r2, &(0x7f0000000140)=0x4e, 0x8) lseek(r6, 0x7, 0x2) [ 1274.203601] Node 1 Normal: 119*4kB (UME) 170*8kB (UME) 358*16kB (UME) 162*32kB (UE) 44*64kB (UE) 203*128kB (UM) 293*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1924940kB [ 1274.279479] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1274.343107] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1274.349570] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1274.378634] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1274.384021] CPU: 1 PID: 8858 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1274.393817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.403168] Call Trace: [ 1274.405763] dump_stack+0x1b2/0x281 [ 1274.409395] warn_alloc.cold+0x96/0x1cc [ 1274.410087] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1274.413365] ? zone_watermark_ok_safe+0x220/0x220 [ 1274.413386] ? wait_for_completion_io+0x10/0x10 [ 1274.413399] __alloc_pages_nodemask+0x2127/0x2720 [ 1274.435665] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1274.436760] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1274.436771] ? perf_trace_lock+0xf7/0x490 [ 1274.454306] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1274.456638] 26620 total pagecache pages [ 1274.459153] ? do_raw_spin_unlock+0x164/0x220 [ 1274.459166] alloc_pages_current+0x155/0x260 [ 1274.459180] kvm_mmu_create+0xda/0x1d0 [ 1274.465403] 0 pages in swap cache [ 1274.467608] kvm_arch_vcpu_init+0x282/0x890 [ 1274.467618] ? alloc_pages_current+0x15d/0x260 [ 1274.467631] kvm_vcpu_init+0x26d/0x360 [ 1274.474347] Swap cache stats: add 0, delete 0, find 0/0 [ 1274.475888] vmx_create_vcpu+0xef/0x29d0 [ 1274.475904] ? __mutex_unlock_slowpath+0x75/0x770 [ 1274.475916] ? drop_futex_key_refs+0x2e/0xa0 [ 1274.481638] Free swap = 0kB [ 1274.483649] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1274.483662] ? get_futex_key+0x1160/0x1160 [ 1274.483673] kvm_vm_ioctl+0x4ca/0x13e0 [ 1274.483686] ? kvm_vcpu_release+0xa0/0xa0 [ 1274.495014] Total swap = 0kB [ 1274.497473] ? check_preemption_disabled+0x35/0x240 [ 1274.497489] ? perf_trace_lock+0xf7/0x490 13:27:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x6001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1274.504900] 2097051 pages RAM [ 1274.506349] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1274.506364] ? perf_trace_lock_acquire+0x510/0x510 [ 1274.506376] ? kvm_vcpu_release+0xa0/0xa0 [ 1274.511933] 0 pages HighMem/MovableOnly [ 1274.513762] do_vfs_ioctl+0x75a/0xff0 [ 1274.513778] ? ioctl_preallocate+0x1a0/0x1a0 [ 1274.513789] ? lock_downgrade+0x740/0x740 [ 1274.524537] 363840 pages reserved [ 1274.525915] ? __fget+0x225/0x360 [ 1274.525926] ? do_vfs_ioctl+0xff0/0xff0 [ 1274.525937] ? security_file_ioctl+0x83/0xb0 [ 1274.525949] SyS_ioctl+0x7f/0xb0 13:27:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x4c2800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x101ff, 0x2, 0x10000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) [ 1274.531249] 0 pages cma reserved [ 1274.533073] ? do_vfs_ioctl+0xff0/0xff0 [ 1274.533087] do_syscall_64+0x1d5/0x640 [ 1274.533105] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1274.610650] RIP: 0033:0x465f69 [ 1274.613834] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1274.621554] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1274.628821] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1274.636088] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1274.643352] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1274.650628] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 13:27:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2c, 0x8}, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x1, @perf_bp={&(0x7f0000000100), 0x8}, 0x40050, 0xd64, 0x2, 0x9, 0x80000001, 0xfffffffc, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xc) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='sched\x00') r4 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x1ff, 0x20402) ioctl$KVM_DEASSIGN_DEV_IRQ(r4, 0x4040ae75, &(0x7f00000001c0)={0x1, 0x0, 0x3d71, 0x100}) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000000140)={{0x1, 0x7, 0x406, 0x2, 0x4}, 0x80, 0x9, 0x3}) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) r6 = timerfd_create(0x1, 0x0) dup3(r6, r4, 0x0) [ 1274.767653] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:26 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', &(0x7f0000000180)='./bus\x00', 0x6, 0x1) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1274.808256] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1274.832144] CPU: 0 PID: 8900 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1274.839983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.839988] Call Trace: [ 1274.840005] dump_stack+0x1b2/0x281 [ 1274.840020] warn_alloc.cold+0x96/0x1cc [ 1274.840032] ? zone_watermark_ok_safe+0x220/0x220 [ 1274.840050] ? wait_for_completion_io+0x10/0x10 [ 1274.869019] __alloc_pages_nodemask+0x2127/0x2720 [ 1274.873900] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1274.878742] ? perf_trace_lock+0xf7/0x490 [ 1274.882892] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1274.887744] ? do_raw_spin_unlock+0x164/0x220 [ 1274.892242] alloc_pages_current+0x155/0x260 [ 1274.896660] kvm_mmu_create+0xda/0x1d0 [ 1274.900549] kvm_arch_vcpu_init+0x282/0x890 [ 1274.904868] ? alloc_pages_current+0x15d/0x260 [ 1274.909457] kvm_vcpu_init+0x26d/0x360 [ 1274.913348] vmx_create_vcpu+0xef/0x29d0 [ 1274.917417] ? __mutex_unlock_slowpath+0x75/0x770 [ 1274.922261] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1274.926328] kvm_vm_ioctl+0x4ca/0x13e0 [ 1274.930219] ? kvm_vcpu_release+0xa0/0xa0 [ 1274.934367] ? perf_trace_lock_acquire+0x510/0x510 [ 1274.939298] ? __lock_acquire+0x5fc/0x3f20 [ 1274.943534] ? check_preemption_disabled+0x35/0x240 [ 1274.948556] ? perf_trace_lock+0xf7/0x490 [ 1274.952703] ? lock_downgrade+0x740/0x740 [ 1274.956852] ? perf_trace_lock_acquire+0x510/0x510 [ 1274.961775] ? do_raw_spin_unlock+0x164/0x220 [ 1274.966277] ? _raw_spin_unlock+0x29/0x40 [ 1274.970524] ? kvm_vcpu_release+0xa0/0xa0 [ 1274.974675] do_vfs_ioctl+0x75a/0xff0 [ 1274.978471] ? ioctl_preallocate+0x1a0/0x1a0 13:27:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x8) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) [ 1274.983105] ? lock_downgrade+0x740/0x740 [ 1274.983122] ? __fget+0x225/0x360 [ 1274.983132] ? do_vfs_ioctl+0xff0/0xff0 13:27:26 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x13) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1274.983143] ? security_file_ioctl+0x83/0xb0 [ 1274.983155] SyS_ioctl+0x7f/0xb0 [ 1274.983163] ? do_vfs_ioctl+0xff0/0xff0 [ 1274.983176] do_syscall_64+0x1d5/0x640 [ 1274.983195] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1274.983203] RIP: 0033:0x465f69 [ 1274.983208] RSP: 002b:00007f5884799188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1274.983219] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1274.983224] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 1274.983230] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1274.983236] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1274.983242] R13: 00007ffd2f6bf3cf R14: 00007f5884799300 R15: 0000000000022000 13:27:27 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000000)) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x40, 0x0, 0x10000101) 13:27:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='children\x00') sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c000000040109040000000000e5ff0002000000240001801400018008000100e000000108000200400000000c0002800500010000000000240002801400018008000100ac141400080000000004fc29d64ded8b582286cec751d55c66b5c9bb99847e8a22339cb422455255a1de46615f00003c4de27c179cd20c1b03dc72f705768e36b5c0b03cb7d22a4ac49e404c864dfa72697cc34906333cf5e4951c176719a19c4d3e548841ab308021defc36fe2cbd85c9891024a86539d46708b42c14bf47d6af2f412336d444be30c5aa1a88e551ac8c01feaa6a2179187ff377bca80862c7fc5ec8d18bf8785cf59876bb5cc96206f4d165c02b259705b49dddf4d56a79f18534d7c43d4e4d903b322ad7a22994e6f9f662f195ababdeaeb1fa8b9c5674eb8ad4e6fec363a19e798dfa71af2493af6d5ce97044e515991ce1dc0d9b54da287da32341abfce7d5ed93286c949a0e15e7fcaddaf84e4abdd25d69dd4d6e748d8e2508ef1652e2cef037d31c0e035d"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000300)={&(0x7f00000000c0)=[0x5, 0xa4e2, 0x5f5, 0x5, 0x5], 0x5, 0x100000, 0x0, 0xffffffffffffffff}) ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x1, 0x3, 0x6, 0x92f, 0x0, [{0x0, 0x4, 0x80, [], 0xff}, {0x5, 0x7, 0x7, [], 0x7}, {0x7f, 0xff, 0x44, [], 0x1}, {0x80, 0x0, 0x22, [], 0x1}, {0x3f, 0xff, 0x46, [], 0x3}, {0x20, 0xf3, 0x2, [], 0x1}, {0x1, 0xb7, 0x8, [], 0x8}, {0x0, 0xed, 0x2, [], 0x85}, {0x7f, 0x6, 0x6, [], 0x9}, {0x3, 0x2, 0x8, [], 0x59}, {0x3, 0xee, 0x0, [], 0xff}, {0x1, 0x0, 0x20, [], 0x20}, {0x81, 0x57, 0x2a, [], 0x5}, {0x81, 0x1f, 0x1, [], 0x2}, {0x40, 0x0, 0x51, [], 0x5}, {0x2, 0x5, 0x1c, [], 0x6}, {0x3f, 0x2c, 0x1, [], 0x7}, {0x1b, 0x4, 0x6, [], 0x21}, {0x7, 0x4, 0x1f, [], 0x6c}, {0x3, 0x2, 0x1, [], 0x3}, {0x3, 0xc2, 0x4, [], 0x8}, {0x1, 0x8, 0x3f, [], 0x3f}, {0x0, 0x7, 0x2, [], 0x5}, {0x81, 0x20, 0x66, [], 0xec}]}}) 13:27:27 executing program 2: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x100000, 0x200}, 0xffffffffffffffff, 0x7, r0, 0xc) write$sequencer(r0, &(0x7f00000000c0)=[@x={0x94, 0xc, "a73b79cf60f9"}, @v={0x93, 0xa, 0x99fb1b013bec8463, 0x6, @generic=0x2, 0x80, 0x32ad}], 0x10) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000380)) mremap(&(0x7f000090a000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f000044e000/0x1000)=nil) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f000090b000/0x2000)=nil, 0x2000}, 0x1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x40, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x1d1003) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0xc1030, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x0, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0xc, r4, 0xc) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r3, 0xf50f, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) [ 1275.153735] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1275.153759] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1275.153784] CPU: 1 PID: 8875 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1275.153790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1275.153794] Call Trace: [ 1275.153810] dump_stack+0x1b2/0x281 [ 1275.153847] warn_alloc.cold+0x96/0x1cc [ 1275.153860] ? zone_watermark_ok_safe+0x220/0x220 13:27:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x501000, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xdff, 0x84040) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x6}, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0xb0, 0x40000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x81060000, &(0x7f0000000380)="8ba19138443ff6eb623a20f0f8d31d770a7d4c7d0ed8888a1db270152a9bb3990ff185e17f717968ebcd8a76b15e0302ec133a650ce111e26cc2a204c321774f16d2eee2275750b8093a31a4754909aae734a586f1b93477e21da65038a2694e50fc8b70e826b68386b7bc872952364698037d1e9aca7915c7ab605b8d46300fc36da3d108623536fe6e4e6830e6bd821ac667f269ce165b625bc35ab6e1397122434bdf7abb4f73025e2b519aa0e9c3e01ca48bb8dd7912d07c286f1eb381fc3ab726f2ca2321232983", &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)="4591c48d2717b38cb802e5f199972217e0d91c1dcf713aa6d26cc8bdc7ed19e504f3ebd5df08c09020aec7598a28322ed05cd49d8cf22a4989a0ae15c86f061f2f10fb9fb33a7351c6389ce50c4adfbd8c17f507e62973883f04c2565e8d92de09b82ff5e89793a39b120aa01fdfece37e01349cf11d9cfb4e315312656f1b236e71f4b3f184cd010b83f840acfe9078151b40a76cf42c3f4cc437858dd6533132fec084defaee988661142213d8a2f417c8fd143e34acaef392") exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0050000001090400000c00000c000002000000240001001400018008000100e00000017033d9ba09a593534608000200000000000c0002800500010000000000240002801400038008000100ac14140008000200ac1e6f7929367300010c0300"], 0x5c}}, 0x0) clone(0x4001000, &(0x7f0000000080)="1859267fd061c0716fd00c148d5ea8ecec07b0c0253b375e93df816da5327fa596f73c88c32d7f39298c06466ffe22022f11d04c39abec59e7ea6fa0ea8a9aac65b0b779a5a4ed786843551e200362b5143122a91fd394683a857bff4888", &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)="4fe64fc26b5701f721dde103a1a6aabbcaef057b591b2f0c705973c76d3a86174d5568e6861a8ec9b06f8753890571d0de8e6b575078a2e1826510c1") ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x1319c2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:27 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0xc0, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000140)={{r3}, 0x1, 0x1, 0x1cb9}) r4 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r5 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video0\x00', 0x2, 0x0) io_submit(0x0, 0x2, &(0x7f0000000300)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x5813, r2, &(0x7f0000000180)="c9f5618d597311dd8de3daaa03954e73d5d48d336be45cee3777fc818b9ae279a9ec128433ce2c8d624adbfd49f0ba95caed230344492804be46c8c70d725d103f71de", 0x43, 0x2, 0x0, 0x1}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x80, r5, &(0x7f0000000400)="57c9297c7f7583d70304399e99e33686c427c847b36d4be7c0c0687f0ab0bd770bfcbafe45bd685f6c938995e3d3c053ee1dcb117bfff8a4f9ccc16b06b6a2d93e740a4a111b93f8c0ad371b163a6d2bf2c19d1860cf924850ab1e0163c6655719c7e1cb62ba7a2ccfbf2e0f063a1a7880387d219ede70e4a1d773b87675f9420272445c8907187aacb6488ffd4bee49d1dabfbb70ed04d5e7b40183b65015c716de76b3df8e69d573361852c199402aaff8f9c83eba75748a94dbb09bab52839f821cebe7934eb003dd84d1972359d346d28b04513dc667dc10091b1b06b624c5d7034c74ef3e0d1e90126c5cf0b52411e10816d9129967b989421067a1572979f4b4d9345afa3686a93465b3a87c326fbd58912f08252ac54356ca131236a8494663325945c7e9127fa6681e463bb14cf10392ef9f364410c25ed8fd437e88bbdc8f8d7c1d9351824b64e34ddb5612fae874740f2c4001fbb8cbf823f6997a9af8432241af700e41277973e2b01ba3abc6e3f7568cbd5c639c876ce359ce7891056cc983abf69b7b2c780904ff6c40357077e579ce9e2a04b72af35d7db64a1743a54132144aac251c5191bb98a2ba1e7c282ede44296e0391302c1f9213c5afa3e2f4458878b20dc7c2cab8d7e9452c0638b7c3ba3075813617007ba347c0c835960abf1cd421bf96ba4749f670bc62da4c374ecd0e38b8789e4fb025e516b26b541af366f57411bc1f90833c75e45ce5d911c76bd2f6b7114317de5d958fb7a28c851f925200270f341160ddff59ab8d8f8c37178c90b11ff203795eb819416ecc55c81a5ccf1269ad8aa4d3283301bbbb1c771d66c7d2f676dcefabfaaddc2365f4ea92044406345664dc5a7d5da2623ff68f8c9731cfa9a683249f2727a065c528b5beeb29f0ec326a40a3adbd955c16e7c87c4fef673c987ec0a6d8aab53fba89000cc75ed73cd3402dcba8a90cb45c0510c55c9b58431db45820efbc81ff488ae95970f92d32a037673a0a94fd2dc580d3b66d198a807f3840b11aecb87163c2bedb35dc2bc9c6144b6aec199a87f106f7c4f1bbd5c01a71985fbe879ad88e2cc5b8a2816fd1ca5fe9f150950fab3393d469db7f09ec6cbb3cd5c0156778d0c1a4151bd6d43ce3db3a3731db6242a7dec3e6f92e10312a4f181601c531afd9037b7624aa21c48c4ef42e82c9fb4984a667628115585479142bfbfca128b594ef777254ec70065c2a856cde696b34b595fc0fbcca885cff6a771203c7a40595983b5776a9b17512c4c95f517418a4f8b5c7eb03fcec4fc52faebf2c689924ea93055cced23acc1fe65a16b9d39329b4cab6410dc217a334f637c64643a14fd79eb481d39dc2d1b7ff6573c49a8365f79e17a6b6d396b59f849036b39b996af6482cc951e846028a8337acf24f5c3056dc905d06399456bc249201b4045c40c8231a427116d72652d6093b1adc04c3076c70ef26a6129ffdeaf1fcb6ff39f1a0791b4c1ce947cbb72592261aed1ca030947bd58b9d0ceb3c5f7e82f8f911f84d66fa9707b9c5cb79744689d2649f7de628d18aafdd22bf143d74d94534344f63780d5dd793d278e5fc51a1e0588602c65b5b49690bfeb41d3b871afb950cf7bad5274f0fe4d9bc6e5f48776bae543391cdafc7e728c8a3798b23827992e2e5f9c0d024bb16659ada6903d6f22e23544162b16b23a1c8b1a80f9154c495f7f81d9e5cbb8513f76e071151b524e8a5e145662a4bb3a2476855db9f8d9a65ff488dac5d03d0a7c0c81fdf283df348f8b052bfc47cb8b925de814b2a1056a78f17ba57e857bbde766896eaf03aabc0b9b945d9e876ddca5af4dbaaf7f9f79cdb4c4df0c6e0e954d9b3d66525fb90b42dfe72732f8965a769c704f8d7ac12d35e8062ee70b1b2b666d30088ca6a9b938003fe442beb52dc7ae03c11d304106d3c2daaace0740b1eafed1efd2ec46e54df68e338e2e9dde0803f3322d212b747d157c36b71771f3d48e2905872b8f65dd7b4d57dbb217d2016040c86764a3c9c5e2e370d44d47109ec54f26ebaa54c74dc678b6123523a136bdfaf066500781be4b844b8d4055794a724db2d7b6fbe2fc9ac8e1aad19850e70f7d97e23547cc8ed3b7980bda1f464185a2d1f3bf001b309f8fe559860ffbdf686f8cd9e55a68c6de343571b934ef38545c4db62e3e3ead043e27098f61ad381aa5eceb0367d4c0f9057fa5abc149f9b12f4401ebc937a01d2ea65977db480097838679bd8972a1e23469e3c8072abaaf44a3ba4c9fc6f04b55cf24b76ea460c23f8928a7e6ff8d3482619869c022a03ccb6454ceee01430449a1a9c071b1ebeacd710fae4c4a7467fe1ff85fed225ac3864c648ecffd4e702ec3f40fd142c2984420edb6ab20756241bd014c2da43eb8f78530f49aedc1a45560897f3b294c80091664700da80c43fdf99befbe50d8c51dc00a84658ff1daa13a0013d115649c55f63487704cb268381b569bdfe5fcbde5621f58f03d1fc7f082948a5c9bd0892e550a1b483e49802b8ce7a53776557d1f0fba49183cae1ae45f5c23f3416a52e5455302678dbe3eee23e2c1e0a124188bbb084d51e232d54f782450e5e5c07f1ee93ceb92193c38f7f486868247449295760a58e2190da70e30b1af539978a2b3f754cfb708c86be0c454a075460aea30de8cd353e28b218210f8f64665d1edf77ad3e448abc617e3461fa865cf4d29412fd0b8b99f1a5b8f31088eaa53cecb0303c735ac05e5449f05cf0f2b37b002a0c0c7976fd320a546946bc679f552327a04c5720b6eb0ac4f2377da3126181e7fec02bb655bae9a778c1829cdb664dc073ae125f8d2a56e0158517217b5938d91ed21c3ed4dc7ffc013dd7e7dd1463d865cd6b322c61ff338d4dfdb9aeb612fa00a0f6ed295f4b2463dc20b567e24506d755fc1cac678226661afa1ad4dc3b805ccfc5ef55418871088f58b12c7b091a07df04009e0c5fa7d5b4243a7277b635102983cf6c2a8bc1e517a968251bfa41f6f6b64b1b8e731ec8fe9e68e8bfdc4e07a25830e541d0682fa53c65dbd60b0d72be1e4b824eb80a127ccba403026f13209569d2be8c8e4ce3cbdeae06666c0afcadd6a3b5b815ec572f91fb964f3037ecd40570c9c414b03c3cd3db39c09ef8bd978ae86fd17a316df0e2be91a321da6ded3a3834e72fa5df8e3f98c1d00e59f7f8a5ef5e9b3acba6fdc055c1889eb286bb9b1233752c421f56822c4da4dd7be8fa3dce462a019acc15ffb22ac8a3dc2b74161a0f46a7563c2540b04d77b7a46147a0d06eee9f2bbd22d806c2f33321077f9b541bc91295c668580b701da29be4a446caba7cc50a27714c5610f859603cfd6e07d29b8c68d01d5aedf77b099c85b1de06b3042d448f5f6b20ce7decea3d9a883a15fd3db9138a3ed37f8dee31a437c8d00bc830b2a75bc346771d5ec7bdf6943d6fb0a3af8c588a2a000bf35ea6ee4e8b66821b0e944c3303234f8fc46ba13cf7338f29f8f87124cb93217b70ac38d076fc508321f68744283ce764ace08accc91121e99c41fd54491bb0829888ab31c5f496666407d9149b8c9365205603833ee104542ddb2fe86691ad38ceeef9165b7087bf1d9f104836a84dcfea8761703b00517f6ae1887c9f074ef044298394cc051a0b998eb9c85311ce5eb6648cfef58a579517ec40bfb46c0fb3a6cf1adf297f72aa281bde8ad364a9f7c06e00e31ba63978c647fe592a6b74d0be2da8309a69d1cf1ab5ced709a40976093c7b9f0865ff299121b014d2021384c44039b734a29723a4d30da412afbb0e4a006a261e12933a3942000df0c1803866a6c2f6334ace577964b093fda1b64003872abdbbb5f14300263db4591e1e9186ba22ed5886a7adf1f797da0d8a6f6f82130468b5b8ccb9b2c632ec20fe48f5d66affd64e18ca2bfc190ca1584b8bc3a32ef17df05183e24a30e5881b01f89e61cd2ca739f7f6f0ab5c6d2a7fb5c2e424a3f369e0208438fb5a72ec81f747458c82124ae00c7b83ec5bc3470e4228285d3164bbc9b434bfeb28cd5189231f2856ae097c5c91c5233c14ad96803c0bc23a626b2c139eacb5ca7e9e0bd7784225dfbbacce2a45a7d445dc46b083f30e51fb3343c23fe010280b3ff67e25805badd851dd4b0df6052ae6b4f9b6d7c635348b43dc8ed2feb52dea0d2c1915305157f2ef4734e19ad89d61aa8f571de91be0746414c9c8ced6372896bf9e8a79ab52c5b5663071c0e336d360915d82d60b09cf20435c0355c460c17c356a5a9b78a014b9dbd4747ee87e610e8a78633d5d0fb3ccff3c45ffbb7ab855a437a1633ee96a917d7ce3726d92779664e8ac6a91bc0a030a24dbc920efe91d8138bda03033915d746a6631a3a52e829f9a28695bf326174edc5b02f618c4eab00c63bec5c1b009622ab05f1b99c6c43d68dd1d89407e5932485d60e5f2ff6cfd13282e74dab03479c69c9b5dca54dac6d4b325472dad412ce8cf7cc512b5cd59e5b7d2e3537b7fc810c759ecaab6c4074990f4df11126450d3d6658c1c172773ad23e77adc04a522050e45a8dd49c997ff7ebf2712c6f3d262db1b129fe45f04b9c292b9da0d1c94ae339a9df1ecf76ec84294efb58f40546f9670e975588474645f965bcf4909d777fe9a796834ce20471a15a9c3a17ee0f9e707b821c1611b7b3ae375c3b675c33286145634de69e8a2d858a34271944f3832d5b66eb8b44bbd07cafc17772cf062ab827611e680f78ec32d10b34695c52a2232eb556c606ebf98705e315e25ed9df4252df332d18b0858ee8268efa286537c344165c9ac4d586ad6bceb0eab006c3f5451914f6c967cc9ea13997da39e59e721d35924c7c648ccfa6bd3afbf8c0cf54bffb26e79156728e0fb4185df3b91c4fc19d7d28316916cb01c35c01ce1ac659c88c831c4bdf4ea2ea9b43e6fd236a4bbfa735ce7d46f78c0e407cd72c1fda883ef577b2b1087add1e4b50d51ded48f44c3a930e27693489e42c7066c8c61659c9bd029523b4c2a95cae6132698aa76b4c8647560e836786b6d9cb2e8b3c194bfa51acc50b8396455c4e927cb3f8c015d4b7fcb9e07731b83aa68f7d8c5c1f8160c8ace4912ce9412d3cb38ba89f3b870e3388d1cea51293cce246d226a3aa80ab14c63f6d9d2fcf58011fe5e61329cb09fe649d6082d6b96d8ecfa6c1f6ac5e9c6b9fc2d95f9c3fb92c6ee18d0db355f433aaed0a5541cf91ea4f6f10e048b8ac702dcc362efb127ee91ebfe9ce80eec64c39c1e867826eda1ac4ae709ebf0df95e09c0fecf4aff6f09a8ff3653f0d4a8e87342ed7e5225f0859e8b7366fd102854f4d22bc8894bfee9149f95a91796d96a525d410c85a90245f34d561a52e7cee796e382b068728b0552c564063c6f1b8b2f79c005e33a471cf8c352ba6ef1f91122d0d6066f69f7e338f854b8edda65e897ad00a7bcb1d30d206bc7a72279f4e377639664a080a383aa94c475c32e28b640e43ae7264efe21dd41032888e31d81807ae630467d3ff70a34d1c5141612c73ae7f7214b672b93786c190e847f3e57e4f3278e0860fd94a8049a552407b587e6d48eb9cc4bf1209f3df7b7c5eac712abba65f68812cad6539bc1b303776e033624b83fa600f584cb7d89b910e3cdf96942827de67a855914ed13b852032455e8cea6856ca6be1fe468f5fa5935fdcdef3cbaba0d036f886fd87111e90a45caa16146b888200939d51d50650dc7820041e3a3c39a855d2a93f6f6726a24754c0fd84c998b6a35d70710d03a5ff4fba", 0x1000, 0x80000001}]) r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r6, 0x800) fallocate(r4, 0x20, 0x0, 0xfffffeff000) fallocate(r4, 0x0, 0x1, 0x3d) ioctl$FS_IOC_FIEMAP(r5, 0xc020660b, &(0x7f0000001400)={0x6, 0xffff, 0x6, 0x3ff, 0x4, [{0x6, 0x8, 0x7ff}, {0x1, 0x800, 0x6, [], 0x4}, {0x1, 0x1, 0x8, [], 0x8c}, {0x1ff, 0x8000, 0x4, [], 0x802}]}) fallocate(r4, 0x3, 0x0, 0xffff) fallocate(r4, 0x0, 0x0, 0x10000101) [ 1275.153882] ? wait_for_completion_io+0x10/0x10 [ 1275.153897] __alloc_pages_nodemask+0x2127/0x2720 [ 1275.153922] ? gfp_pfmemalloc_allowed+0x150/0x150 13:27:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1275.153931] ? perf_trace_lock+0xf7/0x490 [ 1275.153941] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1275.153961] ? do_raw_spin_unlock+0x164/0x220 [ 1275.153973] alloc_pages_current+0x155/0x260 [ 1275.153988] kvm_mmu_create+0xda/0x1d0 [ 1275.154000] kvm_arch_vcpu_init+0x282/0x890 [ 1275.154008] ? alloc_pages_current+0x15d/0x260 [ 1275.154020] kvm_vcpu_init+0x26d/0x360 [ 1275.154032] vmx_create_vcpu+0xef/0x29d0 [ 1275.154045] ? __mutex_unlock_slowpath+0x75/0x770 [ 1275.154056] ? drop_futex_key_refs+0x2e/0xa0 [ 1275.154067] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1275.154083] kvm_vm_ioctl+0x4ca/0x13e0 [ 1275.154096] ? kvm_vcpu_release+0xa0/0xa0 [ 1275.154117] ? check_preemption_disabled+0x35/0x240 13:27:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:27:27 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1=0xe000eb00, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1, 0x0, 0x64}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28, 'icmp\x00'}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40, 'connlimit\x00'}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1275.154138] ? perf_trace_lock+0xf7/0x490 [ 1275.154149] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1275.154163] ? perf_trace_lock_acquire+0x510/0x510 [ 1275.154174] ? kvm_vcpu_release+0xa0/0xa0 [ 1275.154185] do_vfs_ioctl+0x75a/0xff0 [ 1275.154197] ? ioctl_preallocate+0x1a0/0x1a0 [ 1275.154206] ? lock_downgrade+0x740/0x740 [ 1275.154219] ? __fget+0x225/0x360 [ 1275.154229] ? do_vfs_ioctl+0xff0/0xff0 [ 1275.154239] ? security_file_ioctl+0x83/0xb0 [ 1275.154253] SyS_ioctl+0x7f/0xb0 [ 1275.154262] ? do_vfs_ioctl+0xff0/0xff0 [ 1275.154276] do_syscall_64+0x1d5/0x640 [ 1275.154290] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1275.154299] RIP: 0033:0x465f69 [ 1275.154305] RSP: 002b:00007f8db8961188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1275.154316] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1275.154322] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1275.154328] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1275.154335] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1275.154341] R13: 00007ffe6abe2b0f R14: 00007f8db8961300 R15: 0000000000022000 [ 1275.181875] warn_alloc_show_mem: 1 callbacks suppressed [ 1275.181879] Mem-Info: [ 1275.181903] active_anon:841954 inactive_anon:18063 isolated_anon:0 [ 1275.181903] active_file:9504 inactive_file:34026 isolated_file:0 [ 1275.181903] unevictable:0 dirty:180 writeback:0 unstable:0 [ 1275.181903] slab_reclaimable:16196 slab_unreclaimable:195593 [ 1275.181903] mapped:62719 shmem:8996 pagetables:18377 bounce:0 [ 1275.181903] free:489822 free_pcp:336 free_cma:0 [ 1275.181922] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:27:27 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0500000000001000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015000000580003000000"], 0xc4}}, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000140)="5a2df7a360c1e81c0c9397338f5b0c5cacaaae7198fe2e2ed46a1b67b6007fc20b2aca0d", 0x24}, {&(0x7f0000000180)="3685177373ef2d9ce9ede55ca39ce3b3db0fba751dc335bc9709083bd4f02bbf8cd3431e5a0a1a40effcd0fcba53839ccfd6d894adeaed3b16eb4bdb3a78e9e367b543c548a67f9394c5c6865a3538f2520743f403251d5ad45f2f635906ea5a952c6d335f7136b5c0c9a9fd93e57a5fbf6b087c0080cbc80b36c72696d8459cde8ca890b51791a4b7d232db2d1a74265f14c8fd9211bf4159d10e56a2fe77b55f1f9465e924a0532be06e8681eb1742b9598f56", 0xb4}, {&(0x7f0000000280)="e51e3b8cca818216da1627b284ac38c44d56f2634477cb49634b6d09eb972c81c5acad272bbc15c70c89da43dcb0f0b406a92706edf39c8d4ecc50d8864b4ba1c16c0966fde9b6ebff7356cb75b362892c41fb7505fd86550ab49e13a8eeb855e94f4827d62f74e7cce831481b5e2d991b19ce3695ef2272edc0d72c74ec6b6180a5f39992b0285197237ffa8f8e3b9a6c", 0x91}, {&(0x7f0000000340)="1065af49c753ed74caaaca0a51fb3598eaa03248f7", 0x15}], 0x4, 0x7, 0x7) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r5 = getpid() sched_setscheduler(r5, 0x5, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x3, 0x8, 0x4, r5}) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x5948, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1275.181938] Node 1 active_anon:1258556kB inactive_anon:53480kB active_file:38008kB inactive_file:136104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33776kB dirty:720kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1275.181942] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1275.181962] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1275.181984] Node 0 DMA32 free:28608kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:344kB local_pcp:216kB free_cma:0kB [ 1275.182006] lowmem_reserve[]: 0 0 0 0 0 [ 1275.182028] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1275.182048] lowmem_reserve[]: 0 0 0 0 0 [ 1275.182070] Node 1 Normal free:1919708kB min:53696kB low:67120kB high:80544kB active_anon:1258556kB inactive_anon:53480kB active_file:38008kB inactive_file:136104kB unevictable:0kB writepending:720kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17408kB pagetables:42000kB bounce:0kB free_pcp:1000kB local_pcp:460kB free_cma:0kB [ 1275.182091] lowmem_reserve[]: 0 0 0 0 0 13:27:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000080)="67450f4a24d726660f3810800c00000044e78d0f1bc4b9800000c00f3235010000000f30460f18ff0fd7d1f243af660f38f5bedf83000048b8102c089a000000000f23d00f21f8351000000a0f23f8", 0x4f}], 0x1, 0x24, &(0x7f0000000100), 0x0) r4 = openat$incfs(r3, &(0x7f0000000140)='.log\x00', 0x101800, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1275.182112] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1275.182212] Node 0 DMA32: 938*4kB (UME) 287*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28608kB [ 1275.182286] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1275.182337] Node 1 Normal: 3*4kB (UME) 226*8kB (UE) 336*16kB (UM) 139*32kB (UME) 46*64kB (UME) 187*128kB (UM) 284*256kB (UME) 120*512kB (UME) 34*1024kB (ME) 14*2048kB (UM) 411*4096kB (M) = 1919612kB [ 1275.182432] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1275.182439] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1275.182446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1275.182452] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1275.182457] 26635 total pagecache pages [ 1275.182469] 0 pages in swap cache [ 1275.182474] Swap cache stats: add 0, delete 0, find 0/0 [ 1275.182478] Free swap = 0kB [ 1275.182482] Total swap = 0kB [ 1275.182489] 2097051 pages RAM [ 1275.182492] 0 pages HighMem/MovableOnly [ 1275.182496] 363840 pages reserved [ 1275.182500] 0 pages cma reserved [ 1275.876850] warn_alloc: 2 callbacks suppressed [ 1275.876855] syz-executor.2: [ 1276.000398] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1276.011600] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) r3 = dup3(r0, r0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) [ 1276.409598] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1276.414836] CPU: 0 PID: 9041 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1276.422630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1276.431987] Call Trace: [ 1276.435738] dump_stack+0x1b2/0x281 [ 1276.439372] warn_alloc.cold+0x96/0x1cc [ 1276.443354] ? zone_watermark_ok_safe+0x220/0x220 [ 1276.448209] ? wait_for_completion_io+0x10/0x10 [ 1276.452886] __alloc_pages_nodemask+0x2127/0x2720 [ 1276.457754] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1276.462597] ? perf_trace_lock+0xf7/0x490 [ 1276.466781] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1276.471638] ? do_raw_spin_unlock+0x164/0x220 [ 1276.476143] alloc_pages_current+0x155/0x260 [ 1276.480565] kvm_mmu_create+0xda/0x1d0 [ 1276.484459] kvm_arch_vcpu_init+0x282/0x890 [ 1276.488783] ? alloc_pages_current+0x15d/0x260 [ 1276.493368] kvm_vcpu_init+0x26d/0x360 [ 1276.497266] vmx_create_vcpu+0xef/0x29d0 [ 1276.501337] ? __mutex_unlock_slowpath+0x75/0x770 [ 1276.506182] ? drop_futex_key_refs+0x2e/0xa0 [ 1276.510604] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1276.514667] ? get_futex_key+0x1160/0x1160 [ 1276.518910] kvm_vm_ioctl+0x4ca/0x13e0 [ 1276.522805] ? kvm_vcpu_release+0xa0/0xa0 [ 1276.526962] ? lock_acquire+0x170/0x3f0 [ 1276.530938] ? lock_downgrade+0x740/0x740 [ 1276.535092] ? check_preemption_disabled+0x35/0x240 [ 1276.540108] ? perf_trace_lock+0xf7/0x490 [ 1276.540792] syz-executor.4: [ 1276.544254] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1276.544269] ? perf_trace_lock_acquire+0x510/0x510 [ 1276.544282] ? kvm_vcpu_release+0xa0/0xa0 [ 1276.544294] do_vfs_ioctl+0x75a/0xff0 [ 1276.544308] ? ioctl_preallocate+0x1a0/0x1a0 [ 1276.544316] ? lock_downgrade+0x740/0x740 [ 1276.544330] ? __fget+0x225/0x360 [ 1276.544340] ? do_vfs_ioctl+0xff0/0xff0 [ 1276.544350] ? security_file_ioctl+0x83/0xb0 [ 1276.544361] SyS_ioctl+0x7f/0xb0 [ 1276.544368] ? do_vfs_ioctl+0xff0/0xff0 [ 1276.544380] do_syscall_64+0x1d5/0x640 [ 1276.544394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1276.544402] RIP: 0033:0x465f69 [ 1276.544410] RSP: 002b:00007f58847db188 EFLAGS: 00000246 [ 1276.573087] page allocation failure: order:0 [ 1276.573940] ORIG_RAX: 0000000000000010 [ 1276.573947] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1276.573954] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1276.573959] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1276.573965] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1276.573971] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1276.584478] warn_alloc_show_mem: 2 callbacks suppressed [ 1276.584482] Mem-Info: [ 1276.656962] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1276.676922] active_anon:841995 inactive_anon:18064 isolated_anon:0 [ 1276.676922] active_file:9507 inactive_file:34037 isolated_file:0 [ 1276.676922] unevictable:0 dirty:204 writeback:0 unstable:0 [ 1276.676922] slab_reclaimable:16292 slab_unreclaimable:195822 [ 1276.676922] mapped:62705 shmem:8997 pagetables:18446 bounce:0 [ 1276.676922] free:489307 free_pcp:362 free_cma:0 [ 1276.730199] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:27:28 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r0, 0xc) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0x29, 0x2, 0x7, "4bc4cdf7b7ec13ff81351360469fbb03", "b28275f4c91968ec3e785b70ccc0e7861b4d58c4"}, 0x29, 0x2) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000000)={0x20}) [ 1276.771778] (null) [ 1276.773953] Node 1 active_anon:1258720kB inactive_anon:53484kB active_file:38020kB inactive_file:136148kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33820kB dirty:816kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1276.794564] syz-executor.4 cpuset= 13:27:28 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000140)=@v1={0x1000000, [{0x7, 0x9}]}, 0xc, 0x2) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1276.813127] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 13:27:28 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1276.921501] / mems_allowed=0-1 [ 1276.945252] CPU: 1 PID: 9073 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1276.945825] lowmem_reserve[]: [ 1276.955018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1276.955023] Call Trace: [ 1276.955041] dump_stack+0x1b2/0x281 [ 1276.955056] warn_alloc.cold+0x96/0x1cc [ 1276.955070] ? zone_watermark_ok_safe+0x220/0x220 [ 1276.955090] ? wait_for_completion_io+0x10/0x10 [ 1276.955103] __alloc_pages_nodemask+0x2127/0x2720 [ 1276.955126] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1276.955134] ? perf_trace_lock+0xf7/0x490 [ 1276.955143] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1276.955162] ? do_raw_spin_unlock+0x164/0x220 [ 1276.955175] alloc_pages_current+0x155/0x260 [ 1276.955189] kvm_mmu_create+0xda/0x1d0 [ 1276.955200] kvm_arch_vcpu_init+0x282/0x890 [ 1276.955208] ? alloc_pages_current+0x15d/0x260 [ 1276.955220] kvm_vcpu_init+0x26d/0x360 [ 1276.955233] vmx_create_vcpu+0xef/0x29d0 [ 1276.955245] ? __mutex_unlock_slowpath+0x75/0x770 [ 1276.955256] ? drop_futex_key_refs+0x2e/0xa0 [ 1276.955265] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1276.955276] ? get_futex_key+0x1160/0x1160 [ 1276.955288] kvm_vm_ioctl+0x4ca/0x13e0 [ 1276.955302] ? kvm_vcpu_release+0xa0/0xa0 [ 1276.955324] ? check_preemption_disabled+0x35/0x240 [ 1276.955339] ? perf_trace_lock+0xf7/0x490 [ 1276.958895] 0 [ 1276.967792] ? check_preemption_disabled+0x35/0x240 [ 1276.967806] ? perf_trace_lock_acquire+0x510/0x510 [ 1276.967819] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1276.967828] ? kvm_vcpu_release+0xa0/0xa0 [ 1276.967840] do_vfs_ioctl+0x75a/0xff0 [ 1276.967851] ? ioctl_preallocate+0x1a0/0x1a0 [ 1276.967859] ? lock_downgrade+0x740/0x740 [ 1276.967872] ? __fget+0x225/0x360 [ 1276.967881] ? do_vfs_ioctl+0xff0/0xff0 [ 1276.967890] ? security_file_ioctl+0x83/0xb0 [ 1276.967901] SyS_ioctl+0x7f/0xb0 [ 1276.977636] 2717 [ 1276.978042] ? do_vfs_ioctl+0xff0/0xff0 [ 1276.989644] 2718 [ 1276.993374] do_syscall_64+0x1d5/0x640 [ 1276.993394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1276.993403] RIP: 0033:0x465f69 [ 1276.993408] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1277.005968] 2718 [ 1277.008954] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1277.008960] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1277.008965] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1277.008970] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1277.008975] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1277.398179] 2718 [ 1277.408627] Node 0 DMA32 free:28576kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:364kB local_pcp:236kB free_cma:0kB [ 1277.439266] lowmem_reserve[]: 0 0 0 0 0 13:27:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f0000000080)={0x0, 0x5, 0x1, 0x4}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe80, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:29 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x3}, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f065b10"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1277.443394] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1277.486473] lowmem_reserve[]: 0 0 0 0 0 [ 1277.490889] Node 1 Normal free:1920888kB min:53696kB low:67120kB high:80544kB active_anon:1258240kB inactive_anon:53484kB active_file:38020kB inactive_file:136168kB unevictable:0kB writepending:832kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17056kB pagetables:41984kB bounce:0kB free_pcp:960kB local_pcp:412kB free_cma:0kB [ 1277.522412] lowmem_reserve[]: 0 0 0 0 0 [ 1277.535613] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1277.576143] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1277.605211] Node 0 DMA32: 922*4kB (UME) 291*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28576kB [ 1277.658026] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1277.668913] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1277.690357] Node 1 Normal: 174*4kB (UME) 462*8kB (UME) 423*16kB (UME) 158*32kB (UME) 48*64kB (UME) 182*128kB (UM) 284*256kB (UM) 119*512kB (ME) 35*1024kB (UME) 14*2048kB (UM) 410*4096kB (M) = 1920088kB [ 1277.709563] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1277.737982] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1277.747578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1277.757521] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1277.766792] 26652 total pagecache pages [ 1277.771386] 0 pages in swap cache [ 1277.776472] Swap cache stats: add 0, delete 0, find 0/0 [ 1277.782929] Free swap = 0kB [ 1277.791541] Total swap = 0kB [ 1277.795721] 2097051 pages RAM [ 1277.798956] 0 pages HighMem/MovableOnly [ 1277.803198] 363840 pages reserved [ 1277.808509] 0 pages cma reserved 13:27:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffffffff001, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x9, 0x9, 0x80000001, 0x0, 0x1fe}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b8a701411c0f23c00f21f86635000004000f23f866b8d3d200000f23c80f21f86635040090000f23f8ba430066ed660fc775000f01daf20f0fdb0d660fea5f6c0f070f01f00f22da", 0x49}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:29 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = openat$md(0xffffffffffffff9c, &(0x7f0000000140)='/dev/md0\x00', 0x0, 0x0) dup(r5) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r3}, 0x8) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:29 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r0, 0xc) write$fb(r0, &(0x7f0000000080)="9e09ac8ff2484ca127e27ab6eab910ee1f2d2991d9aca88951248260d3db5133e2cc8c627ea793e71d7879b0f1bbf67e6e624157dbf0ab5ad7d68ba99b197ddd147415776da219cf1b81bd11e7dbad6bdce371a56b2d47255bda0d73657d3c5197c9fb9ab83be6203bc75e9327a9173fdb7fd4c3880ca18ddb858af2a716043733dbc9510a74a446ecf634184ff6e68fc1d26ae054541f9de3e9c68a7d744483d2cc211fc96cf24516a1ff42fd90578c40c0210e0b0adbd107caa66c", 0xbc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x648e01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="54000000000109040000000000000000020000001400108008000340ff01fffc08000140000000052c0002801400018008000100ac141400f8de044b92fb65a4ca76072a3308000200ac1e00010600034000009e0b0c000280050001002f00000071078045ba65d43f6d2fbd12e90d8230446ab4e5367a89eff998e5af10022cf7317bb96445a4e938801b07829367bdb6457cb65cfe354daf288aec402484a1034f73578354ec8bd472dba4e12b02632020458e1bb6344c89eeae2d6019f31184bc0b6f9f9d7f4ea7f73345a09e65d9334d8abb1120a0c2333628d6e628c67000f254bc712d3f8a51312947d2bf39280140f6b248e17925021a76"], 0x54}, 0x1, 0x0, 0x0, 0x4000084}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1277.905540] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 13:27:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x692200, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xc0040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) r4 = socket$inet_sctp(0x2, 0x4, 0x84) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci\x00', 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f00000000c0)={0x5252, 0x1, 0x4, 0x1, 0x9, {0x0, 0xea60}, {0x4, 0x1, 0xc1, 0x3f, 0x7f, 0x7b, "3eafc2ed"}, 0x4, 0x4, @planes=&(0x7f0000000080)={0x6, 0x7, @mem_offset=0x3, 0x651dcf86}, 0xfffffffb, 0x0, 0xffffffffffffffff}) r7 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r1, r1, 0x20}, 0x10) r8 = syz_mount_image$jffs2(&(0x7f0000000180)='jffs2\x00', &(0x7f00000001c0)='./file0\x00', 0x9, 0x2, &(0x7f0000000380)=[{&(0x7f0000000240)="62c6d2e57aa5b5d647966cb5fa4467b3e0fd6387892e13d423e30ff6ccab37577649daed274f14db4f9c0eee5bf56d22ec856c5c939f487ecff992dcec0580e93e1ac1ce52e5b7d8eb1ab7603928d2083c417bba7469e5a6ba382a50b35639960dd42e62c1e6ca0bdef0e9b9ca9005d0f2e6c2c7750941cf2358a33d024dc3e18c151630fc876711a9baf771172bf4bc3155a714ccc3dee49521bae95a84e1f02211b563b27aa0bb54007f88bcad1889efad7028aad54278eac790f1922a3fa39878c0f4466c3a5daf3c94fcd431e5b6ea6bf15f6622e0fcf497944def3952341b431d37a7a0221363eb794899", 0xed, 0xfd69}, {&(0x7f0000000340)="094c2c0518", 0x5, 0x1000}], 0x100204c, &(0x7f0000000840)=ANY=[@ANYBLOB="636f6d70723d7a6c69622c636f6d70723d6c7a6f2c72705f73697a653d30303030303030303030303030303036343532342c636f6e746578743d726f6f742c6f626a5f747970653d25212c2329272c666f776e65723c6cebc05bb0d10d3591a2545e16dbbaa63d113b0441bf69d77daee9bbb382738c4d8070358112cff7a55dcb113b3a6f268242da5396fd40de4e703a5e55956a18ddc6cb82990fd21d369a1c49d6a5c98d7c359d5341ef8079bd4897f59c2f584d03c7f5e61f305ea3568788dc72c3ffa69e06a4f579e835fc906e329354d3e2e9d0ccd99643c454eb5953901a307e909b8a2e3db7d33da8e61275566fe616bfe01311ef81cc26678b1fd60cdf55dcc3da086febfec037708bf8bc6b85d8a62f97405ac5f7c008270492698c6b9cfa844893c82cb6675d95ef1b737071cab241ec7094a49fac9684b4df80727b858e5dfe867d1638eb89e85eabe80f50cc5935eb617e0e30884cb9197655eaacc38b13c3b03e9caf7f258ad06bd9bbcd3ed002ba28eb8b381a040def11bf574eed1a9c2043f910ead3d4848b159ef43a52abb4c3b14f441d1abab46e26e0ee2a894026e8a71aa66aecb5787acd46056233bfd0ef4de64ace2035914665c86914831075fb15663c9247732a2c2d0e1b2806d83e7d9bd5d8363fe31164b089206c9693e262e610c7836fefbf8bfefb1a1935206caece7a9a25d047ef2c7300f8468ad555a3be9afaec90e54c33c6e7ba962a1d2cbbd92418975370266dead0926b702b6e7f20a36776d6a2250b47cf717fb4485a9b68b0811595797f8c2c1d68be9b5cce365b9284075c1370247863ce8d0b1ad9015bb3eff92eef971beb1eccb1abc078eeb58f229ce9beef8140efe0a979b8a183b70e315e1a60263d377d49025af8233ad5c158bdfe8f", @ANYRESDEC=0xee01, @ANYBLOB="2c6f626a5f747970653d2f6465762f6b766d002c6673757569643d306263396432364f2d330000652d0061306f2d323900612d343165381c3439372c61756469742c00"]) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000480)={0xfffe00, 0x100000000, 0x9, 0x0, 0x0, [{{r3}, 0x8}, {{r2}, 0x8}, {{r4}, 0x4}, {{r5}, 0x1}, {{r6}, 0x1000}, {{r2}, 0x9}, {{r7}, 0x3}, {{r8}, 0x1}, {{r9}, 0xef0}]}) [ 1277.948227] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1277.969760] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1277.987044] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) pipe2(&(0x7f0000000300)={0xffffffffffffffff}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f00000000c0)="0f01c23e0f01d8c4e11573d3d1a50f22c30f08c4e1fae6260f20c035040000000f22c044f33e0f0118", 0x29}], 0x1, 0x31, &(0x7f0000000300), 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000240001801400018008000100e00000010800020000000000050002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x10001) mmap(&(0x7f0000fea000/0x1000)=nil, 0x1000, 0x2000002, 0x2010, r4, 0x449f5000) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_GET_LAPIC(r3, 0x8400ae8e, &(0x7f0000000400)={"f6a0ba5d15170ac57d476641e6b797c4323a00c330f40f5f9a819cbb59ef2faa39490b171caf19d284fd0d0287462b617f98018701c54985e82fcc6bde694843229eaeb76b8d67c1541461dfc2c6a8710736ed28ad97f306fa4685508ca6a111a91917e95c7426ddc703b75833bedab59046f16412f0082fc6f826cd33ddb526f02ae1445b90d2bc9a8eac1f041e83b363c2c2f63ae04cb8acee11c4d41568f18a9fb43dcdaa140bcc29cd5f7a4d2277dd09e1faac9228f7fc5677b5c648cd10dc8d558d3e2037da047cab78c145969187b344ca227f266dc6a6f86a0b854f2940eee4e1c75143909ff206651f391d019b8c6e33d7468c845695856e81f51bd1dd62dfc804bdb629c631d59c0801ead8600ab1826a8a39fc52a236c06a8e9e59ed864a3e37dff45a20e6adb99ab5e4be58282e4327557d56ddc5db2de740f0d88396e1343da9dc5e79a1038bfa855c0cab657d3a02d9cb2ee2a5375598191c08a298179c9fc400e4e42a9dd7d5aef75162a9305efb759ec7e786ef76850cba7aed016b03c18c3a04c78affa4aaaf5a30150bf530984cd29f869769a5575a7a95bc0a273e20feab4d05c8d71eb4cb366f43d7c3be5af97352b62e572d8c8e3671fe5c95fa9c50673da7e9b695a187cdee9442ca9af83377cfc44f9ee942e0d747552f3b73426e84fb1dde524746d0704d3554ad1ef5b2483b5b808994b7e62704f211da7c4e65b6c886a3d57209fde03cd79209f896d8e660461a885f9899265907afb11c437a042dc88d18128eaeda0a5c12098b0547dd47147c98cef5f941d3eb260ad0823234b5f63cffe7c8de547ede674fe093f000aab2e698f2d15f7e53ac66c393520d9f487649e71d0d30dd4e43a35b4890af249b6681e6f6c70558319b6ec04d0e144723c5f48977bcb16e3913ef886cc80b11223494f6dd0df3f37ccfc4c360be000e26b4e8762b6cffcb81cbaa33d4d51404a5948a1863c455dce0885ac1203281d63b566e868aeb6644c6b8efc0a7eaa47f2e36ceb7e97356adbe197687252bcbf0115d716fa208c5943b09172676548e2631e92ea3265dafc1faedea927bc90abd146429df04e2d95e040ed30b860f775db31ffe599cbad70dbdc92d1f4818cdb2eadcf1924aa42e2aad0c4c79d39b6ae8cad4c1f72498ddd81bf840f4d0dc49d87d3a1be1b70713fadc605a59e2170eb68a4a7cab81dde4b032e1be2f539e4a1ac6dc8883a1f3bc37de5e5ee82d1e8b0af1eaac0951acab89cbd58ee19328850a4581133a80acacc3b15ac9b2e7a28b6b25e8a02270b8ac8af2cff423c615a46a8ac4381ff0626aff9fe24dffc53a892ff0cceb3d0f4588086d1ae346d399d6f8e9d03162ee11bca63e89b9b8bd95d049bdc146e50b97a6e132c823f2823424a947b835726299ce87c2c90ea72071fe6b76a8c717c6fd825a50"}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1278.038082] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1278.053311] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1278.061761] CPU: 0 PID: 9201 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1278.069669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1278.079024] Call Trace: [ 1278.081626] dump_stack+0x1b2/0x281 [ 1278.085267] warn_alloc.cold+0x96/0x1cc [ 1278.089246] ? zone_watermark_ok_safe+0x220/0x220 [ 1278.094100] ? wait_for_completion_io+0x10/0x10 [ 1278.098777] __alloc_pages_nodemask+0x2127/0x2720 [ 1278.103639] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1278.108479] ? perf_trace_lock+0xf7/0x490 [ 1278.112627] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1278.117482] ? do_raw_spin_unlock+0x164/0x220 [ 1278.121981] alloc_pages_current+0x155/0x260 [ 1278.126402] kvm_mmu_create+0xda/0x1d0 [ 1278.130307] kvm_arch_vcpu_init+0x282/0x890 [ 1278.134625] ? alloc_pages_current+0x15d/0x260 [ 1278.139207] kvm_vcpu_init+0x26d/0x360 [ 1278.143095] vmx_create_vcpu+0xef/0x29d0 [ 1278.147159] ? __mutex_unlock_slowpath+0x75/0x770 [ 1278.151999] ? drop_futex_key_refs+0x2e/0xa0 [ 1278.156412] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1278.160473] ? get_futex_key+0x1160/0x1160 [ 1278.164708] kvm_vm_ioctl+0x4ca/0x13e0 [ 1278.168597] ? kvm_vcpu_release+0xa0/0xa0 [ 1278.172754] ? check_preemption_disabled+0x35/0x240 [ 1278.177770] ? perf_trace_lock+0xf7/0x490 [ 1278.181920] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1278.187025] ? perf_trace_lock_acquire+0x510/0x510 [ 1278.191953] ? kvm_vcpu_release+0xa0/0xa0 [ 1278.196187] do_vfs_ioctl+0x75a/0xff0 [ 1278.199990] ? ioctl_preallocate+0x1a0/0x1a0 [ 1278.204406] ? lock_downgrade+0x740/0x740 [ 1278.208646] ? __fget+0x225/0x360 [ 1278.212103] ? do_vfs_ioctl+0xff0/0xff0 [ 1278.216078] ? security_file_ioctl+0x83/0xb0 [ 1278.220487] SyS_ioctl+0x7f/0xb0 [ 1278.223854] ? do_vfs_ioctl+0xff0/0xff0 [ 1278.227834] do_syscall_64+0x1d5/0x640 [ 1278.229934] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1278.231755] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1278.231765] RIP: 0033:0x465f69 [ 1278.231770] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1278.231782] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1278.231787] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1278.231792] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1278.231805] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1278.288837] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1278.307311] CPU: 0 PID: 9204 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1278.316653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1278.326008] Call Trace: [ 1278.328601] dump_stack+0x1b2/0x281 [ 1278.332240] warn_alloc.cold+0x96/0x1cc [ 1278.336220] ? zone_watermark_ok_safe+0x220/0x220 [ 1278.341074] ? wait_for_completion_io+0x10/0x10 [ 1278.345752] __alloc_pages_nodemask+0x2127/0x2720 [ 1278.350612] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1278.355452] ? perf_trace_lock+0xf7/0x490 [ 1278.359600] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1278.364455] ? do_raw_spin_unlock+0x164/0x220 [ 1278.368954] alloc_pages_current+0x155/0x260 [ 1278.373491] kvm_mmu_create+0xda/0x1d0 [ 1278.377413] kvm_arch_vcpu_init+0x282/0x890 [ 1278.381733] ? alloc_pages_current+0x15d/0x260 [ 1278.386324] kvm_vcpu_init+0x26d/0x360 [ 1278.390213] vmx_create_vcpu+0xef/0x29d0 [ 1278.394279] ? __mutex_unlock_slowpath+0x75/0x770 [ 1278.399128] ? drop_futex_key_refs+0x2e/0xa0 [ 1278.403544] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1278.407613] ? get_futex_key+0x1160/0x1160 [ 1278.411950] kvm_vm_ioctl+0x4ca/0x13e0 [ 1278.415841] ? kvm_vcpu_release+0xa0/0xa0 [ 1278.419998] ? lock_downgrade+0x740/0x740 [ 1278.424144] ? check_preemption_disabled+0x35/0x240 [ 1278.429161] ? perf_trace_lock+0xf7/0x490 [ 1278.433392] ? check_preemption_disabled+0x35/0x240 13:27:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) gettid() r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="940000000001090400000000000000000200000006001240000100003c0002802c000180140003000000000000000000000000000000f50114000400000000000000000000000000000000010c00028005000100000000002c0010800800014000003c00080003400000040008000140000008000800024000000200080003400000000408000340000030060800074000010000"], 0x94}}, 0x40840) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = getpid() sched_setscheduler(r3, 0x5, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x6, 0x0, 0xfc, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0x4800000000000000, 0x2, 0x9, 0x80000001, 0x800, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) perf_event_open(&(0x7f0000000280)={0x5, 0x70, 0x3, 0x5, 0x8, 0x3f, 0x0, 0x2, 0x8000, 0x6, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x0, @perf_bp, 0x2d, 0x91d9, 0xffff, 0x1, 0x49f, 0x9, 0x1ff}, r3, 0x1, r4, 0x8) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1278.438410] ? perf_trace_lock_acquire+0x510/0x510 [ 1278.443345] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1278.448323] ? kvm_vcpu_release+0xa0/0xa0 [ 1278.452475] do_vfs_ioctl+0x75a/0xff0 [ 1278.456286] ? ioctl_preallocate+0x1a0/0x1a0 [ 1278.460691] ? lock_downgrade+0x740/0x740 [ 1278.464841] ? __fget+0x225/0x360 [ 1278.468301] ? do_vfs_ioctl+0xff0/0xff0 [ 1278.472283] ? security_file_ioctl+0x83/0xb0 [ 1278.477479] SyS_ioctl+0x7f/0xb0 [ 1278.482604] ? do_vfs_ioctl+0xff0/0xff0 [ 1278.486669] do_syscall_64+0x1d5/0x640 [ 1278.490575] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1278.495788] RIP: 0033:0x465f69 [ 1278.498975] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1278.506781] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1278.514048] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1278.521319] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1278.528589] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 13:27:30 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2840, 0x5) r3 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1278.535854] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 13:27:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1278.577793] print_req_error: I/O error, dev loop3, sector 0 13:27:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f0000000240)={{r0}, "7d99ee0b5814f29db3b61fd8bd0eae97750082987828dcfc8f0ad790a8fd5ca5574166757f39c6ca95348ad3b804d2b248da4a042245f3bbc407a482ad9a53b050f57b9dd67e5be946139495787c7c8e50ecef2fa2b5801daae3cc469488187a31b76c7610ec278cc2321b6d77477976c7ed2da906b347152282c802a94bda64ee5f8ba40662b86a924b2aa8430956ba9c6c02b3f0c36a79f7f7910621b5a6d1feaf36888502817a25d7857b8f3f6c3f2e583f678336c27a6991e6b1ef33fe80d2b98ccb524a8d53705a7f0796017f284e63f205856faebeb7272e524a5b1e3a73293d42e558eb15a421798dd09808eabe3673ef9cc2e66b450d9d7e0256179e341982b59ea2a63bb6183d06c5d1844be468fb6c1a889d3f57cd2d74c269d13aab39b0c03528a702866076b14b763b2da7116a5101b754cad885454a2b07f1ed4e691e43150d18c7404f1c4277e8ecfe6413a6cbe1f399159eb4397584a305bdb538930ad60ca2369524b00ffcfbce1edd65773d655dd2715be267acb3dc0fe38b4bfea2a41b1a83a86af6f32fd65af68df438ca21a13790a0d22f3c0cf492762733ffe415d7d332fd66e650921fb1c0eb33d0a236547c1ca0f61f74a8033f6486b82d950b41d1bc67f97733e5b51bb817fdd7b9872b6ea5ebc4cba57480d21193be8f6185a61316348eca545e922a90ba287197dd4e086c2b399af91afcb570a85a924226f7556b72a1210da27ab9e62b40335cb6f9569635e508d422b0ef50fd8f29735bcf18bfdb408b1cf60258b1e425f15243ed37d960a1c09def82f38530020a8e8bd678ad87d61420dc3bde0cea86f187fec6dbd2595e059dfa69976997521ffee0d4914cccbe8cf783333b7bbd37d10c32b30932406db4590d59a0266043daf6772c2767a5e5b620b1868e57bed55021e898d6de8b4ceda48d8286aaeb08910e497d8b7ea43567a8b88983e2631762a19a96f47e15c9ad7ad9aa9ae27858aae18f5ee03e4ebb6396bb22790752b36133495357f33f2ffc207ec01a0918a2a1dd1b409600f1166c0eaeca3b6f7d95718025ef200a0dc595eb0904642940f0b0f69a5fc92d44b0b52a39863ce3c8e8c21578e872befd59531040a1fb8ba0b80c85a6434dc6f1b4ed9ed6a1d83eb3ef95aee2098dd0e70993d677153dccda2167d6aa2e02dbfada2f9035f76db2bba3f2a7517241beba24541777f3da13256d3c8f29a50292eb9665ca6e7eb47cd292bf39877d13e81af9324f60556de7b46ef80634dab59092b61f00d048864838cb94dcaecbf600eceb30e128a373ddc0dc18652f005f162da88f648c7981ebbe92d47301e2932a32deabec4bbe46381bf62139ae3dcc8aa2c6d9a976a8c87748ef95103e62d03b21b6681672ca0504525156064f63d6ff5d35222cf6d9b6a7fe506cc27f53d137d221527903404163a27d7a8757f9221d71f416270bbbc54f5d1193e74b177b692363255d2d79ebc29cf67dcd5749a5d9b8748d38c65c5a1289777194b114e9388bbc59611fa8b36cfc43511a55f620c25eb25df168a2a6f7f44cb94524b29b2d1594d3498deb68150c4ee5189ea6ddb45fdc32f79230da065459c9f3887f3b3778f36b877b5eceb10cfb061a099f3dee29a5162952b906520ca5c13cf36cb3153152540e83c4ceb64b425920b227787ed6010c0c1d06b05e64b163162c0ad2b87532458acd24e3183ddd90b448922f5fe8bfd52e1f87390470ec0353edb76f0df75720e60316ce29ba23e60c3c66c97521d7d61a9c0122c3d9a2723e9e2541624c4ad9b0af7d83a1af905eb53f0bd1756c3ac90a028623a47a051f151e4b7737e71e6eefd1a59e3ea707f223462b55c92586f9e07fa6803e76fe29c620af3ce409b5950cf9e16672b52a558dd44715db4ef8cb072c5b1731026ec3760a75002d88f39d67f6cdcbe6e8a54253a4eee0dfdecabe0dcfcacf30fdce645d011165da0eb3ed73998dbc7abe61df7036d6462deb65924228549c82a1a1aae924977025f8bc7b8e3e8f85e174737c6b6bf647adf060e38906f076895a3de9aa92f4e533a32b198300f71ad6cba0408dbb2e9dbe4fdafdb40881a0b5abfd1618315c7b49591a0e35838d6eed7368f3382da24701c41758f02f895f07f44fff94d73366b66151b8ffbe10dee2a0f208a13ffe3c6f0adbaf662a3068423383036098d2350453172614c849bf3f9b9b3ecd52ead51afec0c8e5979a1ce62d3d183185166777808d9d6cab84abd38fcd04782af7af9a1a2be18ce5af8864c321edd4e0a57fe7fca171ce486ebeb9ae7cf61a6f2c9272229e1aa823bb1d28f87c8c8d6a205704420327eb86bb8d6b277b9cbca6a6eb1d4f9becb4cff39f45f130f59085200fd2ea45c7b2eadbc099c6f2bcffdf4459ced756ade430e5877a2d2db8a11e06235c41c3aa71756e0683d83f55885170a8450fd523abb3dafd6f2f9593c90df76616b1bb617813d733adb1b2171fb86f4ba4ee704460ef8adf7a9334a5e7a4e1b879541826dbb4fd40aa4a4d70b1bc4fb23db86e5dd5066e6f4294030834ac12b6b2a250657c8a0d49a61fc4384cf3c7321dc32846469c024e2f2c9eef2c85c2f8cd711ea7cbfc66c3d709144955974f8c884e57a83a6dcd488476020ba39e6b59fbe5f4db9009695138f422d72ce0b21beb22c5ab74556c1338becd921465e7647991918eec4ec1f9c530ea9fd2b9c0ea7c8b3ce4a69207f903695042bd6be38bf4d3e4a7e5953566556f47bdcad89bfb5dcab54df40d020dc3088969c774e072e2c174bea3b1fccc701f70815d8fffe6012700d17a3b449f04523c9c569ab64bb6f8fc48bc397054bcd00f06caa05325527c44fd8acdaf5ad44e5b9b3cb72894436069fe82f0756c53ee10a010ddeb8fa8da37a22ccc2b879ae734f803a5a2825568d2f15ecd20443ae3d591c4634ad0068c9f046efe2bc3f5a336dd6aa86e108c38d15ecad30aefc1981fd61dceccc4bce4ca0fd7555b6eb72709a92188fe06edda0756664b4bb0e8777ea44aa1dbdb64d7945a05c172ab85bcf8826fff15b66e0349da74be14acafd4fd9be5ff3b01633a597626876ba82702481b25e921386a0a28a88f2b3dda88d06ec96cb41a7da620b4708c951d9a2a775c1b9d705782f8fe3c849663cbbbbb40fea3d9f407529481dc1de15fce25c4ecacfeec7de70328054eeb5735c8b0c67feff843fd86d49a52e4b017b0d9b546ecc69f8beaaf250f9744f6e8668e4920c60b5a7b8011f66b9a0e4e2f6877ef9981a6b2bf160148d16c84a8189ad2af5fda3dbd49734ee7922b8c7da538ca9074cf769f9ebcc96182c1ee18184632d874a7ba5695d9f313fffc7c324e55b38483f63d067afe874618d50aa6c4d49605b80598ba65713b3bbe5b38dd5cd4ba8e44ec80b2515d588d7db43d11e5130a18cb4af445763732337997498f76760c43d84dc32920a7f7087382e225728c4a43b23c4c9eb37475a986c1b263155d74c2508bdc1168d80e15639afc457af5e6568e4c4e89fb508b43a5bdaab0d90376047a89d21309c05981e4250fc96ba3599355ae8c7fb7ad67638f64e9f57d5e2fcc1a17c2ac6326887ba77ff9ca454d172e248da9917826e60df0c4e53803ea735151a930d3cf5bf3f3b8e058b2ff2b34e80e09030441befc036fd13effe45c39d6029c76935700be05e08e7348b7158d866083d6403ff1e11bddc6bf79e6c7a00627d043f70dbd6d377369fbff22c3c1077294964de4668d302050773672f05c30edecfd9b6007f490a4904d96aa7d19f5711a7d44169b2d5e1a1db9ab1010d7ffbb01275fede447be6b4bf614628066cedcf724e0f8ed6bb4ed3d91b97bcdfb026abbe56d27b17a62848e1718ae610d5c39ce2f27b244b472edf7f50206eca06c1387cfbe891106fa46ee981f6feeaf25d87824b71245c2bcbc3e9b3650d74b81969ecab168d9e5d16eb80d7820ba39b79d89e12f607ea42e9b5cf0865f63e741a581a94701d0a9de0c2c497b9bcea62f91504d09c7d6ae877495fd3911ce50f8d4bb08ef8129c22508bebd9534ac0dff56f194ba90ded55957c53f8bf991cbd4732723612bee17f1b321bca7df7411c1cd322bbf771eb4d9d182b72a679ab25a8919465564e5af5e9da4f88fd1459fbc0a2aaa470eaeef86bb300ef2cf750d8ec5e8b91b01dffdaf200936d1f242e84ba77658bc38e1f747bbe77d44691605eac419fe9fdf80338389f7e3568e11d3b30702764bde62ed38bebc6c73ed69f05249b98180840ad232272a08da1610046bb607cc45f5bb448092907d0e957b3287739ca2445f0a4d353f9e630ec39b1afebde23d7e25dd836c92201b23d6947d89437a9a4a086f9307c998a16a7c45ba768df40ba5978d134e9cb6dd237e12d320b8646457ca215893ad845e69dc6b62a6a7613ac09ce98d518af1b33af463792817189df8e019597dd8518f85d910bff0621db89c8811fc07b6985ac09153c5636bfd06fa1b6a126cb92934b7559b82c1648c1d881361e81e30dba3dcec0a1ba25881bd0247cdb4cf152f79c6085dfc6d129b29f80de2fbda75df821c999349101ceb6d657aa5186bb0b6e7a0072a1d787e5a67e2066db053d4012e5646ea41c0a0049ed653d2f291c90b5317f0065e626dc7fd981cb269ed4fe0d619eaed10bf6ddd66ba2a3d79afcc88a4e08ffc490e7f987d9a32cabf3a73d157dedbbe9d84b9a350642fa04007faaa39c984e4f1b65872a14d8ebce181ffbe9aa8561db1cdfe5cb394b69e875a3d34d54c112e37ab99dc1c769c8cde14d148baaf4028ecf8457213a39981bbfb09976ad3f52d1b16b1f848fe768548f5d9c8d7eee8c05165710b64b96d32f00834ff14f68e378257b4b807cdd1c9f28602b7634685a593577c6d7c9fb1d686f0dded70d889fa0a7293ed3b4ee01c270b9454bb7257d331709536fd55e725d4affc32876290aa54164247aae5842f7ee9ee67e04e3aba85a691c4b0cbc8b5cc4df8cc91ff9be6a64cea4a4bad854259aec2d8fe238cfe94234b26e3ff7719618af686b2c85bd339b836c59a9f9b228434974acd0ef695e60d287e385c1b664e48325727e5efaf71a4872fee2fc61dd9fec4661e263275363b6fdaf3265860ee09ab0798b1b95b8968d5caa1a94ffa1e1aebba436bc743b6ab483b217b81eac21db235577d4a5a26aadb82f039811ced4d1b25ba406872b75f904c42506d0a8d118d7b335334a237df597cb0fc4780818cbf1122930862583abc1810d1ef295c9f0b612040b1e74c3bb8b72d19883e2711e29028653c0223218a31e51c68399aff5c23da948216c3938d4dd28567e32d8a4857f218b6560ebf144842c54f969c3813221e35e9bc7bea32af4cc32cb0d4fc289ca97e0ab788ffcea84c937a39116ede3b9e0680896ba6be741ff1e273f4d76979a24c5ca4e355a3a32b1544b38d34eb7eead538130d65688f613ec9cbba224a60ae6ed0316f12a925064102b9aea20a177e0f2c91d7a4026d720fd8c24e3eea8120839ec91bf6463b84cce7c9aaeaa38f9bd26811523643c5d65345402535ee0913333be7dfe04d2be61fd9c123e8f854ef3f245a2810d1329ad10d4f8b8cd028248970e670353b0d11679bcedbbec1955d34c1400ef217d88fad5dcd3d2ee8c51061689ee091adcc5ac69b433931a94c641d935819d41ad32f5ca2b12f74c83412c355d47c359ff2073fb857ec61895c4d815038aec2781b16138f421d9eef7668a4db7d13f857af4efe9ab3a1b1e9"}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1278.648137] print_req_error: I/O error, dev loop3, sector 0 13:27:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5ce3f889aec6f9a5b9441544869300000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000660007e0981dc225c6f204fc2a500240002801400018008000100ac14140008000200ac1e00010c00028005000100000000006a48d8e9c05e38db4e51123ce10c9556b049373f0046429c2b2fa5234c2b272cc14d65fafb3552ed046763626bbe2a622f8590015d2942bc205e7b4b112f4f3954a7a6110b4342f85058f9a0f62ac3093666f2e066fe0055c396fe536c53ab57d99d51ceffe42c1b3cf7947a7f9dbfb82bf92ec80c1921e99812003ea514b1deca960ba2f82f1d07fca8faacfa8d512cda91f8d0d591e38e592a5554ead1195be81fb5f51c179c328aa71b772b45c4e697e2431ff191a36895ae91af9b38ce8d24dc583a24c23de200"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1278.873165] warn_alloc_show_mem: 1 callbacks suppressed [ 1278.873170] Mem-Info: [ 1278.881493] active_anon:842064 inactive_anon:18065 isolated_anon:0 [ 1278.881493] active_file:9507 inactive_file:34049 isolated_file:0 [ 1278.881493] unevictable:0 dirty:213 writeback:0 unstable:0 [ 1278.881493] slab_reclaimable:16293 slab_unreclaimable:194826 [ 1278.881493] mapped:62752 shmem:8998 pagetables:18499 bounce:0 [ 1278.881493] free:490405 free_pcp:216 free_cma:0 13:27:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x6}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x3, 0x2, 0x10000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 1278.935233] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1278.999481] Node 1 active_anon:1259212kB inactive_anon:53480kB active_file:38056kB inactive_file:136216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33948kB dirty:924kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1279.033278] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1279.075709] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1279.080887] Node 0 DMA32 free:28852kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1279.110547] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1279.113260] lowmem_reserve[]: 0 0 0 0 0 [ 1279.139746] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1279.143203] syz-executor.2 cpuset= [ 1279.190920] lowmem_reserve[]: 0 0 0 0 0 [ 1279.219650] / mems_allowed=0-1 [ 1279.221388] Node 1 [ 1279.226395] CPU: 1 PID: 9300 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1279.231694] Normal free:1920940kB min:53696kB low:67120kB high:80544kB active_anon:1259112kB inactive_anon:53480kB active_file:38056kB inactive_file:136216kB unevictable:0kB writepending:924kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17344kB pagetables:42548kB bounce:0kB free_pcp:528kB local_pcp:232kB free_cma:0kB [ 1279.236453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1279.236458] Call Trace: [ 1279.236476] dump_stack+0x1b2/0x281 [ 1279.236490] warn_alloc.cold+0x96/0x1cc [ 1279.236502] ? zone_watermark_ok_safe+0x220/0x220 [ 1279.236521] ? wait_for_completion_io+0x10/0x10 [ 1279.236540] __alloc_pages_nodemask+0x2127/0x2720 [ 1279.236567] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1279.236576] ? perf_trace_lock+0xf7/0x490 [ 1279.236587] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1279.236609] ? do_raw_spin_unlock+0x164/0x220 [ 1279.236623] alloc_pages_current+0x155/0x260 [ 1279.236637] kvm_mmu_create+0xda/0x1d0 [ 1279.236647] kvm_arch_vcpu_init+0x282/0x890 [ 1279.236654] ? alloc_pages_current+0x15d/0x260 [ 1279.236667] kvm_vcpu_init+0x26d/0x360 [ 1279.236680] vmx_create_vcpu+0xef/0x29d0 [ 1279.236699] ? __mutex_unlock_slowpath+0x75/0x770 [ 1279.236708] ? drop_futex_key_refs+0x2e/0xa0 [ 1279.236719] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1279.288650] lowmem_reserve[]: [ 1279.290944] kvm_vm_ioctl+0x4ca/0x13e0 [ 1279.290960] ? kvm_vcpu_release+0xa0/0xa0 [ 1279.295713] 0 [ 1279.300540] ? check_preemption_disabled+0x35/0x240 [ 1279.300556] ? perf_trace_lock+0xf7/0x490 [ 1279.308073] 0 [ 1279.309517] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1279.309532] ? perf_trace_lock_acquire+0x510/0x510 [ 1279.309544] ? kvm_vcpu_release+0xa0/0xa0 [ 1279.316358] 0 [ 1279.318872] do_vfs_ioctl+0x75a/0xff0 [ 1279.318886] ? ioctl_preallocate+0x1a0/0x1a0 [ 1279.318897] ? lock_downgrade+0x740/0x740 [ 1279.323329] 0 [ 1279.327164] ? __fget+0x225/0x360 [ 1279.327174] ? do_vfs_ioctl+0xff0/0xff0 [ 1279.327190] ? security_file_ioctl+0x83/0xb0 [ 1279.327200] SyS_ioctl+0x7f/0xb0 [ 1279.327208] ? do_vfs_ioctl+0xff0/0xff0 [ 1279.327220] do_syscall_64+0x1d5/0x640 [ 1279.327237] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1279.337334] 0 [ 1279.339988] RIP: 0033:0x465f69 [ 1279.339995] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1279.340005] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1279.340013] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1279.348887] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1279.348893] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1279.348898] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1279.498738] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1279.518052] Node 0 DMA32: 1013*4kB (UME) 295*8kB (UME) 690*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28972kB [ 1279.541213] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1279.555935] Node 1 Normal: 98*4kB (UME) 223*8kB (UME) 506*16kB (UM) 168*32kB (UE) 47*64kB (UM) 180*128kB (UME) 289*256kB (UME) 120*512kB (UM) 35*1024kB (UME) 14*2048kB (UM) 410*4096kB (M) = 1920992kB [ 1279.574917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1279.583843] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1279.592804] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1279.603038] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1279.612352] 26672 total pagecache pages [ 1279.617579] 0 pages in swap cache [ 1279.621040] Swap cache stats: add 0, delete 0, find 0/0 [ 1279.635634] Free swap = 0kB [ 1279.638660] Total swap = 0kB [ 1279.641675] 2097051 pages RAM [ 1279.653985] 0 pages HighMem/MovableOnly [ 1279.658157] 363840 pages reserved [ 1279.661604] 0 pages cma reserved 13:27:31 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f00000018c0)=""/246) r3 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r3, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) chown(&(0x7f0000001300)='./file0\x00', 0x0, 0x0) r6 = syz_mount_image$gfs2(&(0x7f0000006dc0)='gfs2\x00', &(0x7f0000006e00)='./bus\x00', 0xdf, 0x2, &(0x7f0000006f40)=[{&(0x7f0000006e40)="a8e547629f843080becfdb43b0b1e76bc01cf7742606ffd2ad939602a85560db439c2df9a174785e07c5c441af8a97c5c7dfdd73adb6511d5a3410bb8b93530532fe275506611546b02160ca8b32d436c5938db99ef2cbff63d188ebc1631ae6b948d6954656b7d321a2cb9b46e4c94ecdd60726201b41daf14d33bceb89902c59460ca9c1c82c4299b6f32cb4309422c228b6", 0x93, 0x1f}, {&(0x7f0000006f00)="d77e19b3bb34f55347808f5dfe9306eba2be7edd77660d49989894338db6", 0x1e, 0x4948}], 0x801000, &(0x7f0000006f80)={[{@quota_off='quota=off'}, {@lockproto_dlm='lockproto=dlm'}, {@quota_on='quota=on'}], [{@pcr={'pcr', 0x3d, 0x8}}, {@fowner_eq={'fowner', 0x3d, 0xee00}}, {@fowner_gt={'fowner>'}}, {@smackfshat={'smackfshat', 0x3d, '^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'}}, {@appraise='appraise'}, {@seclabel='seclabel'}]}) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000001300)='./file0\x00', r7, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007600)=[{&(0x7f0000000140)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f00000005c0)=[{&(0x7f00000001c0)="8e8ac713e31c32b7ad28ec0b0fa25b21ae2e9ed45f7ee744da886d31c96bc5658738cb479832b802e093fc9937ea8c7bd33a7218a8f0c50ebc30bd9246e806d20c43ffbd941dd7b791781990b7e1a1bf20ccb7bae0a605b4735f147b715d32671ca77d01302dde3888a0e47c34ba7784ffd7dfd2dabaaba509e4", 0x7a}, {&(0x7f0000000280)="8bc016aecad636044ec4cfbbfc58ec2ae2aad1b8181e601350a00fc2b73b66b7c2b16f50cf554f75d0afe7736406b14c5c34a63c4cdf123b287035dc374c52ae82b27aca21598e86a4b5cbb594d4", 0x4e}, {&(0x7f0000000000)="aa8002d4ff4ca387e9cb4df8f8ac29ec848b5576081d6df3b2b3", 0x1a}, {&(0x7f0000000300)="996f7b61420a3539d8b4be6ec71990f071d645a26d978bd856b57d96175501e3018618c9039d24a09e2e5f86600626ede318348814d24c0abfc137d4323fd77ca8f2d5c34c6505828934bfc112da382baa", 0x51}, {&(0x7f0000000400)="239a3adfaa0b3b1ec518bcd153127bdab20d779666d8ba2649d16aab8dd0656870492b2ea38f653f345096d1dd415e300b13d0dbc69492ba4553b4504e1d984bf89c872969c15791bc270f602e180abdeeeeb9da46d5f791e6f6e76fc2c2a19e2b1b680d2c3946fe527515fcdc8357d3cf120e23d23df953a6a5eaabcd8c430c3f3637a04e733f70e9f20988ef5cd93109f935aff4f0cb3370282db9b91de2c70e004f3f61345d6050bf8cd98be9b0706aae5cd07aa0bc4bfcebe216beaba3caed4af0fc75dd871a0020d2acc2fbff78a0472b83efd1e6c730d2395797fdbd534a1676fd7dbdef5c8422196539355b9260208b2fdae3d52e", 0xf8}, {&(0x7f0000000500)="03d43cbacd766992f0fea6921c052d7c39c2ea7a6f657a24a801e27e9915d05984997f6bf5693cd48a7a830b72d372bd75bb302c87169ee8ff8d2177a91abcbdc89a4906c4b744df1874f94d959ad8504d8739a9131f320fa0d25a87654dece5a2a7161fdcca31ed776e64adaf225e0f7727a36460bef7d223edd33efa72b289916d3ab5bfef77900f53001b31db468a66e08703c70b16150a", 0x99}], 0x6, &(0x7f0000000380)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r4, 0xffffffffffffffff]}}], 0x40, 0x20008040}, {&(0x7f0000000640)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000000980)=[{&(0x7f00000006c0)="7e312ce9c39c2230d26c563ffd97534fff1fbe615901c1974dfac08e502d131244ba39575fa68659b03e7adfd9482899a2fc9a577994c4f8b28ca787771845d40c062d8c6e3b273cbc57d30dc5518debf6f215d77a98b9590c0eba5348cf04eafc2f02b78b726d17432ff0db2769fd7576dcf8c8e25f8e63a48439fdbd2fdfae78f2aab697d7be8c51dd2278fc058eecc27b9b066e65431076f61bf56cdf15d1d6b0145bd875b629ecdfc161a9e279fc3540435f33c89d4616b869aebd980d35774a3f9bd934fd697a72bd175c2b185c443994019bad8e7ab4f2fb942da017c2cccecf1ed902287ed110acca835e02ca3aecd470", 0xf4}, {&(0x7f00000007c0)="991a721d42ada71c3354bbc4b398ebf601883d9ca93b409cb891be7ec667c76aeff736f18fc848a21205c0df641dd2fe63430bbef640a3dad7cf70e052f5e097ca34", 0x42}, {&(0x7f0000000840)="f08ef6c0c64263f37bd3e1e5744d18489e93fd8d0d938bec2b6200b99b99ce7835250d7687cae43085442e70035b", 0x2e}, {&(0x7f0000000880)="33beb8324c33ad4ba4fcc11229fc94b5c86b8a360c2f7756e56be9d2305e49da0f94f9db8ca0bb68e75a44e84b153be5b0b7", 0x32}, {&(0x7f00000008c0)="ec2b67709c18acd4e23dab9f52b753f976d5da762858fa0feded1b31bb282f2a2d5727120cd59a277676349649081576fa021f2863699e6a5a4f5890d42a501001e7f519559cfaa567b72757e14e77c3ec1316a421a0aeaea4459f626f77842045d787", 0x63}, {&(0x7f0000000940)="20429a5ce42079626726", 0xa}], 0x6, 0x0, 0x0, 0x20000000}, {&(0x7f0000000a00)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000c40)=[{&(0x7f0000000a80)="874826c5084065e79421677854cd3dd35549d30d3cde89ef81240679ba77b7d88b74a43b57de2003f357c5a682230c15d04a4d88887bbf3a7c4f894e93d225f2d9cb1089740d95452c3d3147dc7b6ac3e9c26e454503736ca49354d2fdacff8c", 0x60}, {&(0x7f00000019c0)="dd620e86d063a80b1bdd1e767ab8d6611fe4a1ff08180ef78f23179bbb59da8c729caea0173a66c421c9a82666272b0cb08a4fe656b10247478d6c88eaea145618a7320427f310b7b576b15ad32434a51444c2fbc02d91d9ddb4b446c1e25755e67c97a5eb176f4c382acb93159bd3963d28b8fe8b1fc488cdcd0e7f70104d27185ea5b7c77f78a0256051c389f157f4f255f1ada6c28adbfbd7ed0672ef71ab2ea6fabde4de9d71c1359e1064f4b4e83e88d40e34056d238ff625dde99dd9a7d6d776ca5e60e00a4813d4e9d51b391cc06fac99e5b78c42bca80a61a9bf0c8ae94119393e00e417f33d8b091681a113b39b79cd75a94a1030ab1f8629b92966491d147354be9974eb9c32cdb5bbf964d39d2850eac4df7cec01526b8fc2566a5eacf1358bf54371f749bfb169348fff9ae823798448c0aaf291cd0398a8595ecb68bc9c1a04fca74409a095847fa0ddc2a3dd3e349e4af5229f48e1b81cfe433a0e204e9b7b957834219cff5bfcc7070c947ffa91177fe0e850d6a075534673e9f57cb17561f93bb126c81d6c5e2b7fe2418ed0e51fa78bacfbfa7839ff25ee3dfb6a67a7a9e1b23e64765761c147018058f60abecbd3b7c65e2f44771b1c0cca8cff98fb481c12452fa5d4812e3d3c174d5b961036e8fa45533317833100599522d6d24a8cb5fab6505ce27629d556406e91f73c01339e0111a6eb905fa7671bf30160619610c264fee8f2dc728d36a227a704f479c5132e62540b592a6035bbb2be2c43418985fe100e673cd90fdff2d96c2cb2db7e9204ca6eb18a34441874a77e68a5c27a07866dfb90ed5a179fa3cedc2840ae58cfa5f0082d9e5a5c7d3fd02aaea2ddaa65d34015c2998e7e1e27dc0e2867a972249c4bbd585836893aa3bb349735f8dba0aa90773cc7a05ff6fe39dcd36278a841c81dafb30881b443271546b6c3f5d65d015e56cd9c6ea5393200f62b953882be67f2aa373ab8162d7e18fee2222e170ce192f145df4bb25935828b8ab7c0d1e9df53af15e4cf55569bbd05231689d60d5a9717bc08da26f2ae86cf7d95d567b0d2a356ced1e7d503fd3a2b75d5da72f4d49f210bdf4547e6eff0023666cfbaa0b88adbd190b519640e19f20564d5830e27034b2a26924620a4684ca4e3d084452e0971b7274864f9210c13aa2c96f271d08fd385322b48f8b4ed75f412efd2abb2a6f4254916c160bcb84231e7da22446bd7bebee898bf2f1b672115728159966725aba485f0f8ddca1911991dab1a696d5bfd278de8362323c734b8e0f6a2ce3277940fe420fe2b5fbbd5f6d75e1fed4a68b33432a95f77e704547a550deaf8fc4a400eea9bb1e047524e91a62ab1b6e004f2063302c023c1fd1390faa10f005cb732679826bf9c4fb13301ebb0fb820fa8711c730f4f3898298dea42be148309541051bc2ec864ee19ee77267687a51449fbb79018e9565bf345ea40a991395203e49927fc521273ee88fd7e82e1ffd05d5e5dffcef131b169af023c4ccfc9625a1acf5c26ecdc437a3b963098ca3a958aebe7e1fc9ea467b2034fab6035f383767b64e4da9264ebb54ed68a23b137a99b99d097d64d638864bc36aaacee51a6c0e217e849cd7be2da946557fb0758a7758de87e94d0ebb73645c4749b3d1f33dc0c875cd200aacba130d97b5afe293b2d08816afbbfa2f93ce316a5302dc4dd5295528f8e279e4812b2f658ff73bd39120cda9d69b9d9bc557bb63b194f4e029e5c4b3cbd3d63def6954988d641b990d3f4f908f81cbdd52b85967994f1c3a0bf5b7a9e2853764ddedf51df181b15e15f22adbf6167fb64e54483afa835ef98be803670a746686e59d6671958b573cb4449c3e5da568794fe783fbd506bc1537f73432d55248ceeb68dc68b125a2a61791723a982199a6313f7d06c97489ddeec59bdcfb7ff9bdf9327d9291e550993a4825ba92cc08154eeecb4a645c36ac1856c2a86b13a5b7c7a6a200b2ebb1554f2ea09aa2f6971e32e7e7735dc413562192db430e28ef1f8cae1725a670d0daf07613fb3a4cab497409542c84e06b1d0305351982b5c7c5a3b6dcbf0c774999c9c117eea4ebe420669272478b196dbe3e5b792cb964684f3ceef98615683bda9ffc5ea3372e0602b13ae753f2ba4733125e3d91a07237c78ab215cf598813b2c54f38d23fd9f3b7ba159345fc9111760226e0d487141af4eb376ebae615f16f38ac5b43830cb076682e9d1082858122afdabe1e9a476a539c8ff64f0b8d27b69c59be6527c8dbcb67ca0cf859f95637f71cad35172e608b4518a1d47f33d5ce6d9a4ead5b90d5b8f247d6883bb58a70d783ea957fb3e3370dceb6a36874593c820e26cf878e2ecc52c7ca66ddbf71d706fc14630960badeb1ec5ae0f0016d6c04d010fb1cf86f6a3fb198cd2905b91842a6b46194608b569e61720667a85af4c6901ea28e58ee4e016721778df181b597fb4f9c7b7c9a11d9acf7f207f0a3d5170cd35279b82fdbb389264349e76b699b68721bc331dac025bec2acf3d55e0a139a64dd5d9a91db85cc1c78d235d5f8ec2a6821c4a9ce74d2d98b133d2874b2a6dfc0c76014afe05c969b204fdb061b450d602727594a9fdfbcb72a74ae2e9e51ff7b3da06624cd0be5e79f9e27c733bc4403a0fa5f3da9b95cd80e8a0b577c2a21e8a35b96e4aedf9d53ac67ce3d51b671014911b227cb5668b97c1392e23ec563b2383ae82d332e91ca9bba24999133b630fc11c05d1a352f307b8c706589687926bc849316ec0e3ee3146589df5c31a0bd0c6b16b6589cbd543ab2899ef3506851472d9c85da3559abd662ae44735b893879b63410b5e4a377e4633f46d0e44895e283128accf9c11045b61b46c567e25fe17b58c7ac79cabedcc42ac25bdfbf53bc586e7b4ed989db578d6ee2510f48b3e79315604592528b28e02bcfafc9f4190d1db8da25175521063caae6b30e1ffc7a2bc863dccf562ca0888ba5961793a097453d6bfbcac700a9d4cbe130ec9f811bafd83dbf8f21b53127b1ea9c72e526337aee06e7cf4ca2c4afab8159931b067fb7768bcfd64e4849c2592d660e01c48455c2388fe9f3794bf194b5821973825c8fa54bc9b324d0d628d1eb25eaf22b68c4ed9bb4e442278a74e2b86ca615be3deaf52e5c04a00352583b484cf6704e08ad30cfb8a073459fe03cfa76774afdd10b00d38398fc0d145abbdad6817258b007e500637dbf1a5593d5064dccf8ab9f534de14cb954a2105723875ba578dd6cd9eac3076e1297e7d27d3305028410f81ce3c519b04b9042ffe863b8e11dfb3240715361acb3da091a71e167ab09909479a7cab3d20f4728f6d07ffdbfd17266325b941765f5997697e3e5410e99af63d91ffd81aa9d74048f22c604cb516cdeb641b3b38b9b9a87670dbac6c6db16faed3962e9b14a6feffd145e282963d266946756e866716e9814c86472636e28ebed9062183c911dedea1033177184b122c2a47257afaab47efdf0159779fe9315c7f2974511cc40b185dc5ee28e8eb919c4cf93fdf9685c6b20859d0ebdf7c96fcac4fc261159ef5922c27bcfda297338c9384402156397b748e44d1e8cb27e6a80550f4592ae3a96d6096e6ec6f3b530326a39ff7b9c6907aa267fb8fc5285387380436fc4c24d4a617160936d63db4e94a2be0a736c11f2e1446bbf422997a1765127481524983d485142c5a030ec23a70474c474f254fd444d95e7d00fb2fdcef9f81dd214c25da15a4fc500624607d2446ec70b85e501636173d55d7f48fff41687461606c48ab336ad74caefe824b3c76e7a3ee240ac8ad3c75c4825ee0e3ef844163e9321f713ca6e8c0614057e19599c3cef4d3ae2a9db512fa702a0610af063f17954ebdc20d89c888ca0220df3deda6691c490e05d0735f1fd850e7080509f7a3c41a21eb45dfbab10828c1f220354d6198aa5e0fde85485336c85f2ee04f1f726f649b099340a3800a82b33581c19e397ca38af898e6604848521902550c63eaf8efec142f27366293a5b32794338e3d30a522d876be7d7de6b44e65f6826570680806cbecc2aed219ae99f9686c4a4f72f8a3c124eaf1fce5bc04f6198512e192712ac10cb994b60bd7c9cd8820156206a0ca4dae46f5259115a62fb976e2f129bc8e4e9c71a64f348b1897147883409f01fdefc94ae487e5b7451cc7e7b3089760b477d0ad1873dba8c1059d31faa0bd819b9eb091b6d15b577de9e06db46da6341ba157fd01c8113e156a2ceb3ef9d13ec52d9ebaf5363939b1f4766b89ba101a49e04ab3f6f55cffb92e7d738f5ebaad9c6d728c05f19396e79bf942b816737789001210fd619e49f58a7605c91a1eb6547b0aedb842693cde325ff613bbfd87bbe8bd860f4934d9ef65fc94ebfa6fbfa1f56dff1315de29a260765695a4dc26384fff32bc20151a40e1e937a4bca9e47c9410bdaa7afa00579f495cc575321c6503570bd6603738bf2a9ab87dcca822ebcd28084959df5f5e02d2be1d6187db46e263b77dcb6346fef05a9a1d18b249eaa3945765c8e9afa37eaa89f9d58a22d58304f6a4e896a7f2b664142e022de735f9512e2a196f0a84b1a41e0e1cede25bb143ade1bdf6bcd5a230cdde6ccbf64b52b99552d9bca13d57d2a04d9f661ae9f8987506a434bb84ee6a5e0f77df1ae2f71dc07778543ce3a9b2bfd77990da1fd8135b4d6631eb777c34bd10adea21a226b5250a6d8ba55aa590b61d5e68dc796104d37582458a1c1c2005602f040c8c8c5c1da5e89a1ce1f56ff338b01590aae7d428b01b3ea01cc295c4b72e4e3b3616d44885f2e97449203008a9142045ee10d5b33db5fcad35d860e8954118bd14fdeab8531eb2503b1437fda375bc95371af45f6adcff9286f33660fc4e07a9b3bca0e1356380b1abf573bf0a8620b914d765432a7f7782a80beaf4d96ccd2de4f96df5f28aa49a9e0b3b77f6c07358a841b2e5e536f039d80dd2ba8115bcb72f09f838d273d29ceb8f1812be08295a45e8c45fe48765d53952cf56e1eca0640ab3437dfcec5b7ad84cd51e66a6d89391b2a435345321154180daad5f94fa2c78d06aca2ca8beafd458e9e82ab6e105c3fa24b7ed1caba10f8690cfb0ee9d2d0a171cfa09aebcf77f9287a9c070494dedd73f521301e7534a5f69ff52f35db1fe1d73da1944b1253b16044dda2aa6d83b4926d1a9243bdeffbf25fa22c8cb74c1f8fd8df6a7f2dbe095cf73a393c8d3a6d184f90288f8a2b637a923f812345e8aa51907754906a1f3fc49cb05d9743ff8b3ee5d014a7ec092942c187bb46a9d4e249410bd257fce22f268af6a0b8833313c05445529c264c538c4b8439fe35e25d14afc3ec4954f3baacbef1c08f1039993c1750436b9d18d4529362b715114fdda402928cd360853e3dbc92b6b0f75e70ea9e86593944d303d610420948d0d8ce3e1cf4fa45da5c7e69fe9ca4d7656debc7d4b87226594510526c755f6ad2d577c8f7690a9bee8f8e227dd6e16098626a28d239e3d6a40e5eaf09620a08a2c440b98b7ca673ecbfdfc1e4078e3cd7d8a1178c0404a2f29a170d315fbc54c48fef16e313e35c99583907542598ba444d6c5cc72103c320ef7009b2fa3a7a0556002ef29e29ca4d998252be2d30da3df455ecdca22b3ea236488c101f95414aa56cdfb744feabfc7e0c39dd62c9cf958ae23d8d2c6b9d2b4a783dafdf182c99c301cf45963087afe79fd36672e00341b791a30b5d93d571b42710bc83d24b2a4bf3a74f7d984e765c7000533bd", 0x1000}, {&(0x7f00000029c0)="eb631d6aa89f50de133dd8b435f999f36f55049b720a2e33596cb458c594ec364f3fc9c6053fdd36b399a120fe8605a65fd7f550be5abf50236a17e5d07e50f2151cdc73fdf57ff73ac73808c90f7a133969208a0ffab7428dbb08573df9331cdfe841cc0aeb7d7f4bd7aa7ed47310464ef4dca569fff904818a59feccddca104322a85b4eead6d91c135f2531f6b8ae5cf2c0d521cc33b2a07fa95b9fecf58e2ca054022bcaf0ee3801247dd531bea1fdb838e60ed4d8253969d69b2c9f2c50f37d9ea5998bc9bf8605bdc09ef711ba51abb1cf7ab895b34a76f77d91ba566f6eb416f6e15bab303522202e7a625ebfc09222a5fedfdf4a188c3c11a1b163ab58ae98764257447afaf41881e827ea798b7f73da8f286d73d07ced42c0bd2dcb2f749a59c5356ef36c1d25f8f7a9f21207993b078b9a8f18e07f88bd28ef8a9f3a214cfa86782c4c964ca0435722924ecc5545044133fed2da16906474d8856222e351851da447e880efc028eccb06c000c0b8907167914466eac174cb4bc9ef02cc3f63c8cf944b09a852aef4790a228cd29938050cd2cfbb43f1ce3c3a7cdf51ea165f138b0d199c9115cafb2a193999c5571f696995edeb57419d61a2af49b3767979313efd79960d7fd16179e82b4262afddda63214c4ffc48174c423ce7801d1ec20bacc68cb3e5a69a25320fb6725ddef892853543566004f43c1d42a31d8e5c4459e90344d3d98d3665b65cba785323e761011f253d98cb451de180989d6352399462dd15f6ab79dfc5895a5de724cdfe623f33e7f0a28553f82cc56c2d384e1445e2b6d189ec47c5e1da9449daae18257e6eddf44d9c805e8f82887eb1e9c0eea492121110b3cbc65e0dccf5b8267ec48f4bd7a054344786bcd9015600c987bdd04e9e45dd070abffbd0f229c6f71cfebe871fb7b5218d232d456b203e6946972e85030d97f34cbbdeb64db64871742559cbce9bd4a4e953c32f47f822da91610be6e9e0c595d5161071e8fd3d8f1ce2792b427f04ef0b4bae2b892c4deabefdc7b13c3d60af21790d04f199da41f33f8e3f5f670b5d4045871ac03c56c75f0ac283746e447bdeda25fabe3f5b56746b19310e3dada975bad69207503716f9bd732ac0a52bfb58693c2e9cd1444f33ccf12915278bed280b991bf9c912fd1aaf590d70680a11d1ffb656eb85fe4fde4df4252dcf5ec6fde9774585ecf872255a7dc3e8d7e8661d688579fb13fe25c350171105e38dfdf68b838bd8fb6a528044f9fe3f43be792c3e2fafec09f03cd112585f677ec466c533af85702c4a12f1a376ebd4b6035664e445c0943775846d88cb2c57de242758c0936318709a9af791caa1b34e8a95ccd61ecaf047b8da6a03c99d2b4fcb860aa162d961ebca7df3e4b10d764c27579d00c4b94e16fee723c40a9a81f880527e5db48ae44283f0a106cb9c58fbf821273c70a0535901aee7c973577060c586183f7cd54372b6d5cfa6a916aba44a2c7bd633bebd49b3e7f3d420947710a17312a4ac78161def62113e79b7b5c90c31884e3da9d26b27f0f5ad358f51c7c90f050d1cf8fa09135b943737f86901a9ebfc63a0d400fd401c59865c9ce9266fb3ab3b4a06129877505e57b2f426fc8e07ddbb15dee8bf1f3850e2842ce630e644cd256af41b19413f5117f50f31f06b0b2ca70d44cf4adb6338701153df215384b4f466ce3e46213673111add3e6792efedb6cd6059d196195e86dda1420883d11b89b01f20f11040983b5167e20957d5460572540327e2e67bb26cd1c42b6eb57aca4530d98d7f457e52490ea818eccc0d5c1402412db4f716fad19a372d9fe274eb6cb7987634930ff2af5d3836f69b9d28b165d28102d2b749d1ec95b09356782a02bdea0b3471e5ba865dd2d8bfc3ed20a99e11f15ee2a2a07dd81ec1264d770f68fde6293386fab830a9fd9642a7ea2b08db38565f88c7ad69453517ab1ea5d2f5a82537143ad9cdb01d411422c81de76ae6d756e8aa1c5081c81bb2eab71377d60ea7fbbd3ae7aaf0f495f041b743837c567a1a681f8d463c23de8fb669f5a3ec9331c7bc00bdb534fa2bc78771ec3a6e62e13c6be5868a2320c1cc65887a7141a65bc323165d57841ce50081b00f4b399c29112de152f19ab8e6a66f1c09f68be2814e3ad38af19d4188c882d399bf8ad9684e12edcd497ea0edcc3f448da1c02d72dbc7ab89e09b85e9c1c36cb893b65cfe51519f96d990dbad03bc003cff0212509dfef5b769564738bd0731563de351d4e9f25735ef540755532a3e21a2aa8ee094e100e96e3cd6d317e34e8ae8afbc57e7d71a506e10a10ac31d5ae766004c4def2b2f2e70c414ea804426f5d991b3f2d81f070ef962282de388356dc9608104c7b8f9e99607379228e472055020a97aceecb3e81c3941bb5e0047c5607c765f8e76fc56c43ea624877bb3cc9678ed9171e316861a521d209a7b32ad364080fb598cc93d397e4a1c50d442438f502a667bfb74f9e1846b4ccb454fd57a4055b56a507ff84800cca951b29bc3173a5a2c5cb172449c457c62db4c36c7008dc91f898585ffe727bd087fbb2dfa5b0119fe08f426326682de8d6c92def669b3d64d0e91e9dae84073e404d90306ae54053a33837aa8243b1b73a77282fc9c6dbcde542e70a97efdfd1f4220379a35a4ecbb958bf8faba08730473fa583af69f48328b7be60d00cc49d8005eba8298ccd3cd4fc1e378ff5c5ac57ed6bc50f8967cbe264904c294573400eda775551767717263a95b99676e26f9b9765c816e4d07d2ad55e76b19c637d7fd06ea72ce3bb5cdbe163daac00a74bdcfa62185c23e9d25a5abbde3373793314263981a171d18d6e304a919be029afd0608e7b91a9ef82523b6e31ee9d5195b8e8388d252d1bb6f1e89ddc5356bdf5c60bba83fb0aa6b22e85c6f2878967044ea4c397135636f058b6f0b102208e88a6e07369f3b015ddc211f517eb68368de0f1ca22a2f05dce77bf0e4da75a0271a5420e3f99190d55374060e6c4565c3e3f57a0c428676d60bf041fcba281feac95f86add95b6217c7834014d9963ff134c7e0b3ebf0529d9a832a11c09ddb794c95019aba84ab1d70cc45784cce479517cdb02df933496a65b07d7ff3179bad872a2bc81700a54806546392c9d53e423edc080044312aa5efa9c8a6557cbbd0faf457ed51731a89a4f8ed45ae6ed4f4f401f59cfa1775307544adbab7455f6577b977d0627a9921df8fdcee3f21f594c2e1780d38dac319c711d79eff582a91785cd549e94fc93049e61be0a104db9066d713873eb79d3cdd06fee3897a95b70bc01cf970b1b55ec99255ac458f6d24395eb04ac6f06568d8d89518320222cf33245ef21d6a84bb4638fbe92ddb414a79ccefe4fa33ecbc3105e74baab1c2c89f302c420dd04f955f907640e4e1e5286a858d8108da74601fbba9727b5c74cd5dc6a6d61c9fc7a0ac2c6d04fa0111bf7d269807490e8ae650f446ed9c88eaba3c8a4facc967ef28be942127fef114baefa762c6fdbcec60de924d5d4dd14942b6383442f6e37a5c306a90d5a621c593d159afda861e47e8d965dc66450bc89a73cbbe469491933356be48704e0e7a5f521e2fcde8caeb0b8588ea7655ae48ee4d393efa7b85e195c71df842b7c68f018f7e474817250496ef6023c5a0ab79995f0df9994a7c54c2e288c3e21ac10ec7f96f5936118ec98c41ce3b6e6a47296a2a41466a6465e88b8c8ebbb401081c7d5eb7ac3045ee25f4dad015c01e98ba9daa34752f94a59e0ea58e7410c3412206b2ec6a9d7770405521cf9b8763ecca709671bb2dbd0a3751823f0d2829fec453dc7a69d006217baf1c9d1048799a282b149e099199d9e4de5b5702b233024cceb0b79792333f3dfa180090db501ddcdd1a76553b2160d3b4e41ea726f48dc37d0a96eb2033498114e05a7c5073829b1228d2f4695f323bb8b51ede29348ca0df6723f9b779defcf9e4d43e3c87e9bc01897ee647cd8d13f15fe81bb44c93f086cb5539822ca52ad03e8fc34ebf73978af6e76c99bc32aea88fdda5d23375a06e9a55aaf4b0bfadca068f437a27792686817140bbb1aab0a81b1ebc7b9060dbec4ca34e7e45287eaf9c632dbb0c2c9a95da330096800e1f6fdaf5b1b7c5f9292075bebbb3e632e17c14a472fe8b59f82ec7cfe6db4e2dcf0ae7767be016d01003ce46bc821d2272102a1858402b4bcef8773a6d863b8addc2e717863e23bbe4a1f8038204c5859616e343a2ad64f5caebfedcf9a46283d59d8b8f4174bd35454663a7f75d1595c0f3708d912283695a2144b06c07bffaea2e414e5f765184421838c0da3d78e9188cacfb0c7bb11e47dd6ab7cfc31e6906bb8d05fc3c2e9ca4aba9ec44e403baeef183ac46688695d6a6bf00983066a7025b3bcf656a70840669e3a5c1f2b7031a880e6b43ebddfc10143a599b3e8544f203894f009189a1d979a5b03e28869cb6353106951129d94f29268a9dca0426bd45cd95a6e5819b2e2914227c17bb84a40fcffeba52633f93882e6e5705303bf5c304d7868cbf9921f19d2006f86918ba11d823e5e628403b3b4414b121e706aeff9fe5cc594948c92caf246bb274617fb793fdd8a4d6dd588fd56d3317a964933ca5575365ee87fc7cd869797115a2d8f66c2616a46087a5dbb81ed4b4684de743327db5bb2147bd369bad8072293ba906cb5296d8117ab056b6425274165cc873e3afae407dfdecf794014902025c641fbb1de14c590b7abf22fe276544d66fd2102ad33bf64913e03dab20cb7ae8bce3b5b720d9ec0b962e3bd70f2024f3bbcfa6ec9478777edb77373310151d813dd7d8c78c877b45a363f78cf80cb6998e161d4dbae1a51a601a7f5f0dca702ff7fcd590e365581925241080bb394a6a2d33ec75d1eec704ad2eded86208c5dd05fc534752ae06e620a263dedbb7a21ac1d52f949e7546042d88de9393f64965b64b62cca0d886e3dda460afbaebc094d05aac44b59d9e00fece4d912019498ae0a8e01755debfe6b5c34bbe44c89ee4acc06de7072d75718b742274a1f2d7db5e115b8abee107ef3f35710934bcfd07fd911d5190b993f61ba859394717faad72abb7865c123547e9ebd38da5ac86d8f9efaefc929e829f52dd66195c3dfb05cadf60a24d56a4506a5790a9b3e0c66416fd31152d715e2e24cfef1614870a3d7f68cbb3674597be5b462f07f62f7f233ccadcd403ba2420f14d4f3c70fbc7a58a12c364b640777bc11f1a18907471738a32cb3afa54e95e8209cad273723c64f23b9e3060aeead718e7877a17e84cb8e18f4b53d9db4fe05fc553a2066254594ff3dcc5a6c74f962e53137c5e971d06ab83e009b12274b40df1c6ddc7767065a3a059679618dc31882c3da59750553f4ee58066a41578e0d853e351b6aee058f585e352ce2f6db1accf89d49588f885dafdf727e40729d11bee59ddbba91d7dbe908ff5f66797ec85f1158c50f07b8ee917020aec4b9932c3c1554dfebb4e5ecf6516c5a1f326287b0afc3bcec58be248fc5d165d6e9e61870605111cdd1b706ae24fc8ed3eec0e84db12418b2be3d2b1631879f3e54284b5f047780af98be443f8e8be205dc59edf134c77a2b5d236789b3d969fac898a5bfeca3be40a5c2d5640e9ec13e75f808dbee0d9f39766f834992832a9d82dc64f501a9890346a8a8fb956d7db5420f34357514bafbdfbe26f6d4096a74ce2afb0adb32046cec614038014c46e0a3c9ad91e72811611e09d9890152a", 0x1000}, {&(0x7f00000039c0)="8a5f6705a0ae5d2e5b3ba12dd214abfb99823c31bf0859c8a22e251a81c814349a398a631ccadeedaed13cca98006beb06767c9e14c97b3dedd76bd54493946795bbd38336a69a7b5b36ca2e58e9ab324ff60f7f9a159d9ffb1e3c4d1ef21664b19c9e7f9d2da5a0e9f4a3871bf7655ddd96f90f39cd19e419028834df82813408b6de14595885d9567e68e9748c292c2c70897eed2590d285d3f2f47b5da2fc177b452da9b49dba9c16d93d8aed44fdf4e1eca87d1baa6f732a8855175e7115834f7cd5f560fed5e661004c90784097890c7e5710c70f58a7546c8e5992ff7412409293c247776386f532d1f6d61ec7a3cfcbc64394b7415047cfbb0f185868bea3a3f0e5f45376d2d837c176d840363571e6e11c88fb150fea87f506ae648b5a5ed6de38225cb218950aeac04917ab62ee4c06c1b3e8e59832b1467cba751ff9f83c59668b39e1e18e30d36c5d70c6f0c2f8781b87fcd9c940b631d36e628b0aa2da603648f6f69480028e1b4e60c7108126721425252b7ae6ebcb6c23203779ccf0d6cae3ea96a3aa917d2a46196dbaf9cc6a6449d413c36d8173d6c0265bf0edc5d67ca873efa1eaeab7956e83ca78227780fb6e3f80029973ef9bf98ba684fae7fdc45a371bda56795143564a80995e61bd602044d1864979793f75bbc44d7954f7610a53f49b9f3d2aafb6589d54258d09357719addb2132c971a360a823a19a07aa4ef1e5989131bbcff677d8f57c837de37d5b4baa6c006a6a4f050786858b7e7251f385a5c9405fd05bce58ceb2b0218df61d3f2285d5a1910d2cc65c0fa16d4c8f7afde9194675b586f60ff9176abe6f776bd77a71a45a29cb7afa2557c7982678b557146b6e89467e69fb0e46d49a698f119825ba9a83563082fb009ae4423df313d4fcb7b083ccd70e27adf56b05a04620d86e0e7fd511bfadaf288d7d0311ffc430498d9cd95d81f27551ff6d5feb1a486f0dde3808aaacd2356716a115aea10e2975a6218ee70057693d7d0a21cbde3f501d628a58d3c48b52377773ba16e5fa9a4fef33ee0668a2e735d6f7411cf2dcd8c78e94b88752b37019995236bed331b6c4b45ebdb6b5a0558a0f4a172355bd650f21e64819400bfb28725178dee25241adaab890e3abe78e1405dd9c4682a99ad911579af1cfd0e099614672690559a4345457cc78b0d5cf9627d6e50204d1cb44b8d4558e0defb5b29d084fb3c2ed3eafb1321a336a02af6b0c39e321218ec5429b607437aa09c45ae5250dbcc642292e2fa45bcd6edbe4e94da0a6f625d9ac06aefd2c3e42f7081fe94fd190d92801669ee1ec3281859d712106988a0ed88e7100be6f47c00dfd182b60a3a8e210ddf0106c54560a73e2b78d89b63ad3cd890f60728db20837d0362d54d404b575e2faaee0b49eed32454c03e2d804ebf9bd08d0630aae2cc492d4faac74ea90e17ec3b2452a260b1d2c92911a4ea5fe54344f37a4fab6425b254f720d0e725a7098bb8973299f63c1a55a8930b29922b3d98b2624f8069e70340868fd3ea79a764539173c0651496d2406266a7ce982b234c5671ec970d859f871302f8033f3e96a5c7573a34b06e6e431361aeccd0e0e98aab01c9c6a39718835f78bab3415a6338e83fa30cf0603d8760a07b303d90664af03d03669f93537f48bbaed357122c2c54c24b2b33551f01f8aa8be49fcb0a2730af90bb8ac7babf538ba2d114065edf9df8904eeb1bc1c43edc6ca33ba7b35978b93c384d906747c9cd0c6aa4da8ca40c0e43f65c12fe5c6a133f41b258ee3f17a83f1744c9d5bd3c907f4d7c91c434aa4aac08ca1a21692425a988e3200ef5cfcbaf0d6f841844234a6c8f0b327c9db71c68bfa0dac98a25993d8ecb2aa8dfa45e247ee2ab6f81ccd44469893bc02c9bf142b61a886a50affaa193183733ed3cecfc45905b987bd595d294f1a3976e92424d47e102de408bb4852d6f158f98c43be8de457020e5783aff8ce204fbb436341004751c7858e1294d22edeaf8044e61eec009fe79c39bd7c70b85c7e3ab806d048e73ec9cb5fca70bdf2073c667a9aa2b2c0a2ea048d27da5b81373b6054a5252c75ba5ce7b82e1cdc4ea005a8895954c0aff875160169fa829175e3a9653ce7613160bdefc21d42c7ec83faae783eed23815cc94ece1573c4ce4326f581d366b673f9e90e7cd9629102b0578d430814f280999ebb42f3e5037b9f0ff1ffc95011fb4adbf812cbebe19cbd3c37294dfe789332dee2c6f72e978d6194a43bdbfa8134207002fcffa548329150c5d32cc9c358253b5b9fb77494aa120137f019f8f6cf76314c18d8a80228a44f88ae8e1edb17da357d5615c9bbac46891483ff6d5df0a5fc5c988735491a81f9dae1685b489eb785d0ee8b513b6ca424e99880ed6f356ec4edc3a43966f26b9143a2d6d0402140363afb8f4ba4b0dc7299dcee3eeeb9a7871c3aa813a7698fcfe61171429065e64391de43da51f1f5d3932b848a24c6b2d0ec21081cfe5c97d993ad3673505b6698b17b7d0b77380e46bffb9df1a058d24de8d877d4bcc17fe699ff7bde1e63eea4df47360674d2689d516dcd0d03a33db6e2a908be18bdf6d5a67c938cd5ea01bf5794e392952f44877df80e8c6439c317a583faec4abd1c44851fbfcc6ecdd27c44cb03f37d124ed49b697dec5564fb3bce9dfa5003c6ab025d33ab0acfef11fa7480bfa098b64f6d2af9741919e8c373d8d7e9edb66d57d4845965465b88a69e192adccecddcd783c299f693bcf0255d90d098a582bee0e2f8b768454675eff5814721cd89812be17b68c6ab4e514f243ff643e1219609d5fedc9b7b2245bbb5dea0eaa0e1c7b94b134a53718ae12d6cd1a472150830a076187949708ac4ae4f09a99e79d45bdad292997d7f5a8e2432f87cec3afd7f7575c1599d4fb14343d7db10b3d255f3fcdf3a3f25a753d9c0d55d0d64135514d71027aac18ebcfb1953b84ba48a4f8da19f3ae364f4be35a8f18175d6aa7e1929f300bbe6310ec10211e6baf6beba8ee311c65985763f67b7e1f81e2e95f62d6adb18a47e6f6def03b67ec182fdcba2d69c022684bd0519ca0a0d406ba13d56f3879778f8edad4bc7a639d005817b1801fb0f5f53e67b7cf9a89a18d025005f2d9d56ef63baece22c80fc48442c4f95c017d212b05e14bca63b0e5aef23f52dd0b4900986a1c32987cd7a54c0fe8d68201d58fd4af86cc842184d65d633bb63c1942c7ca59b0f4267fd5a5cf5ad82ac548a0e9866b9a6f8889b13aee3046c3fed1e746969bea19ac55f2d87c791ebdaf10e52af978c0959ca601183235a3ce5c3e3f1ab81b50d3a1c52b4a0e8b5044be76a3cab34e5556fcc0575c167a2e6e767344c7156b55025ce596cfe804ee38d5fe9ef9dad878ae00eebea5d8fb37f39747d114237a4da2e0c96282f24a2675ecabb48e6b18213aaa5e560867f9bbbc1777d1995b359a707d8229ef0d201d082de7080a5055d2770636c2a34bc503e975d871acf2cc2b34df83d749d0c4d374f34c806d4dcb81fe71efa1df79847f3fb971e4b7e1c7f4e26b71abccdfb88da459bfbae0523a08a879c60a46442766be43ca577be44a68112665b422a34a30f93e6832d230f628c349ff8cdf201776c628f4c4176ddac2e96ee0ae2347b6c85982168863b15b810f0bf04557168e927f4b0f0ebed2abad1c40ea800fb240521f530d62d451c0b973aa6edf626b6f0e6a5c1ffe4851bbfa903bed6af133a3bfdc0b9facecaf0b0437457c6d559387ece590320428ced5ecacdb7eafb9d2fe5a67c19afbc37e98b7d9a046aa48d427ab73e6ff2660a746d7d2cfe5e300410cf295d60b2607d8a728f4ff95a97759b511afa76df2c66d7131e2a82492720f276de22a923e1a0466b2a6b2ef15ba333037aa22a4c6c854449a7229e9cbca0f563eac9979945d03b22981830c45a286e38decdcd3273a7f2d0ec512dd630aae6bd8e6de04c04cba4bf227abb0074134f34033d303d7391defc45b8b59c40121f510d2d7a625ff2d5f269d5d1fc64d258719a554cb1710ddcd8e197be3a591570f651481209ee36e6968314dc5c0ed62ee068e2895d52d3e02c4dff38014aebd4399d3a2fd0984b3ec2b7319fd1849317a67beadf2e633888924b09d3854d9dea2358c06756d0da19f6b8942dc96e1ff86bca69600b5a3eecf7c59aecb80a8c4247c59ea9ab9d9aefc9dc4a32741f97a6f7b69091ad24b633da985da9655818c47edf7ae3657cd9ed61f32c156da7b6d471b053a0bb661845209a3701572180469a61455d73321e0757f44d07fe223b3cb1256246b02ff829e229713bcfb42d293fbbbc3e4dd8780419414fbe570aecfa2555ebf5fb1b308d570c1bb8309e81608783370637124f49fde363b3d393d85a124ca54bc6e07b71231920ef8ec95f5a32b73550fbb695ad675f7ef8629f9b8cdcdb8ded8ac732dc67a9e96f1e86427a3e744f66b78062356d61ecf706f34b63419c2c87714776f86d58a53b8106ff009d3e9c53656a78f099830b0e29f7b686111808b05344fb95ebbbc63c2dc592251961fa408d50774984326c87e3dec17d29ec879e8e30b95998cd9b20e2875ad3a4b8708a5f771467774ef0237fbf919793d7e39b26f26a38b72eab17110bd79b7aeec9025cf24fa3c2ba9ea1a5e463fbfdd9d037c37ea78b8584f3ac3702330b650e8614a62eb96bb93222cbd245507f4439319b6bb4af8b2244c499e578fc63d948ff0fd69c619cb8c33b0d14d3d284db29ae8373bd5699f11f81ff6f74893c44dbe43f90961b9d0a3c49e44ab6389838008468c4a2a9659ab98d54280c86591b49bcd9f2556bf1ffe265eae432d6777d7ca48dd9485e5e7b2616883819139d706e168ee6631c6961422aa29f545e719af28b4ec5734651d2304145673e67add75a2b119e892a9218ff97234b04f4738dfcea57936130a397836a6dd2ceb3fa1a631b5737d96f7b11ca6c6da4759f014e8e979fee9800a7b3802275711ca9b5f0533f3a6b010b61f04b5c758531034366e44ed45d9adf47695ca756ac3127aac09c837bd55e6d7168cfb767cccea82ac1f69f33385d62940316dc8824eb0ace5ebf1c961845a1107f4f5931409c4c6e132ce8ba76efe18137efc4922e94196de6218622b691c5ad8d3f267f22abb03a62a622956e89bffec77c77199978e07853f53ed2403ca6c3a7e977e45f1507acae073fb7f523e3c3fe1a9b968965925dfbb482dc9f28915c42ded9ea1c117325e915b9dc6f62d540828132b86cffae9028d04386055a21aeb15129a3e503cb43886547b5d9d166923b026eb6a98e7e33e7dc63a1d8f6979e04847b71611e31f49647eb8c9eadd1dcd4b706ee73a4753c3febe2fd096789992abe8f4b6c28a3bbcef904937e6796f61cb7888a3b18561da46024dc25d4e46379d5e48a356daf5096483a11ac8eb8063e04f099ef26a14ce23281ffab4dc5d9e3f33a5b47b6839da6425a4388837d593f2b666b3c1838c65ddd2f45acc593a43cd590697791901746b6594aa05e1d4a3181eb5d8255b61648e8bbc8c328f57931ea484a5ee9f825b18490a986efc7c9076b835c5c5c79e0f4ad17165456c09b863a27af695be96e87aa38f699f5c1837bc4de485ea54db801cd544a728a00e07ccc667d6fa597e690ad380729afc0bb673ea651b06b5ce78d443e390b44c26575a1ec52e88005fcaf8c6a3dea375512c41b0cb38a74bba163add6d2f0bb17331ffe5aa642d116102fca39a77050b95bca6b04f78ad4", 0x1000}, {&(0x7f0000000b00)="f90ba31da8f9aff5b4dad38e308be3198eb8b73d56", 0x15}, {&(0x7f0000000b40)="e442b759e968cab4b29f72eb1b0ac9d1aa71950f8e27f0db79d16f97abf478590569ac78f16c73f1e67cc64493e46ea59ba0eb9c3f5b9eaaabb28ce08b0dfc01e42c3c9b9e3c51b3ca322ea80ecf861ae8e9b72c2a7f770de71bf42625bcf88f0d736d3669b857e4ce1ba9ee28ff4718619cc4f8a9ca8d0cdd688d0535d8f78b4acd554483c8cf8f0dcdef885fa24fc2a14300f30fdfb05f2363c2d43288c85cf3e500f5501debdccf807844cf7267a5de230567b7170beeccfc345cef08c180103775b87bdd00b1326809657c9397f09d0529c4fe99a5b71d8a4535c5fb99b551b7c6a5f0623f", 0xe7}], 0x6, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x14, 0x1, 0x1, [r5]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50, 0x840}, {&(0x7f0000000e80)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000000fc0)=[{&(0x7f0000000f00)="d6d41cac3a6df57afa2eda8a01262d25dc03f25cffffcf87d760c5ef86d1e66f61aa4beed399eedcdfbd60150d8a0b82d8dece7761aa8ee7c742ebff9fecca69bb24b9065f993f11a32c6c823e727fcc", 0x50}, {&(0x7f0000000f80)="70286a3c22145399da15cc1cb444e7d49a0f86e9586e4da5a9d4d1adffc656a92527981aec26ebc9acb9b3a53d44eaee", 0x30}], 0x2, &(0x7f0000005a80)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [r5, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r4, 0xffffffffffffffff, r4, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [r4, r1]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [r2, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x138, 0x4000000}, {&(0x7f0000001840)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000006040)=[{&(0x7f0000005bc0)="0ea3bee54595c2fc9e935e08226b4ffd9c7f9fdbff96a81fc7fb24692f5c41194edf4725d771c67cab721b6f882c9ade0a5e3d68e0c48c48983e434a94840a69cc202dcf889b933474f8af598c40783ea2537bfb9fea554096e3014ccba2a020cc365bc2058536afab997cc058b11b0e07f8ad9eaa87d73de41a2b1269e001a3c88272daed3bd1739d6700178dd24e4f2e923e0c6ab671d7c9a43e", 0x9b}, {&(0x7f0000005c80)="14e89aef61c0be67a8661a1569728bacb71625421ba5d9e56dc1db35878e9f454c6a97e4f3f88819930ad1081422c19fa0d0be565c0957231e1d4c79f5463ec66148c3527bbff5bb93758fa180f2d920b59ce80dc41988c59e270f1dd55f90b3877e2060c563f6b0f4b2db6c5c862770689238", 0x73}, {&(0x7f0000005d00)="a7853e92c097f92c59db1e9d0f912261ab5cdf51b11b4576514156748d8eececa69725813a634d41624568fbbc8fe192c6ebb5e5fbde0a25b1f30d0f4fd662e159d6d429578b74e0407a04b24456a48329c86d705feeef31f5438fa1b58e9c53882270f51339d5e95480a2d0ffd9878d8b083a3902f41fb361e43ece1060b8c63ed89fb258b26412a0a7053a64b14be72a0263489e48491f52691f996921da4a5c5ba6fb9c528e18afdcdb53278ee8f97243891555e068c4621f9b97c3c894", 0xbf}, {&(0x7f0000005dc0)="a55297dad105f66dcc7b23a5e5806aa671fda3d88ea8722ed4ee0a654f94644dc909ba57e1d3e8cc21e53f682ce7ffb6df500ec45dfdd4ad35244d07243d1315959299b880320d6298f498f83ff29d675b9d3e3efaffe10259dc450f3970bb518306301559dba367c4be4cb6725077f98e4a7dfb29f206422b62e19baa1edc2debb41bfa12e5f00a8f1cb20ebca8761c", 0x90}, {&(0x7f0000005e80)="b694964b8f77a132e431a41ad2e7356b83581f8e375cdd81fcb374c44f9f1c682fa85e16ee5fad2f3c4167511850d277453fb4376b4e0bee3d2f4161d20c13aa080cf05218e5a78ddfacebd18042f92b9f9514c2f289ebd0c5e4dfcf930b52941812e7cacbeae24cd42c93804a816d2f80f3d2a563c2641935a28134560343b998f25fd745bcfa0d61b14f36db7e3ba1e152c91b86176ede6b250efc0db3e31e24c96c809fe247285b0d05cc6c78ba869652fc432018cd0840ffad56a6", 0xbd}, {&(0x7f0000005f40)="adda42d2ad32564af5019715bc84a716348439c5434b1c2fc0ce2f2b4ec713a7b00732fb5904adcb10cffb1616209d67535bb9a58ec04bc3a7fea1cfd1e0c62077813955599dc73353cd632db5ae9309b6e3ed726a2d87325445dc01f9239951b0f9a960e4abe96b6ee8590ce9d0d97fb6700ba37fe91b3c11ce085307fd4cb1826bf0a7457b9ee2511f891835fc649f1ee94d6a56cb29fe3263", 0x9a}, {&(0x7f0000006000)}], 0x7, &(0x7f0000006400)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r4, r2]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x100, 0x20000010}, {&(0x7f0000006500)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000006580), 0x0, 0x0, 0x0, 0x4000080}, {&(0x7f00000065c0)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000006800)=[{&(0x7f0000006640)="7473712fc5469b3b0c04d1409b2aa0d94e94f21ea35c9b93173088c355ce5eec8f81cf0ddfe60a322fcc3992f82e6ebc10e64b74de64a3e251851e1e8fab15c2001ea2773b4e8068981084969000d9e8a4747f5e00b5967884e0ca9e69115acb6c24f18632a3c46a0eb8f8e59954df7f", 0x70}, {&(0x7f00000066c0)="403c07447a8fd2807e9505d88487702d371bef118f1a2eb9b2ed29a26149fcf58804b66f4ff2152c289e5fdc58b34cda0de34a26e7ee808bef4b53c0f526", 0x3e}, {&(0x7f0000006700)="9909cc39190461a809fa7343539d8ea4b6e1fc889fe31016cb621c6f241f5c631ed935f6", 0x24}, {&(0x7f0000006740)="c018cab88039c37651a532138efa6d6880bf7cc533441a9c864bb0590a962ebaf360b3664913e312324d2692d20804c32467e2f8ba7a5cc83692dc0bd56da003fc49cbfd21cde2d3b127a603695718510abee72b00d3ecd5fb35ac375ee6c83db6466ccf31a13707d0af6197c9fac26c0c9afe5377ce3f9d68234c7d16286ff2ec3bb9dd54b63adfb2", 0x89}], 0x4, &(0x7f0000006840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}, @rights={{0x18, 0x1, 0x1, [r2, r2]}}], 0x58, 0x19}, {&(0x7f00000068c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000006c00)=[{&(0x7f0000006940)="43adebf1604c052c33ce5fac96f63a72dd9a232ae2c9a60a534a1abc82a374b530eed9a0effa9e40cd767615308b6b68732c7ae53f5bf28d3ad5376dc1b3477509fd12f145aca2e68e376da1ccfb908a45b8dfbae81f2408e5a3e1873dc57f41962e", 0x62}, {&(0x7f00000069c0)="55193f071576c389bcc032c217edde76619e396f1e811be26f7b382a9a33d123bb597160305a4170576e6334f9f788a1f584b7e8f34049907d1ecb09ca3d7cce63b2c4c29f96f5db4b3033b7bb9ba8ea6284e1f913d9f476", 0x58}, {&(0x7f0000006a40)="129060aaff4e4cb47a0e18dc44a8a5b872417ec4705e1671ab5170d2bd402619d9950a", 0x23}, {&(0x7f0000006a80)="e1fd7e91ddab05cc66a8d1acbd2667bdf087d3585ee9b9d7c3c227169766c63c46bcba8d04a8e2820a8ddf4a1aa9eb46f2ea883bcdf6f34d45da5c37a9b57671e7ae653d2e021d4b17cdeda1e99e94ea66bee33e0e96bdffbf925ad089443d76f07ea6de035bb4ff0bee5e4e0cf1a46d548c60832243100cb9ad257e83cdc4442abbd87a79c54dba2bbb8eb6c75c22b96be00076684d967049006eebb6f9bf0df09e88b6ec2e3c2f4de801165e9fe772d54f10ba5e3cc6fe88e9", 0xba}, {&(0x7f0000006b40)="52c76d4bcda3f2de69d4c6a11d635a451db9ebbe10c0a7124afdff8d2c169bd8f7d1c392153f1346e6711a5e7870527298e31933788a06f24815cc4bc5d752a1ba2c2f83cddcaee3a9e833c8e3561a3345a39b19a306371e564444a74b2a1b574d05b6cbb405e9fce7342d0bcad366bc3d479e8b24e64a115dbc5dd46ea39b5a2c1c628b7423bbfc5dccb125cec6889e07821c68286b2a907aef0f0274e4a53488f3417b75771e6c49587fb2dab5", 0xae}], 0x5, 0x0, 0x0, 0x4000004}, {&(0x7f0000006c80)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000006d80)=[{&(0x7f0000006d00)="c02fb83a4b7f964749a865966b4e7e06f336fc68c26f5ca96857b757c0f93857768c99d802d9bd2de8d0f554b19a2a73c024ade183a456e51308a44c8a5864877e5b2a385788cda1b4629771ec75307185791c2f5408374b1afa9e", 0x5b}], 0x1, &(0x7f0000007080)=[@rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x18, 0x1, 0x1, [r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r7}}}], 0x90, 0x2000c844}, {&(0x7f0000007140)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f0000007540)=[{&(0x7f00000071c0)="17853e0427e0c8adb22a52610ea56f7c99c4ec74bfc472da2c0330512665295a76a7e69dd05aeb5b9245aae1e1150c063556d6f47d6d2a9d1a8e94d67c48c3cce6aa1a144b4d89386def81e271ca488c4d81af59966b79e53baeecc8314816376f4509b547b9892d7befa8d88388ecad23de054a27b088b54ed76bc8232bdf6ee56792b7bb36d95c71f920c7091390f3da91db3dfa60533d969afb0e0eb294972cb4e0a9f3bf5ea47edc155b3338c877dea0f2fb226f959fbf6ef534bb5da44946c6a479f7734018c241dfeac2312d838a27d8ff0681f2441e06414f508447e4f7b6339c94cc85cd83552a43e08df8", 0xef}, {&(0x7f00000072c0)="d7fc2a82c2b6110639404c104c58e4fd2d10427fd0cc783df58dfdc284c79d04c3b85e5d797c3a86affd9f15ee455d464948561c05d0d714cb16f623c0398ad9b44691a66af890e3860c09d4e633beb01cb001d56bf5d9d5d9973212071325479809948b8f179abafee3afc8e6c2bc82686079b476cf31788e823527768d255bdc8b6fb092c3289c419667", 0x8b}, {&(0x7f0000007380)="b7c68f7601c60f12c7140fe96e81f9e0cd19c579a712abc8a65550d38adc1d8488c1be773536bfb8dc8e443651e82dd004f2f7be4136b772aeccd764332e2227e5fd80e3daaa6385fba5f27adc99", 0x4e}, {&(0x7f0000007400)="71126b7bb75edd1d17cdb86aa140cee46eca77a616f8e2f45a4a88e7b9bb9b324dc142d543311e28", 0x28}, {&(0x7f0000007440)="318c9d88ff42592b0a1e0ec6ee54ccf07651c3a82becfe5436a671ea1bb36e9fe3e74fb66b801c0b99d7aea633478e", 0x2f}, {&(0x7f0000007480)="63810aa3163a05825e04858f6e7d3570562b39378ef5e4f3", 0x18}, {&(0x7f00000074c0)="b9eb2b189eb955e3cb75b936515bc1149ca5419f8f011f99634bc0e95c384242ed1b0d891e448086a8f72825eb8ea2d261c9b4e85f81ec340bf8ace65a0c2408d37d23ac7381eea58dba0de42c642aa1", 0x50}], 0x7, &(0x7f00000075c0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee01}}}], 0x20, 0x9c5}], 0xa, 0x40) fallocate(r4, 0x20, 0x0, 0xfffffeff000) fallocate(r4, 0x0, 0x0, 0x10000101) fallocate(r4, 0x3, 0x0, 0xffff) fallocate(r4, 0x0, 0x0, 0x10000101) 13:27:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010904000000000008000002000000240001801400018008000100e006000108000200000000000c000280050001001c1350610000000024000100ac14140008d00200ac1e00010c00028005000100"/96], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x3, 0x3, 0x4000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) 13:27:31 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r4, 0xc0305710, &(0x7f0000000080)={0x0, 0x6f006816, 0x4}) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000040)=0x20a15b27, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:31 executing program 2: write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:31 executing program 4: exit_group(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x500, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000080)) futex(&(0x7f0000000280)=0x2, 0x9, 0x2, &(0x7f00000002c0), &(0x7f0000000300)=0x2, 0x1) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000340)) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000005c0)=[@text16={0x10, &(0x7f0000000540)="0fc75dd966b94c0600000f320f20e06635000020000f22e066b9eb0900000f32660f017800ba200066edbaf80c66b8ca20028d66efbafc0cb8f639efbaf80c66b8a8ab858766efbafc0cb057ee0faef00f6fc2", 0x53}], 0x1, 0x0, &(0x7f0000000600), 0x0) [ 1279.760198] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1279.778486] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000400000000a000000000000006d7f3f14d4de0a928c876cd49d3254d175a15236a00f696a204f80bd7518fca1b8b8", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015000000000003000000"], 0xc4}}, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000000)={0x0, 0x0, [0x2, 0x40, 0x3, 0x66f, 0x1, 0x101]}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000240)="66ba4200ecf2260f330fc7b834fa00000f01cf67dce80f01c8640f32b9e70900000f3282c3008fe9f8971f", 0x2b}], 0x1, 0x50, &(0x7f00000002c0)=[@efer={0x2, 0x9000}], 0x1) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000300)={r3}, 0x8) ioctl$KVM_RUN(r4, 0xae80, 0x0) connect(r2, &(0x7f0000000340)=@caif, 0x80) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x1, 0x0, 0xff, 0x800}}}, ["", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x400c040}, 0x20000011) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1279.826952] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1279.835992] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1279.888250] CPU: 0 PID: 9338 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1279.896091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1279.902155] syz-executor.2 cpuset= [ 1279.905442] Call Trace: [ 1279.905465] dump_stack+0x1b2/0x281 [ 1279.905481] warn_alloc.cold+0x96/0x1cc [ 1279.905494] ? zone_watermark_ok_safe+0x220/0x220 [ 1279.905512] ? wait_for_completion_io+0x10/0x10 [ 1279.905526] __alloc_pages_nodemask+0x2127/0x2720 [ 1279.905551] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1279.905560] ? perf_trace_lock+0xf7/0x490 [ 1279.905569] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1279.905587] ? do_raw_spin_unlock+0x164/0x220 [ 1279.911482] / [ 1279.911691] alloc_pages_current+0x155/0x260 [ 1279.927489] mems_allowed=0-1 [ 1279.928740] kvm_mmu_create+0xda/0x1d0 [ 1279.928753] kvm_arch_vcpu_init+0x282/0x890 [ 1279.928764] ? alloc_pages_current+0x15d/0x260 [ 1279.928778] kvm_vcpu_init+0x26d/0x360 [ 1279.928790] vmx_create_vcpu+0xef/0x29d0 [ 1279.981680] ? __mutex_unlock_slowpath+0x75/0x770 13:27:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/188, 0xbc}], 0x1, 0x4, 0xc8a00000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1279.986515] ? drop_futex_key_refs+0x2e/0xa0 [ 1279.990910] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1279.994954] ? get_futex_key+0x1160/0x1160 [ 1279.999172] kvm_vm_ioctl+0x4ca/0x13e0 [ 1280.003044] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.007195] ? check_preemption_disabled+0x35/0x240 [ 1280.012271] ? perf_trace_lock+0xf7/0x490 [ 1280.016417] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1280.021513] ? perf_trace_lock_acquire+0x510/0x510 [ 1280.026434] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.030579] do_vfs_ioctl+0x75a/0xff0 [ 1280.034391] ? ioctl_preallocate+0x1a0/0x1a0 [ 1280.038795] ? lock_downgrade+0x740/0x740 [ 1280.042954] ? __fget+0x225/0x360 [ 1280.046403] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.050373] ? security_file_ioctl+0x83/0xb0 [ 1280.054783] SyS_ioctl+0x7f/0xb0 [ 1280.058325] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.062297] do_syscall_64+0x1d5/0x640 [ 1280.066182] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1280.071363] RIP: 0033:0x465f69 [ 1280.074546] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1280.075172] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1280.082268] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1280.082274] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1280.082279] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1280.082285] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1280.082291] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1280.141808] CPU: 1 PID: 9343 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1280.149634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1280.159191] Call Trace: [ 1280.161791] dump_stack+0x1b2/0x281 [ 1280.165429] warn_alloc.cold+0x96/0x1cc [ 1280.169406] ? zone_watermark_ok_safe+0x220/0x220 [ 1280.170216] syz-executor.4: [ 1280.174273] ? wait_for_completion_io+0x10/0x10 [ 1280.174292] __alloc_pages_nodemask+0x2127/0x2720 [ 1280.174321] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1280.174331] ? perf_trace_lock+0xf7/0x490 [ 1280.174341] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1280.174361] ? do_raw_spin_unlock+0x164/0x220 [ 1280.183177] page allocation failure: order:0 [ 1280.187284] alloc_pages_current+0x155/0x260 [ 1280.187299] kvm_mmu_create+0xda/0x1d0 [ 1280.187309] kvm_arch_vcpu_init+0x282/0x890 [ 1280.187318] ? alloc_pages_current+0x15d/0x260 [ 1280.187332] kvm_vcpu_init+0x26d/0x360 [ 1280.187346] vmx_create_vcpu+0xef/0x29d0 [ 1280.187361] ? __mutex_unlock_slowpath+0x75/0x770 [ 1280.187373] ? drop_futex_key_refs+0x2e/0xa0 [ 1280.187382] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1280.187394] ? __lock_acquire+0x5fc/0x3f20 [ 1280.207562] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1280.210166] kvm_vm_ioctl+0x4ca/0x13e0 [ 1280.210182] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.210201] ? perf_trace_lock+0xf7/0x490 [ 1280.210215] ? perf_trace_lock_acquire+0x510/0x510 [ 1280.210227] ? check_preemption_disabled+0x35/0x240 [ 1280.210234] ? check_preemption_disabled+0x35/0x240 [ 1280.210245] ? perf_trace_lock+0xf7/0x490 [ 1280.223449] (null) [ 1280.227417] ? finish_task_switch+0x178/0x610 [ 1280.227431] ? perf_trace_lock_acquire+0x510/0x510 [ 1280.227441] ? lock_downgrade+0x740/0x740 [ 1280.227452] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.227464] do_vfs_ioctl+0x75a/0xff0 [ 1280.227477] ? ioctl_preallocate+0x1a0/0x1a0 [ 1280.227485] ? lock_downgrade+0x740/0x740 [ 1280.227498] ? __fget+0x225/0x360 [ 1280.227507] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.227518] ? security_file_ioctl+0x83/0xb0 [ 1280.227529] SyS_ioctl+0x7f/0xb0 [ 1280.227537] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.227548] do_syscall_64+0x1d5/0x640 [ 1280.249189] syz-executor.4 cpuset= [ 1280.252982] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1280.252993] RIP: 0033:0x465f69 [ 1280.252998] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1280.253010] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1280.253016] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1280.253022] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:27:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c00028005000100af470000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x200, 0x0) fsetxattr$security_capability(r2, &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000180)=@v1={0x1000000, [{0x57b3, 0x1}]}, 0xc, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x82040, 0x0) [ 1280.253028] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1280.253034] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1280.315013] warn_alloc_show_mem: 2 callbacks suppressed [ 1280.315017] Mem-Info: [ 1280.421116] active_anon:842152 inactive_anon:18064 isolated_anon:0 [ 1280.421116] active_file:9512 inactive_file:34063 isolated_file:0 [ 1280.421116] unevictable:0 dirty:250 writeback:0 unstable:0 [ 1280.421116] slab_reclaimable:16352 slab_unreclaimable:195640 [ 1280.421116] mapped:62738 shmem:8997 pagetables:18603 bounce:0 [ 1280.421116] free:489138 free_pcp:274 free_cma:0 [ 1280.422460] / [ 1280.455515] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1280.485783] Node 1 active_anon:1259348kB inactive_anon:53484kB active_file:38040kB inactive_file:136252kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:33852kB dirty:1000kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1280.510200] mems_allowed=0-1 [ 1280.522421] CPU: 0 PID: 9372 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1280.523222] Node 0 [ 1280.530215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1280.530220] Call Trace: [ 1280.530237] dump_stack+0x1b2/0x281 [ 1280.530254] warn_alloc.cold+0x96/0x1cc [ 1280.530268] ? zone_watermark_ok_safe+0x220/0x220 [ 1280.530291] ? wait_for_completion_io+0x10/0x10 [ 1280.530305] __alloc_pages_nodemask+0x2127/0x2720 [ 1280.530329] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1280.530339] ? perf_trace_lock+0xf7/0x490 [ 1280.530349] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1280.530370] ? do_raw_spin_unlock+0x164/0x220 [ 1280.530386] alloc_pages_current+0x155/0x260 [ 1280.530405] kvm_mmu_create+0xda/0x1d0 [ 1280.530416] kvm_arch_vcpu_init+0x282/0x890 [ 1280.530423] ? alloc_pages_current+0x15d/0x260 [ 1280.530438] kvm_vcpu_init+0x26d/0x360 [ 1280.530451] vmx_create_vcpu+0xef/0x29d0 [ 1280.530462] ? __mutex_unlock_slowpath+0x75/0x770 [ 1280.530473] ? drop_futex_key_refs+0x2e/0xa0 [ 1280.532840] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1280.542053] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1280.542066] ? get_futex_key+0x1160/0x1160 [ 1280.542079] kvm_vm_ioctl+0x4ca/0x13e0 [ 1280.542092] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.542107] ? __fget+0x1fe/0x360 [ 1280.542121] ? check_preemption_disabled+0x35/0x240 [ 1280.542133] ? perf_trace_lock+0xf7/0x490 [ 1280.542146] ? perf_trace_lock_acquire+0x510/0x510 [ 1280.542157] ? kvm_vcpu_release+0xa0/0xa0 [ 1280.542167] do_vfs_ioctl+0x75a/0xff0 [ 1280.542181] ? ioctl_preallocate+0x1a0/0x1a0 [ 1280.542189] ? lock_downgrade+0x740/0x740 [ 1280.542203] ? __fget+0x225/0x360 [ 1280.542211] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.542221] ? security_file_ioctl+0x83/0xb0 [ 1280.542231] SyS_ioctl+0x7f/0xb0 [ 1280.558397] lowmem_reserve[]: [ 1280.558585] ? do_vfs_ioctl+0xff0/0xff0 [ 1280.573764] 0 [ 1280.577323] do_syscall_64+0x1d5/0x640 [ 1280.577341] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1280.577350] RIP: 0033:0x465f69 [ 1280.577356] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:27:32 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) socketpair$unix(0x1, 0x9cc5bd409f12e8d2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) close(r3) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0xfffffffe}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r6, 0xc) ioctl$KVM_GET_MSRS(r6, 0xc008ae88, &(0x7f0000000280)={0xa, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) fcntl$getownex(r7, 0x10, &(0x7f00000001c0)) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1280.577366] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1280.577372] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1280.577377] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1280.577382] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1280.577388] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 13:27:32 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r0, 0xc) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000008e6d43faa3e31d3300000000000000000c0015000000000003000000"], 0xc4}}, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r3, 0xf504, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r5, 0x5386, &(0x7f00000002c0)) ioctl$SG_GET_LOW_DMA(r5, 0x227a, &(0x7f0000000140)) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x4, 0x3, 0x1, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = getpid() r3 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xfff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xc5, 0x1f, 0xff, 0xe5, 0x0, 0x1, 0x8, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000000080)}, 0x7210, 0x1, 0x1, 0x2, 0x1ff, 0x3, 0x7}, r2, 0x7, r3, 0x6) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1280.830793] 2717 2718 2718 2718 [ 1280.836471] Node 0 DMA32 free:28972kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB 13:27:32 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) ioctl$EVIOCGLED(r3, 0x80404519, &(0x7f0000000140)=""/188) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1280.881528] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1280.909037] syz-executor.4 cpuset=/ mems_allowed=0-1 13:27:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x200, 0x0) fcntl$dupfd(r2, 0x0, r2) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ocfs2_control\x00', 0x10800, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r4, 0x800455d1, &(0x7f0000000100)) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x80, 0x1, 0x5, 0x9, 0x0, 0x2, 0x10020, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000000), 0x1}, 0x60, 0x0, 0xfffff800, 0x3, 0x81, 0x0, 0x400}, 0x0, 0x0, r3, 0xa) [ 1280.972140] CPU: 1 PID: 9372 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1280.980153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1280.989506] Call Trace: [ 1280.992099] dump_stack+0x1b2/0x281 [ 1280.995733] warn_alloc.cold+0x96/0x1cc [ 1281.000674] ? zone_watermark_ok_safe+0x220/0x220 [ 1281.005530] ? wait_for_completion_io+0x10/0x10 [ 1281.010205] __alloc_pages_nodemask+0x2127/0x2720 [ 1281.015064] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1281.019905] ? perf_trace_lock+0xf7/0x490 [ 1281.024054] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1281.026338] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1281.028904] ? do_raw_spin_unlock+0x164/0x220 [ 1281.028918] alloc_pages_current+0x155/0x260 [ 1281.048539] kvm_mmu_create+0xda/0x1d0 [ 1281.052478] kvm_arch_vcpu_init+0x282/0x890 [ 1281.056812] ? alloc_pages_current+0x15d/0x260 [ 1281.061407] kvm_vcpu_init+0x26d/0x360 [ 1281.062607] (null) [ 1281.065304] vmx_create_vcpu+0xef/0x29d0 [ 1281.065319] ? __mutex_unlock_slowpath+0x75/0x770 [ 1281.065330] ? drop_futex_key_refs+0x2e/0xa0 [ 1281.065340] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1281.065354] kvm_vm_ioctl+0x4ca/0x13e0 [ 1281.070761] syz-executor.3 cpuset= [ 1281.071558] ? kvm_vcpu_release+0xa0/0xa0 [ 1281.085995] / [ 1281.088950] ? __fget+0x1fe/0x360 [ 1281.098986] mems_allowed=0-1 [ 1281.101769] ? __might_fault+0x104/0x1b0 [ 1281.101781] ? check_preemption_disabled+0x35/0x240 [ 1281.101794] ? perf_trace_lock+0xf7/0x490 [ 1281.118054] ? lock_downgrade+0x740/0x740 [ 1281.122187] ? perf_trace_lock_acquire+0x510/0x510 [ 1281.127185] ? __might_fault+0x177/0x1b0 [ 1281.131233] ? kvm_vcpu_release+0xa0/0xa0 [ 1281.135380] do_vfs_ioctl+0x75a/0xff0 [ 1281.139166] ? ioctl_preallocate+0x1a0/0x1a0 [ 1281.143554] ? lock_downgrade+0x740/0x740 [ 1281.147687] ? __fget+0x225/0x360 [ 1281.151138] ? do_vfs_ioctl+0xff0/0xff0 [ 1281.155102] ? security_file_ioctl+0x83/0xb0 [ 1281.159512] SyS_ioctl+0x7f/0xb0 [ 1281.162872] ? do_vfs_ioctl+0xff0/0xff0 [ 1281.166836] do_syscall_64+0x1d5/0x640 [ 1281.170711] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1281.176065] RIP: 0033:0x465f69 [ 1281.179330] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1281.187023] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1281.194281] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1281.201730] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1281.208990] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1281.216247] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1281.238971] lowmem_reserve[]: 0 0 0 0 0 [ 1281.247067] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1281.259284] CPU: 0 PID: 9426 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1281.280479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1281.285867] lowmem_reserve[]: [ 1281.289833] Call Trace: [ 1281.289851] dump_stack+0x1b2/0x281 [ 1281.289865] warn_alloc.cold+0x96/0x1cc [ 1281.293018] 0 [ 1281.295528] ? zone_watermark_ok_safe+0x220/0x220 [ 1281.295547] ? wait_for_completion_io+0x10/0x10 [ 1281.295562] __alloc_pages_nodemask+0x2127/0x2720 [ 1281.295586] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1281.295598] ? perf_trace_lock+0xf7/0x490 [ 1281.299247] 0 [ 1281.303159] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1281.303180] ? do_raw_spin_unlock+0x164/0x220 [ 1281.305092] 0 [ 1281.310322] alloc_pages_current+0x155/0x260 [ 1281.310338] kvm_mmu_create+0xda/0x1d0 [ 1281.310350] kvm_arch_vcpu_init+0x282/0x890 [ 1281.315118] 0 [ 1281.319833] ? alloc_pages_current+0x15d/0x260 [ 1281.319847] kvm_vcpu_init+0x26d/0x360 [ 1281.319860] vmx_create_vcpu+0xef/0x29d0 [ 1281.324816] 0 [ 1281.328842] ? __mutex_unlock_slowpath+0x75/0x770 [ 1281.328855] ? drop_futex_key_refs+0x2e/0xa0 [ 1281.335458] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1281.335469] ? get_futex_key+0x1160/0x1160 [ 1281.335481] kvm_vm_ioctl+0x4ca/0x13e0 [ 1281.335495] ? kvm_vcpu_release+0xa0/0xa0 [ 1281.335520] ? check_preemption_disabled+0x35/0x240 [ 1281.340035] Node 1 [ 1281.341782] ? perf_trace_lock+0xf7/0x490 [ 1281.341790] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1281.341802] ? perf_trace_lock_acquire+0x510/0x510 [ 1281.346306] Normal free:1918016kB min:53696kB low:67120kB high:80544kB active_anon:1260044kB inactive_anon:53488kB active_file:38052kB inactive_file:136296kB unevictable:0kB writepending:1064kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17696kB pagetables:43388kB bounce:0kB free_pcp:804kB local_pcp:424kB free_cma:0kB [ 1281.350066] ? kvm_vcpu_release+0xa0/0xa0 [ 1281.350077] do_vfs_ioctl+0x75a/0xff0 [ 1281.350090] ? ioctl_preallocate+0x1a0/0x1a0 [ 1281.362350] lowmem_reserve[]: [ 1281.364612] ? lock_downgrade+0x740/0x740 [ 1281.364628] ? __fget+0x225/0x360 [ 1281.364637] ? do_vfs_ioctl+0xff0/0xff0 [ 1281.364648] ? security_file_ioctl+0x83/0xb0 [ 1281.364658] SyS_ioctl+0x7f/0xb0 [ 1281.364666] ? do_vfs_ioctl+0xff0/0xff0 [ 1281.364677] do_syscall_64+0x1d5/0x640 [ 1281.364693] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1281.364703] RIP: 0033:0x465f69 [ 1281.378023] 0 [ 1281.379748] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1281.379759] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1281.379767] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1281.386446] 0 [ 1281.388112] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1281.388118] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1281.388124] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 13:27:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$isdn_base(0x22, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x0, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1281.580223] 0 0 0 [ 1281.582514] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1281.607117] Node 0 DMA32: 982*4kB (UME) 295*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28816kB 13:27:33 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="433adfe696e02d14305109"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) r4 = syz_mount_image$befs(&(0x7f0000000180)='befs\x00', &(0x7f00000001c0)='./file0\x00', 0x80000001, 0x4, &(0x7f0000000600)=[{&(0x7f0000000240)="978bdd2783f6653cef64c57f705b1c5c632363e668538bdff29a97baf8431dd62fc164a2a127e4a54538b16b53f2273ac132c1bc0c61badb6e29da7adf82bf1e660555ffbf5f4c4bbb4f24ae708947f408a20a47762ac0e21735467b327e0a852f9e7c9eeb6f6377e8df6eaa", 0x6c, 0x1}, {&(0x7f00000002c0)="d9031956d8d69a7c9cee6a0e5c84e65d783a96909e91ccaccb3a7da312c889433549a9a732d1a4ca4f10eb1d7eab92343245da7f713b8447be2e29adf10dd048fa20d0278197a30f9371554da7d0dfdecf03f947f2683f8ff15b3abe5f8313c7fa103fa803a1d35b80c217717287f22e9e9a51f1cd70f9bb52d4d4e0ce1223e1c0e3616eed1cfb4bd5a1b7d6326ce009e98b17a5a75e71c18bfb16078abfecd1482e5f6df4250ffa12e6317755c1fe25644ab6909394d8bf6de7add962100c35ac95e08a0163f874d550a81c99442c5691ef9d74baa776c63978e5f22046", 0xde, 0x1}, {&(0x7f0000000400)="e1c0466c0757bd5d59b44664d29c12470f2d17e85d19557ce6e8f2dbe7eb96668a7904f4804443ff93d6c7a66195e78f7c57b1ac4e73e0a5e364ca0f8c0c10426fa6eb1ae492a359e20c2fb7d8752b624e120f62f78f200923b5e6466129899924d47200a6da2d06be197aba5546a8a2db25e808403e4e89bdacc45036d7980e7ae3540dc2e9e835122c0e90ea4925bcc09ffe723099f20cd03ccdde67fa7a181d605549f4e0fb0201940280f5477432da6dcf9a2668455f4da0b5251bf846923e3e9fdcbb4d208583b2f46b28586467dd038b7fc89e8239b7dae98771b5", 0xde, 0x80}, {&(0x7f0000000500)="760ef3b3c6dc7d8d067a0ed58508d9e4bc8cbc0d080e70eabc13977b6020b55289ac23390f930e181042a740b7c724b32081bd9bafb85d7b05e1a6e70f2c7bef843d4a8b9302cc90dc9f3be558e6a87f04315592d3071c7155b857d2902e0d9246ab3964896fd958cc9193545ba42c86abfbec54a6e299574397958e42e1021450a8a054d2b5c4a17178927ee7a156c1c9969df27dd3ac1f7e3c58c2d6724e9bd26f1b24ffe6c6752ada26af8f8a65fcb0bf5661583a917cf7618bee0e5d4d179d9f05", 0xc3, 0x7}], 0x4000, &(0x7f0000000680)={[{'/dev/nvme-fabrics\x00'}], [{@obj_user={'obj_user', 0x3d, '['}}]}) dup3(r1, r4, 0x0) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0x402000, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r6, 0xc038563c, &(0x7f0000000080)={0x0, 0x0, {0x1f, 0x9, 0xa0000000, 0xffffff27}}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1281.641794] warn_alloc_show_mem: 2 callbacks suppressed [ 1281.641798] Mem-Info: [ 1281.677720] active_anon:842201 inactive_anon:18065 isolated_anon:0 [ 1281.677720] active_file:9515 inactive_file:34074 isolated_file:0 [ 1281.677720] unevictable:0 dirty:266 writeback:0 unstable:0 [ 1281.677720] slab_reclaimable:16293 slab_unreclaimable:195535 [ 1281.677720] mapped:62752 shmem:8998 pagetables:18650 bounce:0 [ 1281.677720] free:489233 free_pcp:277 free_cma:0 [ 1281.721059] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1281.758018] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1281.768609] Node 1 [ 1281.813394] Normal: 54*4kB (UME) 181*8kB (UME) 241*16kB (UME) 153*32kB (UE) 50*64kB (UM) 180*128kB (UME) 292*256kB (UME) 121*512kB (UM) 35*1024kB (UME) 14*2048kB (UM) 410*4096kB (M) = 1917232kB [ 1281.839407] Node 1 active_anon:1259544kB inactive_anon:53488kB active_file:38052kB inactive_file:136296kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34008kB dirty:1064kB writeback:0kB shmem:16488kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1281.899744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1281.923633] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1281.927136] Node 0 [ 1281.937682] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1281.944007] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1281.955181] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1282.022641] 26700 total pagecache pages [ 1282.041944] 0 pages in swap cache [ 1282.045317] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1282.048805] Swap cache stats: add 0, delete 0, find 0/0 [ 1282.057988] Node 0 DMA32 free:28816kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:132kB local_pcp:8kB free_cma:0kB [ 1282.067219] Free swap = 0kB [ 1282.107372] Total swap = 0kB [ 1282.110456] 2097051 pages RAM [ 1282.113595] 0 pages HighMem/MovableOnly [ 1282.119403] 363840 pages reserved 13:27:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x680b82, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000040)={0x4003}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@broadcast, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f0000000380)=0xe8) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000480)={0x0, @local, @initdev}, &(0x7f00000004c0)=0xc) read$FUSE(r2, &(0x7f0000000840)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000500)={'vxcan1\x00', 0x0}) lstat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003000)=ANY=[@ANYBLOB="10030000120000022cbd7000fddb0325fe8000000000000000000000000000bb000004d60200ff00086a0c000000000028001a00ffffffff000000000000000000000000ff020000000102000402e40006007f000001000000000000ba0000000000200100000000000000000000000000004e2100004e2000810a0000400000000000000000000000000000c758d24fef4808299e9c9a94c9270085ac4ce50fa96a1d34015a9977ca27f8a09cecba7f31f875561af1b29b9d1c7473656b32c463eb880c193f5f492dd68edcb767f65983a8dbf52f8321460426e962b91f9d6ab18e7a078a010022346b68eb7767ce305fd2ffb76272d06ae3a1c6d31c2c2084e68191e28bc3", @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="fc010000000000000000000000000001000004d63c000000fe80000000000000000000000000004305000000000000000800000000000000f8ffffffffffffff0004000000000000f202000000000000000000000000000007000000000000000180ffffffffffff0080000000000000ffffffff000000000700000000000000d88200000000000002000000f9090000040000002abd7000043500000a00000402000000000000004400050064010101000000000000000000000000000004d66c00000002000000ac1e01010000000000000000000000000135000000030400080000002000000007000000e400060000000000000000000000000000000000fc0100000000000000000000000000014e2204014e210008020000801d00000096d3fa896372c8615584ac5d060a6e5a508ffa0586cd8cde95c9022ea19a66be8375a2d6d5f5e8931bbc3a96cb81c7c12bfe48d443a61e84095fed61f587e99b29d87e7cc14ca57d952fbd66cedf82121bdcf16e0a71d293b213b0109fab162a0693", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="64010101000000000000000000000000000004d35e000000ac1414aa0000000000000000000000007200000000000000c1a93c3200000000f9a500000000000075000000000000000600000000000000878f0000000000000000000000000000ff03000000000000070000000000000006000000000000000200000000000000000000000000000040000000260600000104000026bd700001350000020004050800000000000000ac000700ffffffff000000000000000000000000000000000000000000000000000000004e22001f4e220006020020800c000000", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="0900000000000000fcffffffffffffff080000000000000099040000000000000400000000000000040000000000000005000000000000001f000000000000008c000000000000000000010000000000f1000000000000000100000000000000f9ffffffb86b6e000100010100000000"], 0x310}}, 0x0) fadvise64(r4, 0x800000000004, 0x80000001, 0x3) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7e91, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r9, 0xc) syz_kvm_setup_cpu$x86(r3, r9, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="b9800000c00f3235008000000f30c4819855fa66ba6100b000ee66baf80cb840334d81ef66bafc0cedc40259bfeeb9990a00000f3266410f3880400df32e42deef0f01dfb9800000c00f3235001000000f30", 0x52}], 0x1, 0xc, &(0x7f0000000240)=[@cr4={0x1, 0x10}], 0x1) r10 = socket$inet6_udplite(0xa, 0x2, 0x88) getpeername(r10, &(0x7f00000003c0)=@nfc, &(0x7f00000000c0)=0x80) 13:27:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x74, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x74}}, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvme-fabrics\x00', 0x8000, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x1010, r2, 0xaf83d000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:33 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000018c0)=""/246) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r1, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r2 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r3, 0x800) fallocate(r2, 0x20, 0x0, 0xfffffeff000) fallocate(r2, 0x0, 0x0, 0x10000101) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000400)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(r3, 0xd0009412, &(0x7f00000029c0)={0x0, 0x100000000}) ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0xd0009411, &(0x7f00000019c0)={{r5, 0x9, 0x4, 0xa71, 0x2, 0x7f, 0xffffffffffffff7f, 0x800, 0x80000001, 0x80, 0x8, 0x5, 0x2, 0x2, 0x8}}) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000180)={0x0, 0xfb, 0x63, 0x0, 0xb, "c767f9037b28f23e7b9ba0bece34e489", "1b9a0a6fcf65f5c876bf332cfa9d30d0106ad9de4380238c8b1bccac7497de634dfc5a383d3faa078a4fe259b0d24e0a2d38b5b61034b877a6a982868afa383c64f69e5211dbb738061ed4ff092a"}, 0x63, 0x2) fallocate(r2, 0x37, 0x0, 0xffff) fallocate(r2, 0x0, 0x0, 0x10000101) 13:27:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14101, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000140)={0x9}) r4 = openat$cgroup(r3, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r4, 0x4010942a, 0xffffffffffffffff) write(r2, &(0x7f0000000080)="13bc110b7612ffc8a32f6d8808a725d6ee334ab6c1b0aaf0a43a4e48cc91f65e34a9b1d1ac41ebc5c2c9203e8f3c4b6b72b56c08ce66c690977fcc5f897952f9123ace839507d62133e6318c9c8e98bcabc0b7a0e06f16434ce9e3760ecef447b6ecf8ae846d94dee0e3df1cb12031980d744d074e9cddf60d232c3b852a7a3f1326f4349bd3e2241ce811f2", 0x8c) write$FUSE_BMAP(r3, &(0x7f0000000180)={0x18, 0xfffffffffffffffe, 0x0, {0x3}}, 0x18) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1282.121236] lowmem_reserve[]: [ 1282.122899] 0 pages cma reserved [ 1282.125129] 0 0 0 0 0 [ 1282.141432] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1282.196372] lowmem_reserve[]: 0 0 0 0 0 [ 1282.203542] Node 1 Normal free:1918392kB min:53696kB low:67120kB high:80544kB active_anon:1259348kB inactive_anon:53480kB active_file:38056kB inactive_file:136328kB unevictable:0kB writepending:1260kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17408kB pagetables:43092kB bounce:0kB free_pcp:976kB local_pcp:312kB free_cma:0kB [ 1282.270190] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1282.302283] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1282.321434] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1282.326890] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1282.332788] CPU: 0 PID: 9489 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1282.340579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1282.350051] Call Trace: [ 1282.352651] dump_stack+0x1b2/0x281 [ 1282.356282] warn_alloc.cold+0x96/0x1cc [ 1282.360274] ? zone_watermark_ok_safe+0x220/0x220 [ 1282.365126] ? wait_for_completion_io+0x10/0x10 [ 1282.369798] __alloc_pages_nodemask+0x2127/0x2720 [ 1282.374668] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.379505] ? perf_trace_lock+0xf7/0x490 [ 1282.383652] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.388508] ? do_raw_spin_unlock+0x164/0x220 [ 1282.393006] alloc_pages_current+0x155/0x260 [ 1282.397421] kvm_mmu_create+0xda/0x1d0 [ 1282.401315] kvm_arch_vcpu_init+0x282/0x890 [ 1282.405635] ? alloc_pages_current+0x15d/0x260 [ 1282.410219] kvm_vcpu_init+0x26d/0x360 [ 1282.414108] vmx_create_vcpu+0xef/0x29d0 [ 1282.418168] ? __mutex_unlock_slowpath+0x75/0x770 [ 1282.423109] ? drop_futex_key_refs+0x2e/0xa0 [ 1282.427520] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1282.431581] ? get_futex_key+0x1160/0x1160 [ 1282.435820] kvm_vm_ioctl+0x4ca/0x13e0 [ 1282.439702] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.443848] ? perf_trace_lock+0xf7/0x490 [ 1282.447992] ? __fdget_pos+0x1fb/0x2b0 [ 1282.451882] ? check_preemption_disabled+0x35/0x240 [ 1282.456907] ? perf_trace_lock+0xf7/0x490 [ 1282.461062] ? __mutex_lock+0x360/0x1310 [ 1282.465126] ? perf_trace_lock_acquire+0x510/0x510 [ 1282.470058] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.474206] do_vfs_ioctl+0x75a/0xff0 [ 1282.478014] ? ioctl_preallocate+0x1a0/0x1a0 [ 1282.482423] ? lock_downgrade+0x740/0x740 [ 1282.486567] ? __fget+0x225/0x360 [ 1282.490012] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.493985] ? security_file_ioctl+0x83/0xb0 [ 1282.498392] SyS_ioctl+0x7f/0xb0 [ 1282.501778] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.505752] do_syscall_64+0x1d5/0x640 [ 1282.509645] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1282.512500] lowmem_reserve[]: [ 1282.514826] RIP: 0033:0x465f69 [ 1282.514831] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1282.514842] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1282.514848] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1282.514853] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1282.514859] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1282.514865] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1282.566517] CPU: 1 PID: 9487 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1282.574410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1282.583755] Call Trace: [ 1282.586341] dump_stack+0x1b2/0x281 [ 1282.589972] warn_alloc.cold+0x96/0x1cc [ 1282.593946] ? zone_watermark_ok_safe+0x220/0x220 [ 1282.598799] ? wait_for_completion_io+0x10/0x10 [ 1282.603479] __alloc_pages_nodemask+0x2127/0x2720 [ 1282.608340] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.613182] ? perf_trace_lock+0xf7/0x490 [ 1282.617326] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.620795] syz-executor.4: [ 1282.622174] ? do_raw_spin_unlock+0x164/0x220 [ 1282.622190] alloc_pages_current+0x155/0x260 [ 1282.622205] kvm_mmu_create+0xda/0x1d0 [ 1282.622216] kvm_arch_vcpu_init+0x282/0x890 [ 1282.627500] page allocation failure: order:0 [ 1282.629704] ? alloc_pages_current+0x15d/0x260 [ 1282.629720] kvm_vcpu_init+0x26d/0x360 [ 1282.629735] vmx_create_vcpu+0xef/0x29d0 [ 1282.629749] ? __mutex_unlock_slowpath+0x75/0x770 [ 1282.629761] ? drop_futex_key_refs+0x2e/0xa0 [ 1282.645964] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1282.646898] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1282.646912] ? get_futex_key+0x1160/0x1160 [ 1282.646925] kvm_vm_ioctl+0x4ca/0x13e0 [ 1282.646939] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.651652] (null) [ 1282.655383] ? check_preemption_disabled+0x35/0x240 [ 1282.655396] ? perf_trace_lock+0xf7/0x490 [ 1282.655408] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1282.655420] ? perf_trace_lock_acquire+0x510/0x510 [ 1282.655431] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.655443] do_vfs_ioctl+0x75a/0xff0 [ 1282.655455] ? ioctl_preallocate+0x1a0/0x1a0 [ 1282.655464] ? lock_downgrade+0x740/0x740 [ 1282.674701] syz-executor.4 cpuset= [ 1282.674818] ? __fget+0x225/0x360 [ 1282.674831] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.674841] ? security_file_ioctl+0x83/0xb0 [ 1282.674852] SyS_ioctl+0x7f/0xb0 [ 1282.700895] / [ 1282.702775] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.720147] mems_allowed=0-1 [ 1282.720698] do_syscall_64+0x1d5/0x640 [ 1282.720718] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1282.720727] RIP: 0033:0x465f69 13:27:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) tkill(r1, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x6, 0x0, "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030cf00"}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESDEC], 0x1000001bd) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)={0x108, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "8fd14ad5576885f98c15ca91ec0cb8512470a49593708225"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fad8ec665b48f45ce27339e24fbb8f66f6e899e173f773dc"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "14b260176e15fa40ab967df2d0484c9002517d5b5a94d36b"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "6fe921fa186ad82eec83244d4bf8b4012ee2965b7f248226"}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "6c7af3ec11c75ccd5f2fef81ebd28df1aa25a18f2ce62561"}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x108}, 0x1, 0x0, 0x0, 0x6000001}, 0xc018) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) gettid() sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x10040, 0x0) 13:27:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = dup(r0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001700)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x28, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x10800}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000241f00000000018008000100e000000108000200000000000c00028005000100000000002408000200ac1efffeffff02800500010000000092edbdd0d26b5c6c33b9cc9700"/104], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) clone(0x30b10d80, &(0x7f0000000280)="0b7d77ff2087e05cae75673b3c3b460f3f2fb0a71a972cac7fbb6c684a443c3b2d8b732dceedfc3a93f6394fb7b436875aa11b35d62462ccdbbeeceedcf763fa96dcd3112f820b13d30858463b779527364d1f05cdd62f270e4712aae806c6902808919ed3cc0c2701cff655a38057296acbc2bcb0f17759e2e8429ac073568ff5a34dd8c3", &(0x7f0000001440), &(0x7f0000001480), &(0x7f00000014c0)="4152b9a0570eb097a26f776f597fd9883b9a2efb37c162eb579663f9cc5187116bfb49") perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000000c0)="0f08660fc7b4d1410f01ca02c0c01804660f68c866b94d09000066b80000000066ba000000800f300f017600260f01cf660fe40c", 0x34}], 0x1, 0x11, &(0x7f00000001c0)=[@efer={0x2, 0x1001}], 0x1) write$UHID_INPUT(r4, &(0x7f0000000400)={0x8, {"194948e622924a6792120bae2f6563feeb001b4706f2cc079d67fb79377ef4ba99e87c64a4844f7759a9b00edb2c1e3cd8d95f94b2b4f256be158606475f2390a3f4d2daf99058d76f44f6ddef3598882ce345f8c76d8236cf383afdda9fc4a267f0e136fa7b2df3c490fe49e90a66f99a83f6cbfafa4186511dbc99788196730da619e002d3157b4e0689501e53cf29ee1dffa94552e171223fa12e8ad1f0c320340c67350e2033f374460f0b9a400e0f8b1a943d8c0f29eef39a7d3834d8547a2ebbc7a2ff2f3371e65b4836983422f54a5fbb9607bc128c130cf663894c030f1d46fc043bf4d5dd4c74ebdb3bf339ffc652d2eadfea67bab8773e9f52eb57abb18c8f5e5cdbd9d208911f0cb5dc8664485baa82b1f5e08cfccb9621e632ee9619b050c21b37f48a35e986c018b73063afcd9d612eecd57b7eb3f1fc9baa27c5d0d19635ee44b06128265bc62d178f0af9004795d4ca0eb34af581dafce2dd20cc5670a1daa488d8022ba53f8f6cc767d77f64fce9b2f901bd3999fbbd2496ca8831d47a8b72fec362d9d68bb07c364d8d33b072bd25bf45958ce23d4675964f7419e9c813ff145f22071a4102aef3a04485dd0381e1323b9ab669093ed395ab71860dd5450ca7e2f81fce41dafcd7553dbf01edac22b15ea2d142f66a0dfaf948d19074fde43e71e5b748337d5f8e0b0eb1dc381b4360797f9225040923b5ad9b28d2a969bb88c89f9804e65a373e93fa2ed516ecfb26e76307132208be78761dc146e0a0bc4948463a9851f3cb484b2edc830c0042c42f84829c66a9de418d3c55fa412f423ddd581eef980bf478585a0c91e6f7761b2c0290dd5b794831d852e023dae03b5d20bff825e73efacdde3b145c626ee141f0d37b6224344906afe43b24e84c600ca3b2cc15c519f9fc6f2a1ce3896de130144a692036ae40202b1f682c40cb9495033b727b17d6cfa179956ce1574a49ce4c9a20e1ba05a416e3827a80583074a5c33ae39f7470386d19a13d800816cc5ec49f92984fd84d097e6e1dc2d5032771b7e8f2f095c694fc17f9f117e3566f077d1313421a244080c21876e6eb594f36d4c08f9dbf45173340c82f665fb893aa7b631cd038beafb26c4ec1d0d5461f6c0d43ac3dac562ab4c2d6d9574e9cb2485d553d9d219df6da66922be0be01d61f10a36f5ed859e2dd08e00e40da2b97fcf55496be4184629f29e5ea6bedc1d04823be219d9238ffad7a34fd63d5cfc1c859eb551a0b192c90e78e8cd6779a626c77d9593c7adb65adb67c829c52d421db8a57a3c9b07040bfcd41c152d2cd1e42593aa52f4d4e3d4b1a2c67fd000bd948dff8bc4d77fab3ef6ed0050ebbfcd221d17740607127cc0ced63e776690a2a7663fcd3df5d990603f64a76b80c7a158fc09e751d48cc0e9b97b11f907ffac26c0744cb2f370b5ce37031e2b92ae26acf2a852e5444c818e1c448f57968cc8c8ad08a2a98dc92dac2a5c7d505ab6c5f75a29b315eaa359604ef2b50ae7df8f87d0fde85a2a8b95124fc94664d5533da242e159e711b802c02e9176e63fc0161509fa2c87467fc0e8f7831b3b7a995b35f9c8e597c1879c3f69958bb0057e9e7b8ac2ad143a551b176cb3c7bdd0391190a0f9383a60dd76178bfc31199d6b95e91f0f976bfe5581df2e90c77c3cc9411ff34a9463cd4a4e8991ad9d2a74948e84a45ea1801a9967f169dfb4f41de3c68fa07d71ea48b72c7912b822c687d9d3ec2f54cda6494bb2e7cf12887cfc2ca16cd292f1299f85796762d132eff26edab29da29bfaccc89ec3abbffdd605c1490c5a87ac0e30506add679dd123a0373b1b7694a66e85ae9defb633ec94daadd714fc4b42a9e081500f464e347dd1c77ca241434348036f83f14730dee25b2a469af6601ce1b683db5681deeab49a4c53a57374257b8965b00ee1b5ffe59bd4b3836102e4087b97e2f4f58a897126f3c3f2fc2b95e923bc82b2f455b2890477656f4fc58687d9acf06744da493c97ab6da765f4d31a54404b1c70aeba3d09aadd96f3560584e18c73626d2f84c51ef63910754cb6788c13644127f0444c0681a900c096787ab39a944fa4b9b5e25119f05c1e65cf12abdb802ae20b858a402e009b59c4e885440f968e5f974c5d9a4e3a6a124ccf8c309391663b7ee6500cd443005647f580dfa09d5066622fdde6b365d6fbe65c738ddb9f61ba67eecce36d695822eaaabd81027f6cc5e4ab53358d454d54c979388370f18f63fda9b535831078ac38a527d4c4593d6c6929e6d20741171f431310627c520269a00a7d52c0e9565dc65979c81ae3cc53710d8662549d508c13ac71c1a9441d5162dad437ecfb2e1cbf41809c7d2cc1b5b950aa5883ff465d382fa1037ecf30208b3f1e9fd54da088bfdbe4c2570079ade794e9fd2fcfd7812fdd4bf4a2757af5886aff6e7a3c22d95ad478001842cdd6a3a059ca950d33d37dbaa2dfdea1f0f36c67962b62aa914556a03ff011f30c27232512f5e6171faae130e6ead5eec52f27037916eb6e3da4a6b09cc67f2d3303d8a95af48b58f75ef7d8001a37a207302b664db1bd4306547dc0953aaa54b229ed3e76a6c74998acf080e40933fa4e7f4e61a77fd6fa27d045e308cdfcd85450a6ddac141045be1b482361e07397f4ed6a3f2fa82b039baebb414370cd49c9a04ad3aab49ddc5ffb0434ef18560aa9f03005e834397989abdecd8d0311b89a5b85e0bc9bb49f4c716ff744f0107e73f284abbbc4af2ef5b66a29e634ded5511f0b4fd95af38ac114ae3b555a7265f22f9dcd30beb0a320da752858e3e7a76af57f0991f3326d285e6f43f83482db4723993cb4c12ff45d0959f5945fd035f6cb3ca90f31890a00961870f4804b2e73bad1503ecdc37d0a65a06622735e384bf4b3fc227f4ffbd37a5b2f3ca03ac045335824afecad9c298dc7728baaae7746b0e60db757b209617c13906c60bad536cdaf777e94a752936d9585d4f39fc259d5bb9bfbf5ba410c749fd213ac5f5313d336f6da7067109c0610d8f3128dc40e671d3825e30df20f71fb2ecf1f003f04218f17b7081df60f4a95b1b5f197b2c08eab833b658976ce431517410e04a12c88053b264fbc3d4b751687cc19495ddadd2c7b7db305c63e38c98a8c5286e14ef11988a29a4449d8977e17f3703e4eb9632d243f955c013f4476f6f9f237f4f8ddd053318efe6089d79fefd0755154810074338538b0765195390b09131f1066720a5b48d47f2992c0620d435b90b4cc5b5fcb5d5e8d9b0e3a42ec6ac4e8c92dc45fb35a9cab72d53e4ed32f44f308a6f8e3a1ef34f9e16f97487a425a5caf7ab3187c2919f2534eb81c53807e53c6fc59e2b26d54abc6fd849e7c60aad264e170d934b2d753e7e5b3253ca892c99266ec7c91fb65d95e7f93de20e33ab484f429cd5af9d32614467d4280697963c258f16005be7e41b6930fdb89baf9ebd6321ee05303126fa15714362dd53de668f1c365a15f36857a4883a888783fa14e3b351c5c13a8b69164e98a1cfb59ac409189c4b43d4076a444dccc6d30597ad84ef9791568790ed5ad1e0203fa1bbac2507ebe9cfef61e4ad1f9dee4dff0e3d55715ac2ff82457a62ccbbf1f3fe7e8602f71b1d3b63c6f404e30fbc757c5b192e46a28808a0e01be7583529bd0426c53ce9ccde1a69d09d3d144724717b2104a2c302598631f3956fab99cecda1290437ab75c17adb22402e9673910e3cbacc781ddba117020d1b63c9dfab0efced31e59956d0ba3f2d3376240d251ecd3531ec5bf012c8e98f1f2ec470669cb91b20b35da2774a2abec87806a0daef1144eaa8ff868deaa55d0e5142895b07d5abc35bbedbaec48bd536c25e6f649da3490fa3c38ca4021b6572170595cab9af603afb5587d323f21aab6135018492c0b88b07220918bbc5b3685feda9e825ed80c3b66ea8ca48ae1ffdd28c2254311febcd75a65b9d4dcab2359cff881aafe295ecea2738129e2fdfa95eef6464b71c6d9376138fa647e0a8637d7cc58ff3786047b06118e6815d61f40f2ec7a5c9e084765219ef00f60a4fd83bb713452cc7916914aa063bac123858aec23b495fff922f6c58502a4fc2cebb6d34b747c6c84806922d19917700dcbefe07f8a5585d89800e2a948c7984f75b865b12401a6dfebfa07a950e051888a619a24b148c428312cbe5e56509ea50f3b4faccd8e2d44eb3b0462bad633461cde69b2a4f65b4fbfadb685226dc39ca5491f4b239eeca3c707e6b8dab5a5fb04d6b55e7a4fd65f7af7d972a367156545e13355e071c29fddd1b1d2264ffa0e01c995da54498c4abe4e4a574d8fb6ea9346f15ef00a80f857be9ab017091b62256bdd6870f9eaaf779a03bedfa4c2a98f5f7f690341952e176ab125ed27a4f4aedb14a4299948a26e43747f26f6d124bbcc6ef4f0746848caa7d3d02beef57eefdf8d8a561453b04e6db6e6d05bef28d9b246ab32f47de85942688768c8e15b6d39f7cf02cc422e1764d35b62132581bc3163431b6aa7f22c56ada08aff64a223470ce8083bb3b72a183a3d31c40f9adf752b27119b6b546bbbd41a660402c2a7e89288cdb159ca1c6d18ce843b07150c496c547384c53e6e09331390c660a6d40789e1ad00723fb29cc6e7d5595e97fdf11dbbc845d1885aa0d200f74612f1fcd65b3104d196014a5dda1ab0c0a5dae325f22b8ad19438806a2bf543864d0a46b93de7a8da3f21f293e754f038cf6293a5c53a041befee5f2ce280f11ec66d6fa2af97b23f4d2dde898b52a19982db7a9da5a326786154ddc53df113a1d8c101d49e844802732510250d8db5089a18c8afc80f25544da28ee0e13810c349d9beb8a89ce6b4bb571fca8b52ebd6c3779334f650be4a5246a91d7661c377f944c2bf2ded9fa962ff574df59dbfeba45235deb8314ac4a4ca5864b89de802e78515bb98dfcd01849e4b3130e6bf6220fe797b3407052a35ea334f4ea1d5f438c2f4ecc8f6b9f96d5d3f40a28beb3915d66f39b8ade343e06e39ca4617d836d1d9098815df048c7e12b508ff285185eb122d4c7328cf2226814c4ec084e0f416b2a94ce89721d61153d636ff4e530722e24356045186857e0629d95cb21aa623c43948f44f79ea6b5ae628af85f806740c5e92f8800974cf2b0f806ba1a2aba794a5006809ecb2b31f93282c8b70da8c7c1803338e9ed90adad3bad52496c07abf84a61838f91003b53c92afb0ecd36cd9293e21abde8bd2c2b1d0e0688a80cb6242a7d91fea06ecc09a1d8cad5894aca50121b42e6207e23da73b2e217ca56a9421b3591e559e84e3381f5b98f9c73bb1476c56dbd44af9edd0b3b899af90cd9e28714a36d347584d5f16aaa0c4fb75f504683fd45161eb99b3dcf13d8b4fdb391d6c21c0e9a70b0a7663f787ebd7c1a14e24bf376a6fd0e9de9913652c6448930acfc530da28fc32ee551d54bff809130c15a15c2be7148f5d195a8014b3adf6f9dd47a16208c520a2e0b1221b693e21b54704bc955b72b60bb83996dc1b0870d2b9d3fd61af761978d9ab2c7248868aca972be2eb80eb3379cf1d6001bde4d33545fadc58cdfafd7ecb1fd55d56231e6549e02c44d8fe62e22f1390cfa340dc7bd8c5d3db2ba9b15c3d3392021d5c460fe84b0f984b5bca95d80ea04f2165be899fb5fc30d53d0252b4c8d33a16ce2333e9b28e72934103d419476c5c3390fa79e0094d809f9219a86c069470630850d31ec20881259df16ad5786e18be3048a43255df8dc46142d7a97aa", 0x1000}}, 0x1006) [ 1282.720732] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1282.778014] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1282.785276] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1282.792628] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1282.799896] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1282.807182] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1282.849485] CPU: 0 PID: 9518 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1282.857319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1282.866675] Call Trace: [ 1282.869274] dump_stack+0x1b2/0x281 [ 1282.872906] warn_alloc.cold+0x96/0x1cc [ 1282.876886] ? zone_watermark_ok_safe+0x220/0x220 [ 1282.881741] ? wait_for_completion_io+0x10/0x10 [ 1282.886416] __alloc_pages_nodemask+0x2127/0x2720 [ 1282.891276] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.896120] ? perf_trace_lock+0xf7/0x490 [ 1282.900271] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1282.905131] ? do_raw_spin_unlock+0x164/0x220 [ 1282.909631] alloc_pages_current+0x155/0x260 [ 1282.914041] kvm_mmu_create+0xda/0x1d0 [ 1282.918060] kvm_arch_vcpu_init+0x282/0x890 [ 1282.922422] ? alloc_pages_current+0x15d/0x260 [ 1282.925389] 0 [ 1282.927122] kvm_vcpu_init+0x26d/0x360 [ 1282.927136] vmx_create_vcpu+0xef/0x29d0 [ 1282.931111] 0 [ 1282.932803] ? __mutex_unlock_slowpath+0x75/0x770 [ 1282.932815] ? drop_futex_key_refs+0x2e/0xa0 [ 1282.949293] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1282.953646] kvm_vm_ioctl+0x4ca/0x13e0 [ 1282.954250] 0 [ 1282.957631] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.957649] ? check_preemption_disabled+0x35/0x240 [ 1282.967494] 0 [ 1282.968611] ? perf_trace_lock+0xf7/0x490 [ 1282.968623] ? check_preemption_disabled+0x35/0x240 [ 1282.968634] ? perf_trace_lock+0xf7/0x490 [ 1282.972662] 0 [ 1282.974564] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1282.974577] ? perf_trace_lock_acquire+0x510/0x510 [ 1282.974587] ? __fget+0x1fe/0x360 [ 1282.974599] ? kvm_vcpu_release+0xa0/0xa0 [ 1282.974609] do_vfs_ioctl+0x75a/0xff0 [ 1282.974621] ? ioctl_preallocate+0x1a0/0x1a0 [ 1282.974629] ? lock_downgrade+0x740/0x740 [ 1282.974642] ? __fget+0x225/0x360 [ 1282.974651] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.974665] ? security_file_ioctl+0x83/0xb0 [ 1282.990795] SyS_ioctl+0x7f/0xb0 [ 1282.990805] ? do_vfs_ioctl+0xff0/0xff0 [ 1282.990816] do_syscall_64+0x1d5/0x640 [ 1283.011134] Node 0 [ 1283.011489] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1283.020094] DMA: 13:27:34 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x400a00, 0x0) fcntl$setflags(r4, 0x2, 0x1) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000340)=0xfffffffffffffce8) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=@ipv4_getnexthop={0x40, 0x6a, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NHA_MASTER={0x8}, @NHA_GROUPS={0x4}, @NHA_MASTER={0x8}, @NHA_FDB={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x20080) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r1}) ioctl$FS_IOC_MEASURE_VERITY(r6, 0xc0046686, &(0x7f0000000240)={0x2, 0x90, "2d1abe5ee6d699efb396284b6baa01c6e4763dde0b519d96a5981fb417482dd4227776284012767d6c676e01033d1f3cb926e93e79741ea722e66548f110dea114cebd05ddff9173f721748dcdf3d5131136000241c33187e681717cd619cc7f914a76202ed85837d60d6591b7398cd8ff5cb3618ae06042512642f4e06770af7eeb5b367efa399b7b3cbe4c2a2beb7d"}) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:34 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) fcntl$setlease(r5, 0x400, 0xdd55e3ee623182c6) fallocate(r3, 0x3, 0x0, 0xffff) ioctl$SNDCTL_TMR_CONTINUE(r3, 0x5404) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1283.023003] RIP: 0033:0x465f69 [ 1283.023008] RSP: 002b:00007f0f532a6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1283.023019] RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465f69 [ 1283.023026] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1283.038568] 33*4kB [ 1283.038767] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1283.043226] (UM) [ 1283.046150] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 [ 1283.046156] R13: 00007fffed84577f R14: 00007f0f532a6300 R15: 0000000000022000 [ 1283.111415] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1283.198985] 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1283.246132] Node 0 DMA32: 982*4kB (UME) 289*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28768kB [ 1283.255771] warn_alloc_show_mem: 2 callbacks suppressed [ 1283.255775] Mem-Info: [ 1283.286172] active_anon:842283 inactive_anon:18063 isolated_anon:0 [ 1283.286172] active_file:9527 inactive_file:34083 isolated_file:0 [ 1283.286172] unevictable:0 dirty:344 writeback:0 unstable:0 [ 1283.286172] slab_reclaimable:16313 slab_unreclaimable:195291 [ 1283.286172] mapped:62781 shmem:8996 pagetables:18728 bounce:0 [ 1283.286172] free:489167 free_pcp:322 free_cma:0 [ 1283.296455] Node 0 [ 1283.326963] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1283.357957] Node 1 active_anon:1259872kB inactive_anon:53480kB active_file:38100kB inactive_file:136332kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34024kB dirty:1376kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1283.358307] Normal: [ 1283.388222] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1283.431523] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1283.457265] Node 1 Normal: 87*4kB (UE) 117*8kB (UE) 250*16kB (UME) 158*32kB (UME) 50*64kB (UM) 177*128kB (UME) 294*256kB (UME) 121*512kB (UM) 35*1024kB (UME) 14*2048kB (UM) 410*4096kB (M) = 1917284kB [ 1283.492390] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1283.501473] Node 0 DMA32 free:28768kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:120kB local_pcp:4kB free_cma:0kB [ 1283.507761] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1283.538516] lowmem_reserve[]: 0 0 0 0 0 [ 1283.576298] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1283.576604] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1283.621692] lowmem_reserve[]: 0 0 0 0 0 [ 1283.627052] Node 1 Normal free:1917732kB min:53696kB low:67120kB high:80544kB active_anon:1259872kB inactive_anon:53480kB active_file:38100kB inactive_file:136332kB unevictable:0kB writepending:1376kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17504kB pagetables:43256kB bounce:0kB free_pcp:1124kB local_pcp:456kB free_cma:0kB [ 1283.652129] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1283.664068] lowmem_reserve[]: 0 0 0 0 0 [ 1283.671243] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1283.684293] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1283.691698] Node 0 DMA32: 982*4kB (UME) 289*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28768kB [ 1283.705675] 26712 total pagecache pages [ 1283.716686] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1283.723054] 0 pages in swap cache [ 1283.732025] Node 1 Normal: 165*4kB (UME) 119*8kB (UME) 234*16kB (UME) 160*32kB (UE) 49*64kB (U) 178*128kB (UME) 294*256kB (UME) 121*512kB (UM) 35*1024kB (UME) 14*2048kB (UM) 410*4096kB (M) = 1917484kB [ 1283.737076] Swap cache stats: add 0, delete 0, find 0/0 [ 1283.755784] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1283.770020] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1283.775128] Free swap = 0kB [ 1283.780581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1283.784889] Total swap = 0kB [ 1283.797569] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1283.798952] 2097051 pages RAM [ 1283.806995] 26712 total pagecache pages [ 1283.813371] 0 pages in swap cache [ 1283.816924] 0 pages HighMem/MovableOnly [ 1283.816928] 363840 pages reserved [ 1283.816932] 0 pages cma reserved 13:27:35 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xce, 0x2800) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 13:27:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ptrace$cont(0x7, 0x0, 0xd4f1, 0x7fffffff) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto(r1, &(0x7f0000000180)="5c2ca27143f57c0fe945d014368494c754ae65819926be5ce9a1560f6dfafb4b837be9ae67a2f0781f1cc0f27222e73fa919b62566027957b9d16bf08f35363cc0c64d20ba7de020b6760d54b7f8735f84c4095476a52376866dc4d01bccf5b4d3c0e58e7174f27abdc41c434e389214c31800aa25cde225c4c90bbe04be125f2600e215695b5f15cbad9855f2223a1154a7d50353843e561f83bd69142af812c08e188f4da29e3fc0fc6d023daad7f094dbb808999dd97d81c6b2dfb6df6d50fea58f788b7d0332a9526138f27b87174cc41c5bbcd972ff50d0bddb8215a1c567660046", 0xe4, 0x801, 0x0, 0x0) 13:27:35 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r2, 0xc004743e, &(0x7f00000018c0)=""/246) r3 = memfd_create(&(0x7f0000000500)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xddXk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\x033\xc6\'h\x8f\x06\xd8\xd7+,\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8\x00\x00\x00\x00\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/112, 0xb) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="c4000000190001000000000000000000fc00800000000000fc01000000000000000000000000000000000000000000000a00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015000000000003000000"], 0xc4}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="c4000000190001000000010000000000fc0000000000fe000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015000000000003000000"], 0xc4}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000140)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000000)="cb8f6a365a39ced368ed4b", 0xb}, {&(0x7f0000000280)="114d1a2d002b6ea6babbfbf7bb73330e6f9591cfca5bf11f91c2819df8516b364f5516cf07cbb01986d5e5fee383c42fa64a0ddb5d9a62d674468aa22bbb211592b5adae835879a6efeef6228de8600e7fdc635b025378bc11706f6e5b7c65635e74b72cfe14ec40632c31086f996e10e51fdcddbf50bab0693c58b2ebeeca65385388db6f", 0x85}, {&(0x7f0000000400)="fe72326d39145d03f4f20e0ffb08587db721190c4f29c2c73d5d4ba241a67fd12933a05abf12f3e13c8ab09a46e54ba6d4182da9686e9f0410fb0168b44b848c959b1dde07ceaee67ed3171f7c8bc2494fec81ee83ea53c1ce51884d8443e2f312396da8ef4ab9dbf3167024911c2e516ffefb03880d3ff330ab1cdf13bb6be1bd8cbca0be3b7f88d92d1e06172d10edd5780c568ba2a4", 0x97}], 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYBLOB="00000000000000080100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r4, @ANYRES32=r2, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00'], 0x60, 0x8001}], 0x1, 0x8010) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r3, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r6 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r7, 0x800) fallocate(r6, 0x20, 0x0, 0xfffffeff000) fallocate(0xffffffffffffffff, 0x2, 0x6, 0x0) fallocate(r6, 0x3, 0x0, 0xffff) fallocate(r6, 0x0, 0x0, 0x10000101) 13:27:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x1, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x5, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000002c0)={0x4000, &(0x7f0000000280), 0x4, r3, 0x1}) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f00000000c0)="660f2b50ce67a50f01c4dbdd66b9800000c00f326635002000000f30561a0721ac02222201c2d8353ef4b865000f00d0", 0x30}], 0x1, 0x16, &(0x7f0000000000)=[@dstype3={0x7, 0x2}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000001c0)={0x101ff, 0x2, 0x1000, 0x1000, &(0x7f0000ff9000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) [ 1283.840569] Swap cache stats: add 0, delete 0, find 0/0 [ 1283.848508] Free swap = 0kB [ 1283.873192] Total swap = 0kB [ 1283.883009] 2097051 pages RAM [ 1283.898092] 0 pages HighMem/MovableOnly 13:27:35 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x1010, r3, 0x39e0f000) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC=r1], 0xa) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1283.920593] 363840 pages reserved [ 1283.958042] 0 pages cma reserved 13:27:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, [], 0x4}, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0xfffffffd}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0) fcntl$getown(r1, 0x9) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in=@broadcast, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@empty}}, &(0x7f0000000180)=0xe8) sendmsg$nl_xfrm(r1, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="98010000200000012abd7000ffdbdf25fe000000fc020000000000000000000000000000ffffffff0000000000000000000000004e2300074e230007020020803b000000", @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="0c000f00090000000000000008001f00", @ANYRES32=0x0, @ANYBLOB="08001f00", @ANYRES32=0x0, @ANYBLOB="08001d000700000004010500fe8000000000000000000000000000aa000004d4320000000200000000000000000000000000ffff7f00000104350000020309000600000026a5000006000000fc010000000000000000000000000000000004d5330000000a0000000a01cf86d2338bf1a956000000000000033500000102630006000000090000000001000064010102000000000000000000000000000004d22b0000000000000020010000000000000000000000000001000000000103000006000000a8d5000001000000ac141417000000000000000000000000000004d22b000000000000000000000000000335000001020100ff010000010000007f00000008001d001f00000014000e00ac1414bb0000000000000000000000000800180080000000"], 0x198}, 0x1, 0x0, 0x0, 0x80}, 0x10) [ 1283.978608] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) 13:27:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/schedstat\x00', 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1284.075527] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1284.095069] CPU: 1 PID: 9589 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1284.102884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1284.112232] Call Trace: [ 1284.114823] dump_stack+0x1b2/0x281 [ 1284.118480] warn_alloc.cold+0x96/0x1cc [ 1284.122459] ? zone_watermark_ok_safe+0x220/0x220 [ 1284.127345] ? wait_for_completion_io+0x10/0x10 [ 1284.131538] syz-executor.4: page allocation failure: order:0 [ 1284.132014] __alloc_pages_nodemask+0x2127/0x2720 [ 1284.132023] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask= [ 1284.137819] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.137830] ? perf_trace_lock+0xf7/0x490 [ 1284.137841] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.137863] ? do_raw_spin_unlock+0x164/0x220 [ 1284.137877] alloc_pages_current+0x155/0x260 [ 1284.137891] kvm_mmu_create+0xda/0x1d0 [ 1284.175110] kvm_arch_vcpu_init+0x282/0x890 [ 1284.179429] ? alloc_pages_current+0x15d/0x260 [ 1284.184018] kvm_vcpu_init+0x26d/0x360 [ 1284.187906] vmx_create_vcpu+0xef/0x29d0 [ 1284.188217] (null) [ 1284.191989] ? __mutex_unlock_slowpath+0x75/0x770 [ 1284.192001] ? drop_futex_key_refs+0x2e/0xa0 [ 1284.192013] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1284.192025] ? get_futex_key+0x1160/0x1160 [ 1284.192036] kvm_vm_ioctl+0x4ca/0x13e0 [ 1284.192048] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.219679] ? check_preemption_disabled+0x35/0x240 [ 1284.224697] ? perf_trace_lock+0xf7/0x490 [ 1284.228844] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1284.233953] ? perf_trace_lock_acquire+0x510/0x510 [ 1284.237046] syz-executor.4 cpuset= [ 1284.238909] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.238923] do_vfs_ioctl+0x75a/0xff0 [ 1284.238937] ? ioctl_preallocate+0x1a0/0x1a0 [ 1284.238947] ? lock_downgrade+0x740/0x740 [ 1284.238963] ? __fget+0x225/0x360 [ 1284.238972] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.251332] / [ 1284.254813] ? security_file_ioctl+0x83/0xb0 [ 1284.272425] SyS_ioctl+0x7f/0xb0 [ 1284.275795] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.279175] mems_allowed=0-1 [ 1284.279768] do_syscall_64+0x1d5/0x640 [ 1284.286744] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1284.291935] RIP: 0033:0x465f69 [ 1284.295123] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1284.302831] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1284.310097] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1284.317358] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:27:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100b214140008000200ac1e00010c00028005000100000000008a3ef4b1c25c53640e919208503f522c3de8a8795df39386e8d92269443a2df36bf71cdaa796bbb35e0b8ff04cb91c92391184fe43a66aecfc24db"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x6, 0x0, "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030cf00"}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) write$binfmt_elf64(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r2], 0x1000001bd) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20010000}, 0xc, &(0x7f0000000240)={&(0x7f0000005900)={0x3b60, r2, 0x8, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NAN_FUNC={0x24, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_INSTANCE_ID={0x5}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x81}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "b5924381d979"}]}, @NL80211_ATTR_NAN_FUNC={0xc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x81}]}, @NL80211_ATTR_NAN_FUNC={0xc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TTL={0x8, 0xa, 0x10001}]}, @NL80211_ATTR_NAN_FUNC={0x10cc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x4}, @NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x92}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x80}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7f}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x10a4, 0xe, 0x0, 0x1, [{0x2d, 0x0, "75468e845a6cd0017c8b421c760f3c6c8da598efff4857f3e3d2a6713569b77a78baec157c10f97e21"}, {0x6c, 0x0, "023a68200ab087ccd9f9d3cb28c33b5f24a067575ea6c602b8f121c091a2e67301f38ef1cf7cd49ec2c0221287612c6c9f7add082ddeb41848f06ece1fb39e4edc06b2072c2f352ee86653a9f1aa179c420734d98d2169adfc5a8378a21d21085b338a40344ee556"}, {0x1004, 0x0, "97225df0cf85ec3d2a25bcdb98c0b6d2f1f1f798432a3965a728078130efb2696a684be459e078dee75e67a4b1ec68ccaa14e208330e5b1cbc1d1e1fd6931c7078375bdc78da2065233c2f64240c9736ac7f356c4a9c4b8522a06828525c3b040f9891757fe3969e64d43073ce26eaf21884d0b780a8e183d84363782ecc419b864601c345cde0df85700e829d825ce348403c160fa99c5b5196cbad4b74350a05b9b85d2a9e0c0e48896b057806bf47c1ea98750bf2f90f47607e5650b7a3526f6886215bf1639316f2a70ae1d3bdfe67ce0a86fb07525292f8a894aec19802cdedcd832ca5a49b377a8d9f8e9fd577798de7a1dea255b969f2b018d2727d0e9dc8dcde73c70cbc1672d7eb9a18c087733ec3ced56698040584c13ede2fd49a4d341055f23c06c604c44f62ee46329fee741404938011f1f1d7ea27d04bb2bd7ef28b7dd5e7cdba72fd96afa061188c3e5df7529840ffc48d2a588806d90c6e10f5784986bc2f0d5bb9ff81d9fb66a13eddd0043a4f337001a89a65261e40d3cf7dbab972e5a0c64a92b5b2512d56ccfa4359439d5aec58c22627bc30abb47a3d6c08e3621f0eac094fc91da7a72a36eb471aa0487f41806e684c55b5fc8a48d23ff5c1eb51807d69b4317fd3dbf9c0c87fa5f3ae008952925f4a9aedb37a2e33d08584feb6f368cea2f227b57569fe9b35ef08eb4db05423045386735ac898b3d8b187093500fb7f6baba23a93041ff510cad06c65978990b434970ead9f22b4e0de3eacde9377b81eccb1acad4f87399b111607f96836fc33adb6b69737dcb78ab61c396c0e325b9ed344ab48edcfde874ebe07151b1ba0c9f12be425a2afaf9b4ec7d7847d29e94a05f148bdabfe60078dbc73c021d635633b30708c65d00a8ac129e4b22e1acf694d4b518febebe8b185edc7cd025ce368b28b466d9ece045620d21dbec01095f18a4cc9c7e260f973d95280aea5304d71781b79e3ab3ace7cbd9983de1ea6549edb1a7ca0eea3cda2f6766accd458c1cd2c5f4c15768006ca43eac08fdf0fc2a1e1e81d4a96c36f70e6952e9b1145fe99503e9ceb7f6eb753931aa6f85bf8de8e09cc8d33a289834b4ebc790345485cfdc2fb5adde573877b3225c1d0f8ae7c37be166bcbac06f0be67d945fe30257061b27b7345af1c75061f3dbcac949fb189d33b568c0fb1699e2c95bf8e2677240bb7a6b728578a98bb65c28614d1328e77b48c43a5ad16ee726a232d708983aeab88e3201d58f832705d80f87a86269a85c62a76a32c53451f8f54aaf5a420f2b9911d97044c69de732f5bd59588745a791852ed5efadc2cfba8b8121c834e3aed799126d636f35672bc600fafbb01ea4df25217df85ea179f81f7e9b64f1f4eee030239bd73be20885b685b0a931fea77807e8da2e271c4600de145ace8a235ea5e1193d1c4d430775448b43d481a94c7b6f8e5c6216ab6d1f4dc99e878c9602ae4bfc9187b74c9780d390efa81affc8d7d95d6539eadf32c6ee1254a228b0dc6d2acc9e6fae0d6764365903967fec8638868f0dd434a51640f0b8a6d01b8a3041046961e25c2891b2536cbc089a6e3cfaef139bb484c9b628bd2271e9e62e6c30fc239e2c761f7ccb01601c1e842a27a5d35906fa591944387647961b18359483b7dc1ad7fe3defb3cc8c1b827ffbfc6fe3d6684d32af12c323670f1b1283e4ba5fd788f0ea9787ac3803d90466d983fdec24ed1d496fbe32f30203185f064257d63de7cb08f75d8c965aa18d11e899b3a559124a85b70a67623365d6777879c03c6eb2b71e6c7e4322a9f06bc7d93c03727d97631be470acad4f6596d958c0ce330db9100f0e7736b78bab78ecd683c45605fb8bb4916c0ef7706e252437c29edcaab4dd4a57736172f710559e52ceeaeeff660a96951bc0b7101a17e659718a124546f4cfb9ee57eb503e665df46add19e7938a8a80ed7d89f391008e6a4a5ca08cf1e2fcfc7cd874da220cc1a99a5d97b8ee6e9b81f5ea6f51532e758a355f5d07a408b1a98b48143110e00620c2d839109d05ee9810a90fb56e7304c0b766cb566bd0f6be656eeb94b422340a0f2d7e8a225a5fd1be39df1f1c614f4182123fedfa7ca0707586428aba75720762b4ff3060acff5ae042d745a4e38c3d81ab8d159dd8e87cf9f014bb8bed1c2f09feff025e5089ee2709d45472254f76a0d515dfe10698731046ad984b15b58e27e5ffb10607b188f686b542e09d7dcbb6b3e7f1ed376dbd272294a829a013dbafda77a6d8dbf980584185cdb59a78fcf8aff42c0bb34dae0a505bfae49bc132d4e1086eb75da02cd92c1189e7cb0c60a2a6c9ab6f5ad72211b11e699babf0473223ba15c6dcc22fc36afad98c5acd9e16c51a36188c6bf2e62c4372f7c30afbb2bbde5aebe8add7fa7bf0cb112c6a4671d731ab02e93e805a7405bbbe08e131cb967a671ae09aace712916d7e9a40903afb511cb6a869cc9ccfa9fb2d908b66f7557b46e84395f4b8ebddd895d2bb168b2a811a186eeadf1eaccee2d824df78ad6571f562d077fb302d6723d6ae6100e959c687f348f8018a5f1dad68e8fed3649cfa02fd3a6646b60358b0a09a2bf7e5fe13e77c0f0f0f059cd156c00276077f6c1d0a4c72ee78148965fa7e91189dabec493a6df73877c38afb76298d73b4f06b2d9b8f27a7ce4aa7afc191cde4820107eeb17eb66c176380a7ccf2c491803508bcc52723fc432109318c9ecfd3c2e61ece6ef30134459146520b2f2aad8c78f5c47030bf1177c39d4c5d9ade2c8c75d501255fab929c3fd5dc3f216f10c5239bbed5358d6a1c0de467a6cc4c632b9e7c137c5a07ed17856bfcc36a3043eaedd2b43f8b422a6fa70c20fd19932ab0b6446d1f5f99ed113ccd2ceeb89c038deec44b1e200706fb882e623d65dce586df78cbddc6699edd6a2bb22b460aa8602e67e3f8d2531ab63b696e2a0ea83a80f5a48af48fadaaebdcf88e132622a19ebcd52e84947b69ef51ecd2863a5c4ff7b30c81bad324efe8783944f1e79ac0229caaee979ae7d55f8197ef7dab78f4249a164b0e92179ab804e84fead7474c0c77f0c8f4c9303f629e18d3985a708058442cfa99fc94e11375c5a15b2cb2ab83ad5db5973afc818c8717041795a817a63c7d21d0238e5d2bd81f9830f95c00f16d7e33b872ffc86bb8516fb40a2ddfc37bfd472e200caf7bdd1c4e0342cc93a54f4891ea491c37a0727035891e27ce5aa00808ccbbe735009bfa7f18c0248edd7c94af4907fd71d79d3d983e1b22e28555206f4e075e87516f9dea2036470eb11d59dfd6ce611675f00b8920b586aad36b7f849a914c2fb775d5548bba9a1f21d660fb6338159253c7bac113e5d1393cb94dff46f37f5a789c10dfaabb09c4ed6d34f1e48b5b201005df5d2b90489ba98c5322e1e082f95fbe9f455866aa4c68b184293839086e40bb6d98e085034f220a9bd834f3c84f44ff7f6fa3aad0880fc45127370ceb1d059cdbb02ffc3550476fe688138e73645517829d3da5196d18115a08a0f7db4c97d377d12a0eddee12095c3fb27eef172bfc601e6278abbe14cc28b27e421c4fd0850e98ecd3269f79b40da784eb7d51d8e6d47b64a3bbb437406478498bdd6f08ade84809f6fca104a28dba0ee49a99a1bd796cb9ad3be8161113f5a4cb617a8535c734a66c9962ad2d30c639eeab789be1fccef360f96198b61fbf0fdccbbbd6b3a6d27e2ed55ad57633804b0d2536cf20f49989bff95f27f0f45c1f4dfa6ae2970e4e3587a090a4562912c84e2a389a3bb80a932638b8ca01605c0544fb4934b91cb95400912b321d3c78a8d5e3e44b494970cf0326a20c0739206cb06db79131d20599ffead83b0c461bfa6becc3853ee1cda7cabc57ecf25e8e130b53c2f5fd070048a6a93df72e5c68aac8828351801352b8715aea6602c24108e2be41b534c00878d308f3f231b6b2af13332fb5962669c5af7eaa3cc769a4e2717d09e8fffafc111ccb61f0a46234abd7e90937183629316607ee0e72e6463d0ebd0642031d2d76e78cff5403583225a17aed57a183da7772f03eb1e5bf1b1f56265bfb1c2775dd2b2f541190ceec7ae711dc47c132bfa292bdb2c77a257c88487f0cc40cb932b4bca27eb4586032637dc55bca70712e848c9651bdfe35ffd12954a02895c4e8b029d11c244985fafd5164a2bf0a1da873ee1fc3019308afb0be6847bbf61a5d66a04c535b4a067013dc1ad653a2018cb0a3c4d835700e3a97559c0cd9648c0d5de06665d44015306ea5f4b38185325f66e2f311ef8b5784a1a326d34ecf1903e7cbc07cf4f1eb0744c121f33124a473a3495b18b85368fdcf9a2038cc81565655fb0fb61a135f8d3355e5d2217b9d38912a79d3735abd132c771470dcaef960281f5419e75ab2a8b51c15d8f2b2117fa612a591bb8cb5c68431e14b62664a70adae0269f2cf9d34069ca7ff42cf979c1998df66948619187858561a7a30094ca69f43b2655534246122d220ba3d7972dfe094b89fc85e050dc4f85a8191a5279b1dff337efec47fee8c91f0822554b849b99b79c243f895d7b90d3b6665ec9bd74938f539452343acd5e53778b09fa41d500f74544fa615be0e46fd6d51f037045144693e6e82c688c18e2648916f2f3396a92067449c2a7559ef296c9e4e965ff81e252f1c03f05a9597621c883fe8171e6dcc842e1247b7a288b325132a4e639e1196250e6f6369bc5db577be5efe111252ecb8689172888728dbcf387bd5ef4a587101cfb357dbbefa75f0f001a1e17309ba1cb9abcb8b736ddb1dc2ca8a52bf06a7d3723f64d9c761a6d198c000201c483f315c647fb583a690ff3dcbb8a8d4fad01b06cac4e051518d32b0594aa2ae8d42355b9b61331e292423d76ae06a5cdff8bbf80a73a678b2400c157c2c9a8b5ca1192e19e3c604d88d1cb99b31d3790dbd1a9120738ce98554fca9159f2e850c006f6eb1ab8c2be2b93421e34450bfdeb3ccb4820993835a016dee8074b39aa2f257745e63efed61b6cc0d8a2f5914a2cd79fd3f997bea0cae338a46b2747fbb1fc827cbb4aec2dd536836e5a6885371c9068a9e2623c278dc65269feaf228765706233906b8f5c9372a03bbbcee8788372ccd98f0188d3aaa610187d2c8d25c47fc5944650b0292493519f3e97da1fffeabf7b0e09cbd669effb2367dd3adc7cefb3c700f0f09f03e3827ff260b2fd2624290e997d5ab55d80c8c766cd322b87e2ac829e73c04d22e3c2c207159f6b874ace7f4508d58f72bd6455710f31ffe9b7571be9eb597b424a6469619ca9cf54f60a66210707e041b5ca445b4cab2dfa23323a9a8cbd3040f8505e5cc2e62377155939322de6e5cacf6bda4c324e5687e8c2ac98fce8bedeba313061b92a2de11f12be43ce081ddf3dc20b5c3e8e48e7511728317427915730410161e0bad64f454fb7b689a93fa4603f7daf30697d7c608aca04c346acfe62e656d943c3681a4b598f9b1c8372c01c89922ff5387a7ef7bc8e81e59f7a6a748af97e7dad7077b63f059aefaa274bec175020af7eb7e841cce4f788315709bb22a009a0be543fccd6aafd9bb6cbf67fc872600486e0c8acae403622efe872500885255a73b93ba3dee2ff5a6367ac32e3dde11f453b0d52e48a38fc3eb2404eea0cfa9c009b7c20db4e69856273e95bd7656b63612cc36abd52627a4270ef359185cee99c582fab8fde889fa1d5036cfde40986aabb46cccf104c63107827074519e1f2004ee2466969e7ff880cbea0"}]}]}, @NL80211_ATTR_NAN_FUNC={0x2a3c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_RX_MATCH_FILTER={0x1648, 0xd, 0x0, 0x1, [{0x1004, 0x0, "f9d79e72d09b51ae4c0b9d11c10f259f4d70bd0f31af9b936c01815eceb4435aa1f6e2586f1103bc126c9c67bfd19a9bc869966440e5aafe3a481db850341048acfa22f86131200146e11b5d4f0e36765f5bd75de4ccb451e55fbe4693d0ebe6a8c3b8e609b66b462fdaa7f899f9802cf8ab67665caf64ce9da9d18f7ec065a75b183d7527fcca5fcffefbe5e968ccf96fbee44aa5a2a0022ff95a0c53663c15974bc1b25d0edc3d883516aa890e0c480c843fca123df6fd429ebe033ad2b6c61b56e3107fac818436150cbe4612db88c1ce4d85d60e14974f2b12968c1e7bba081b686abe3dd690b380dc3567ecd60f145b05f5b67aa106009a667d4c624597529db4f3c4565660d509d387af03c037b460dafec1c53c04e88b15958f380c0c051a1a5b22e92abac7e5683dcea08af8a3b85839bda53703ec422b2daa83eee15df791ada3e468eb18f4d784e06ad7998483e274b0d730446257762d84c2ba35765d28d58d0d26a454fcd95a4fa3187d52f7b7624435ccc8ea49cf3f4f764b83824a83808767c01a02908f64ad7a761bb34c97cc79d28238dbbcec8c3598e916bb734672baf1d35c8bc3ee262890777334a315d11dd256fc5da02d79f12a9f14a1f3aab636371589c66c624d4663ab857442df72a244077d2eef5bbd31ac86c61231c6c5c4a356043fd094fcf76f08ac8d24f31dfc02beb00968dc898be926be83c4497858fe8c8441283a2f14e4e55eacfa442175a6564e0dae22d7ece5caf22147daff8e1b546787158bc0c95207e1449fa995e86e94a150c3bb87c215f6a1f375800ca6d36531dc63704c2efb8fa5a9f70181f04b0d1caf5465549dff97d17123f5b20f01857c500068383caa6107a6346c5a8529a093a6d55aa80f93feba74344f277448f2df3587b18f10ea1213ec18aec4653266fa632049df98bec22215d545f9fd9ad3c919f61a3c9a6b0f487293d12b3f6e43b8bb4a0a82f713772037ed8a1e87891885d60599c672715797c0095a07659a05b23298fce00dab0b069eb2b7066e6ca4d77c29d54526fea6f684f67c6c6864a586fe9adce8633384a0f74fd7512bd84046e62013669898313243c28f5bb64ffbcf22ff2b7401cbaa00b5900bc4cef72a8c641a6d68e9c76d8cc16ecdb10ea2b3a4939aab18df450c0ffcac0a68d2bfff48222cf9237499240bfdf96a378648da66cb43e0bdaf7393e1425eeac5d747ace22682db14585d374c324b21b6774b066e086595f87048b66721c1908f43b0e468790f132948998ba172cd6d0dcdab4cde2160b45c12ffcc6f0a7dc651a8ce1d7fef3aa52a4a705747a5f749f5d02ddf352090239ffe55a085a69a695e39651297b595a55a250f90c917ef50ce53545203cea644e83dbdf5d9e2438ae16e25b50742c2fcaa5b84c6be52367e31d9f1a47f9369b50ade0f146169cb69365e3bc13149ecc10479dba7b9430d20f42481d49de71399049037acd326ee78c592cbd8c23b854d71d7ad511f439402ad08d675597cbfd79e15708d7fbd8734925565a6f3742897a287e8f29a34f0c9066a916f09b0ffb6840c9a57a8cf4671c33513cd1b8e0572f5a194d23fdc8780606c2e95b9904859c8f9235059940c4bafd2ccb38e8394265f4a772afb07cb5678fed751342c3497d63e3f3b7f16f3d914e133dc284191ade357a1a575660cfeb69cb5eaccd3548f4229e141c86a9ba958f756aa2f3689c86049605c47ba13f4ee88d9f8b86d103db4ed23ca05fe6716c4174633878b7f3555d250d1e1f29007ef13d52018288ca294681da6dc93972f7cccacbabe76aea55075ed5886f53af6a8a4a1f47c7c546fb817f0fbdfa6ce2ba87e3d07aba280da0c76e7cf6cdd80f5de60987d0b5a38665b1ce2b3efd1fb9b711aadadf1825105fe9cbb67127639f39cf6faeba58d5010fad60b88eae90b42f5deabd75529c4654e1c3ecd9b6b5fa2271331e2ef1bb97973c04b9588cfe84b4f5797bbf9d3fdb1438f67af11c861bd5951857146282fac05a5578727a711332938fd1f736025570b6f634a3978812a5f5dbc99a76b224f5c57ea83e7d451d2d6fd4997114eae69e8a0612d73148c5121a4fdc4b395cc8138a900c77e084aa2389e6c4271c88139864e79c43cd26b75e36f632454e740dc48549ebfdc5fb8e1afbd30541053cdb6ec04c0654cd3dd8dffa9abe2da4f9a4ea4a61673fe215e992f0db638a91221ae94c8a8ba13cef69c7ffdd040d651e76918c96bc1b1b067616404169fc0cd57e2c1dfe3a00625502c7563bf2c415b385be30db11dd0dde06f51d8b72c35914f5489d57ec5ccf70a006677b348bf69c3c8f585c912f389e42434f2ebf41e75682b5021126bd81cd2955425cdf037b9ab9cc6b41de76c98fcf312bef878e56fc0d233ed98f2bc1871179ebaa806cf7217aa64a6c70b1a7fea4460732ad827acdd18f0f02a29606f54b13f059302275aa876620bf1bac1805f3c24ee578c4847bb2bccb0d4fccf4a5fc3a00ff0a16ea55f5778c589f8db30ab8057164b8b66e6942333eaf91426e95d6f7e65a8fd2765e210e0cd4688d0e77d36845554db196317fb9704035e2d11164d2209066fa6ba50d59cb892adb87ae4bbb4c53057cc55873c3c689b4db341b8577539242fc84c6feb4adf85bf349e55ccf9221d7da3ef0089d1d16638120bd48813f3cc34a98a01076c7ad15e6c9a23b37fa37e5feb4044cf3fdd5436f0737ec285cc6ff64f56dbc44833d4013cd3b843b001d3bf7288bea939811b2f5ea58c99ea0daa9d06357fbaa93f7683dbc75a67f64992fe2f94d865c7a27362767922115892551af3e12551d93c86b2f948baa309d6c08dd6250bec06caba0282233db88da95f9eb477f4c1d12437fba3e07d89fb9d2e640294fd6ac7db10c2715d5a0bdd13b0f2f68835f17b1e6ee1e978bc346cc7fcb94cd6cecab141fbba9c5c399fdb821a0770e5e550a598cc816678b44eec8e4b773727f4d623157dcf8024f0c82a17e9853f0c32d091db2778ac6c226815a68d358295035bf00b44d293122b5476a404f8cc3d3ea42fe844645971a50396ca2b7647ca3995d01435e42c6337a2b04fe454b1d3a95c99ab9f06e757d5e2c69b6c30c4a6389da32bd4da278d002da76f2e141aabe4a2b7ea9fec0d3e15de72a23adf2f558a09902805437be5c8c0dea9925267f35ccdeb90b566eb5a9e56044386738f5c0d7672eba75ecfcbde0fc9d7c6f74681c1d2a023b1279b7f1750778622450e754a28ae6916f31315f71c44a4a4fed7193e61118ee72a425ba1bb7e07ebd89fd4a126e2a548ce503d2afb3a00ca2413f44d30d5a2fbbd3afb985d8e320e624f2c10b10079949bccc63b545ddd30ba1d977e6c9cad0e59ff2ba447df76a2506bd43065ba8bf04e610adba0cdbda3b59a64a5e329369315b91148afaaca7f1e5be439d5a93246727670bfc70c9c3ad13197a0d54e62c2ed5f111eeb67e0a7b0aa3810e5c435f853479faf4a1cebca347c3392837c29eb08787c59f94fc4ecd1041b34b6731d22b1f8e2c629d13fd7e369305df784628671dd9e9847645d097e92acc29cab3fc7a5da6a1d2323743ad5ca6b2055a947ede432880f8e109c963980052bfa54bc530fcd2819015d2124287b8d2ff46825ecf1bb6e7cee65d7a2d392af7f050484f15da4646df94dd421dfb9c4257a62685841170be133d1fa8da04a1fe053fb90a57de078b42607eed1c3d944ede2d53875387b494f37f28c41324f1b014548ac6f7fb65a37815b8f6899d9a1c6ab83286dd9c61d3f4868ca76ef8c682e562425f13071f2b02331c4d2f0034134de6e75b4adea2abeab56581472f8256dc4ebcb3142124fda48035165e7bcdc09a1c1ecada4bf6a08c4f0a9214cca808f828ec1fb7f1aa4d1cf9e54bcb90f42bf649eb8817c229de55df4fdb51eada2c62d0bb946b3d41540489748b2ba513b085c474a45aefdaf4ce4bf8fa4fe7b0208c4817d21147132b5b6fe3eb0b1e565a8e2e5f3a8614ee2078ba49800537e0597c01c6d6868d7842f5b97f8290ac7ef7d6a96b9ebdcb842bb713dd348b13cc73b976509c7280df51aaa0b98f1d4220bf18177adb841fdf7c82bad2933e038246c9c4bec2c894e736694db968a184c8e7c13d42fd7b2db5815b6894767086d7ac7a851ccf7bd16f119794832ee8ae4d99904f91fe22b2c0a503f564026211c14f2355803118073267f1c888713310977910a71f925316eb697b9bea6a2d1bcec42c32db13b0eaf9a0bd581945fbbb16f63b9b922d6b49063537c9a1d72189d48186896e42bf8ece265f2f92ecfe7b54d781490cea7a6c5f300a8293ef85df36121cc913f9e8d4dacfa68d08ac421320d8684ed6d869a91ca2c057beb0fb5cc191b1bff08a4a043150cd8ca7b7b6a84dcfd1b23a3df460670cb93b8a076bbb6898b29aa5d5ec547d566dee578a8121d5d1de4de52edf9b01c842b46a2d272d94d06453dcbbd856916f9264dd152ae6d6818d5c138dde7f7ca61cc6b7e6a1dc8cb948097c58d7b164851628aab2621cc93f42910aa0d0ec9f724ea73d6d238a9c52d94949e9dc2a3e131572d2803006609f6c86dcd3b8dcac35d71a9cab9634c0bbddab6e179db8ba538f249273f7b728298c6ec9a8a012ceee373a0f884eb23e0c687deaa5348a7418685416c0d7659d22786de4a911622ab8dbc4b0ea1c70c231263e0c111b9f69f3c04fa8e26b539fc03e2b93ee45df75570ea12f1d78ea1c1901545e8eca03f6399ca5a37a41ff78b7dbad48184c73e297200d68099290c4a0908d56956b45b47b963dc6b5bc7f7bfe6d273f00b5b7593b9256e8977241525219f6200675e2c66d38269f753b7d7812fec38e62d0b6871a29dbe4d25d0b4052835422aa0b56c2726f9c49588310c45352a3a83a245bed1b98f35d35c63e9082a5a33d8d21a04e4a2308365aaf5449a46a5414de09bba6b0dde8060083b25d2a542b499578a013057390733e205f1c91e92098e935433a05cc13ab12fadf53a2aea92e358a1f245672ba58e8368c5bce4c0a7c0d68052f780ddc6688e2a8a4c077f8af0ca053ca1c816435f40aa3f9e2d835d05f37f708d59fbaa9c60e2a27cc03093f44d93f8022bf27f72ac88fe047a4a371c9d7d0493e033e8cd50426810f4149eff7971a9a41c6c2ea5674f77855f99d77d101ba75cf0e2a1d4c84e29198c7712117d59076ffc89b032aaa9329baa0e0ce89bf928596c4e6d79ac1fd1f39d2ef4dc877120744a6c183ab8a9acb1214bd82270a72637bbdf9a3b513fbb976edf889849e91b25b09e08dee579c006ec09ad20d28337880fe8d256d883424be08471fed24ab1b3925ab0d20e76a33ea8677b92814e5563fcc3b77151abd1854ab658970aa99d8502e76c60d2fc40ea643b94a0f221981730db0278c72c2df251795f45837961844eae05c969f4338114744dc67d95c89a1371e0fdc28db5fd78e464d6e07e25a880a222ea17d3643a43accb1ef67a82db76cbea035dcf68c58c59f58b6444be8a1821a0f643aa148f97d35e30169c1d3760677acf6d747389e8405be83706bae360ea71c889024a2cfb45b6f66f75af785a0e7a87c14c6bc2b0f0f7f989da5dc223c6861298a4ab4fad72af79a4c59a927420edb264c5f3b6baf7b52fd6cbeedf9b974af60249fea16ae2cf94f4be7dd44a1e287f03fb9fe2a54f0a147efee90b0b78e0250daf057238186a9e0a3bbb545150a8d5a3c27bcc73ea911c47ed767b5cc15940a25df006b08439fadcc87b"}, {0xcd, 0x0, "c4bc046b45971367baf6063b48b440ac6e0cc7749893c63fe03ee56e63cf0e0e048ec7d9c3c80ea4507ec520d31aa5c302b356d48f8273f72b141e8169bb5352970d0d8e25d69023bfe9bfea071c5a6d6b238c4c853319cb0bb73b3f68de8a2e20cdf61c0f21c32936523ee54da4c6ba7aac12a00d45464e68a89413df0a86d1aa2c7e0a5d8f39038a6778db6ad980260fc050e60de80c94768d6d3df60c93d75500b5a0634c7229eb4e6ab6fea3c55502db4a53509174c64a7e27dec13d6b12442c628a187cf44dee"}, {0xfe, 0x0, "51d329359649f0b237a50ea757565a79f28d45dfa3a2a02df5f10f2ab005c06a8b607e50749d184c0d01c36e25315af7fcaa7f5df55fe6391d82e4f8ee2bf51d17a04384c2f175f2b7e5eaf27f15231a0a182fb058a7f80991998992f177c913a21d84a8cd6f413f5b8ff3a5e1c2e48b8cf66ed439a18ae7197da1c8992169d61c264fd8f871caba7683455801f0c50995229a9915dec6e4799d456d3c8aed6da8f322544f0a905de740beffec51562ea1894730a98a85711c27cd8d5015b602f49ea40e67c2b729ad2f7d0c43eea655dcdef67885dd3f027370d93518865f9602d68169904c73c27d88c50885ca1e797332c975653293ac79ac"}, {0xcd, 0x0, "3305f5148f595ed0ce7363c29d748788d882131f94f84739e8abc1806b697b1ce18c8a31f02e511550a799b7aabd2525ae1cef2572062e94ce7be3cdb24dc0c8a5edfff47eff6041b5cd124062cc384a1e9c1a9be2666840800736e4d4fd8b8e044018c8352290c063a79bd445e643c871e945e00074405ad25ba37d69213e833dcb2e545edaea26c4e2f6461d1fae5a239fe0e254443d08dd21317a4b9349a406b5032f620dad718c2459db2bdc9f59fc7bac82ea2e13d39f0138bf841fc06bfcf1a33d9e04390df9"}, {0x13, 0x0, "bad009548cacb29d8c98484d6c193d"}, {0xc6, 0x0, "470183c50b1059ce7f2815758065e9c422a47886a06e37ebb3da03edd36ee533eedfdb157278d9fbe154611941935004af21939ab7ed09d2fdcb3a78df6009ff91d3707b0530457d224feea86087afb8e18be791919d877992e72161bbc8eb041eca6fc657bf0994c661f4900ffd34b8322b560917dc3603bb0e6edc2b339bf1c650322b571a782515dd3c2a5704809185f76cd7c3beb554b7c6844aa7ad54d16796549d8d8d67d41e11a29b7c3680e84b8c4abec0234346c6ee344915cb71c3e265"}, {0xc4, 0x0, "c30c23f961b764ae1fe5b3870906b60325aeebcda2a5b3fc1a00554f596f522e2ff5dda046044bf7f26078763f8f2026760b10d40d7890ec30a465a52467460fcb92c41a2dbc559f245de117628bf089f714ec64a063ee0ddde777f38317fd5678aab3c75544010f6e7b1e89669be39400c86fa476cf4387eea9bd885651e09a39500a0f291f343de8f609594dba08a4b65758677408f689863a4b1c3304531b0f3f9a6dec7f353c1ecd9330a2590339b561cbc37d5a420229cdc185b4d9e650"}, {0xfa, 0x0, "6403b6af115b48796540c63aa68147b74738910bc37625bded14654f0b6183a97056ca43f7da9c82315b084aa1d15e636321247fdcc98baaff76f1568729bb6d9333688c5fc4cb0d863a37f6a8e12185efbba4c7e71ad618ca695e9ffaf3d2106b179c42fa00ca90b342add2ac5ffedfca42162647bf52606553021dbd282f83679b2fcc12f8aae22c45684045de5863d2c20ba253bfefc5d31715e3d23fc904f9606aba5fd2a50756b6ff8e372fd287c040f3b3ab1923c273944ddb3cb47e5f47d998149b5c5b15ef9a2d07538e015a3321f785ea7acf655e14d723de6ccee7d9f1bbac2ab2d1bca23c3fcfea4388405b65682bfda9"}, {0x102, 0x0, "1b0ac2e50510aa46b24b615c3ca1e3b94d6500d162576e03478282d64eaaaabde9899429a73ef6f17297aa07b75b748df7362cc33f725b5ae90e67a0f3423af0cfac96616d6197d956ab33d2a387367aad64f605e6a12f252fdc91f02327ff604cd3e40c79896f4c29be54f299d77fbe15667e3e79bebfe904d84f9e571e1b16cce34ffa7b154a2b61b3917d1384a99ac90bf272444fd95f1131b73e6412ec0974643f3f0fc781e1f056dac9f57cd73dc3cfa0e16eb7f67a6a0faf2b155985e5f46cd876d7d3b833532b2258b3e29a0b58eb10c1f7ef33093c7a4080c35bfe65c0cc6dbcbdafd345546601dc5a56e80beb10430c31d6e7cea3241e35e8ba"}]}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x13e8, 0xe, 0x0, 0x1, [{0x4}, {0x4d, 0x0, "85ae34c78aaf39b4489898f070d4b7ae1c3c1d0a587429f1979456f951dccf91574e611441f108319ec87d2cbeb3de0c0b7783cd92601fc3eaa3194374af7a287c3e09faf77bf0519a"}, {0x67, 0x0, "c1a71830e7ab8ad7cf3f06e8ec69ea57de378a250b5563ed3a06cd1b9b53b21b7a0f9fe411dfad3ccec977e928aecf8803e0df75d1cfb32765b89d41b35d9c39ca082b3f3b7d8a75ff21f2c75f0678b765bed6fdc4c59f4ae2b15686c42fca6c48c90b"}, {0xde, 0x0, "7737b6a1b04d865438746bda40df57075892546bb74019e9df7a127e82be07e5b7c9811b9428931e001b352422ad08c33fab9e24d18e80ba75981455c6b0726bcbde2ad947069240a12e75c9258c9fb986eb1a5539590c351e7ffd6d4984dad38a707b090e808de1ac344ccbe9a7484944709859cf5c128e19407420412ea62f71408110d9e2235975a8de8f7080484b466d101ae474a8dcda78d126e0232ef597fa147f752366f6160c08756c898f44253540d84b43d8ed9f61b96174b50021d7c39bf7c2da4aa38d11baa69b6d543b3305f63b299b0a297112"}, {0x1004, 0x0, "a3f6124effaf14f57690753bfde3c3b304226417f7ae01359de64250c721ebc4ff96b69563ff4e9e1795071dfec6ca131df0ddb6f51a6e0d6f5910c309315efa6dd43be24ee6cc8b454b920b8f920767a1afc3bbf360e301f33031d3738935991238a4eade33991061abcc73de4b4387af2e9a7e0c48fefc0caab1dda0de7f1285aef2c4902d0c123f884aa155212c1fe62b76813c00fdb4971e2674cd8e45a6ae0910dd54177f3057e37f42507b9716b11a82838e42afcaf1fc99c614782a78fd35c91fa9e626df7bc024ffe26c66d262bd21a94e34bdbcffe786e1bf2388c6ac4e7da969c9e2d72ee7f03e88f2cb03613618b5a32961a3c8cf4cc598b3a6e4d709c6a9107e9d4b8551ee50517a608ffaf5918262bb5f78b61da9a522a96d9a8344284c0461985814d471675b1d85d9ff0664d131b7b169192735eb2fde7407e2e768c6dfa3e9f6104f388595d9e5856025717d95ab8306554d76d2470c1c7c67c3a18b1af9d89a67b1072f9739287f7cc38f2aae0dfe05582bb7f86672aa1efee7e53b2f59ce533581168b1e8036866a17025d7bd046f6f1ba9ac924142811d6afad911665941bb4b2534b977a9709e559a835afe3973aa6eff7d50900ed03e28f445cca95d4ef6b207163eca117e4fee94f1e5903f35bfdfbbd92486646395dd3382bb7cec29e68333451cb666bd20a1ce7d779c6dc71f16f5b117fb798fa75a1b8298e864dba1970aedc3518fbf12b451ae08d84277a25fd23153175a85627f50911f78622568ec3251e12ac38b2c0b8840197473a86f7758ed2db101da6b0c3a15c940c0155f72be1dc869d32af3be7dea4f07bae13682297b8eea9e3887c7374712caaa1f996ca8873b50ac0219ecbda99391c2f7681a902ce5083fd28163359f229fdac169a6049b5bf3185c80fdc9eda569d673eac45441fbd7c7ba45aa6fa5044475b8c4184c62a5b2b7cc9c09a6aa1f1f967874ce686c7d4cc13a9428a44876948f3f9e57263d6204c879d317c0e51a5c992e09a1dfd12426bb49d92f1ade04b651533e3489c13b475862c65d355742cb58359bc8fa701df110c1adc1bfa3ceff8f6335471b1ac8c17cd4a15f725466b3d503fb7b236c3546091f827f465c3c6b363a33b4afc068198470b13499e5745b542213d14a4e5419a72e5003e62eeca7a1f686ee8b317c5a7147fddc9784586f6afc92443f07a8f2d820ab80191ee228dc633655673e9324e39de7d0df5d62d8c2257173f70ab1d23a54366c717defbd174434bf3115debd55cfd2e7b058ba9da66c53dd04b7993333867b077a37e7e4094788ee5cbdaf9a202dccacc2390fcc74db1d9b8560d3778a7e38c6226859bca94ce3953151d00fc4c906cd1b4f395674d4c259d6bca48cb6a868417b83dab741cc761b0a91c9378f21fb5944f28b0925c07ed7e11c027dc875cdc13656bdac0d1370c10db3e7b761af2748451a91f87329c234c46baac7a1bafda5a54efdb3f2cbc5f281623646c4490e17713bec6ba0f619ef8dd456dc8d2a5de4b7456260754ab547166704cad6d7d02e816dbb5a7eb10d8cafa33ce5ea2892195f206ccd3b0c839d31f26938a1ead50d3e11e724a07ec30886ba55edba560d3861eed5c4fe2b11a3d5d825756d566fbebc9af2635586cb9d9c6ed6e097c0dc0cfd89a97ab2f5ef11facd116c6e3734f8e1c93f92d54fc9b259eb983dc2b7e4f3e3e503a9dc1e47b612c0b18f79a46ae67fc5fa1ca4016773b2165a0fe2563c3c6c4def0417de8ac6e522afbcd94796323f20fda12b2c90ca6d067980e1c4dc5afe593700c1f9e8bb3a96deca3a647f746b4576441471d1d92d7af0b8f205d7db90cbaf21380170f8622670734174c2ce8abf9b96d20c6da5d3b598f1909d6818e575f24dbedf3a93a0c91baf3f4377834c0a10ca961113bfb73468159c74999fc2405d3acda40818a76874b9ca9b78146db5e431c12677b70967487248346a2b596a8d2d6ed43362d8fed3da6e6b8a972de63a29f701fc6bf239e1dca3bd6a45dd9942a459ec6556df08c95828859d738155e90477554a1e2993bff99d09b75e07d3f20bf61b9530e0fd008bdbba88b45156bdc5df5d823eb0c492ebe3a000ec646f731160e8b0989980d3bfdfb53dec9516db95707bbb9f7e8e65d343544f106a1714f6f8a40afd780c9099bebe71ae93fe25abebef856e2c1e0e6938733aa1dcb4f21f90f807033afd8ac58208d2e32aca122405fa6b57a506a3271ba9b64e525566dd53481778379ced18238be6bd0b608f280e2db71bbfb346d4150d04adea09b61dde16d21163aefbc9c4c3cceeaa6438c0548fd8dc8452201664b8311d636b79e70d971909194fbe0ccb464bdb6745d62e1378b3b1372fcb50f4bc5041dc9056bf64ac5912c30704c8a473dbeba388f3b1656779050a1beea370ca9eeca3ee131400faf28c1092dc61d46206f56fff08928ac9142bfb36dacad1d8e2faa3272bbbf0f0f16816d649f042436ecd7756c2d8983c865d0760716b70bbb23b663e819e9b5f9da65c9ffac41a884d30d999a9ea46c25664d9104a6341a3a255839797f1ca2395982eedad880da359ba67d6d19610f87bc929850d6d1bbe453f3109de3a0290c1407a54c38c6eb1ebe56f500691f9f412848ea12ddeecffd6e51642715111e6e8f1b29e7d714894717fe3505dca9fafe00f9c5457eddf9c9f5daa599560d1d5884af2f4c5618b3786cbdcfef25be37b3cecceb2314eaa336f31515993950d5e1c647a42defa946c4f9c4bfd5aecd0885c10472b2c913d4e13ae2bf0b3b1556d80107d7ed5a93ef8ef0ca2882fe44a88b20bf3590514964e9d605fed2c6766be3bfd1acf0139266c6010e0dd4112bded5cf391f8a2edbdac893c66ba0b2cc50d836555c0b899e10e2f43815f32f8e3e57db74a1c8987ddc1d65504cba5aff5dbf34751e99c161dda67f3ac416d774f4c52566cc1c991381e9fbe19eae8328ed1811559fd44ed1259aada461caf5eb5ce203fdee03806d0adc2460c74470f3604e19a812f4adc8d5e9e6ad33bfe5d30a755051fb0f7b5f473365e34e56feec2a6b31b0d1729e9f6a28fba17cc8d9b6b3d2d2d41a61bd11b4175e92143dc55a40ae37489abca54da90e07aa1d081a1c2c469dc17b126f3f7a91a29a5f20b28f3a299bfbf32f4e1650a2cbe1264b118413e3a04629d954a61701642682c6f2d7b6391db4bb165c06ae219f4b6361b4fe01a7f732cd61005f586ae4ca1379cb5bf1700100a96c1575189983cc55a6b60943e029d71447439648ffac321a47343f3e6618e4a267e6de9e4c736540d6e306919f7fe7e2ca47def00d50b2ad7fd5e6840b4793ca6b21bd496dc0714ecc3806f052e8875cb58b598d4851108d7ab3aae43747cdfc9a4428f2ddeabefa66e8dc19c69caaadb829c803fb422027b2db870d64f73e2bd4905594e3dae35067b80d74e6fdca01a8435983bd1b0c3f606802c2c8da78215228a82f736e53927d5d659b68f7215a78ab754a175f6bd1321a398abc62c6a85326f8879290d79f3ccaac8e3b236141720c48e0457d717a7d592edc9893cf9280f2081f83be3316a784298b850508d7cf01ff3ca236b5e59cb289dfc8ef9b5fbc0b4623522fa39fc246d3e1b27474b2737fe957527b42d890bc0de145e701c56fda322438cad5b4188bdcca5e254e75f4b14ac775517237074c4fea50702bd8f65daea5f11b5d86beabb4bb5444671ef947fb86dd332c12019888df26a84593e6549c3c81816604bd09f102c0abe89694182146582e37785565469c4d3bba446e1a066e83360637fe27d04d32cac35bc4e7113f90c47992d48fa526853b9d9e4f7a68f331627dd6344bc4e4c6c5c87ba1c0328554d336980371bdb3b51109150841815e31c5932bb60624aedb0d5dd624b36e2ced75de2e9d28f418c0ebf5d3df117671dce7f93953340c00af6dae315092a7207e15d371db02c5d8c2cda0c57d1dab0e434c54bdffb8dfd07c896baecefc86d8c6ec8fc4515181fd7cad68a3018acf8c2233a28ee914d0f0818b11da1916f233885f4c9ca7f04215e812e165d2fa5f6c67c0b5d4ec054ef6e1823e8cd856b5188abb2ed751199c25bd54eed3336f5f9409a988d3c80adc6908febc8cd67c9d9be9b49bad38fd47581ba54e507c72b66db9bd6e0d5c5bf7e61b351e858c4d0b13be35e3860de5acdb94c5952f7c82307eff021345cada80f80f0d98532aa907b14541f0f78adf30fc2c93c163c0cab3106f12ce9c81df8a835060bec23ed0447da152ed46063e1388a51a39326679475107d0c546e6aa9ddb168bec9d173995348de8265aa256f6d4da278e0159f9c21a8ed1a850ce409e2dcfe3271870f267c36eaf1e87d838439b324332bfd5c78318699d8bcb8ffee0bc20ddefdbb04a6a150994ae20e717f06884511e92cd213676f2bc75f420d17bc71bf0eab166d23701a31ca6518775e416e67ce2fa981f7907482e5bf01e24fb4e99310662531dc6b2104c81198fd5ec21510ac32c6709a1d565bf69b33915c8a67e6a1a4201c73a2bbf2cf57659ab454856470e14e23af3fc2e1cbca131c2a00120fbe38f7678090db22c1415de53baa6a054a17ea8c6e58832ab46ad007ce1f1a71429557be1110b3ea78b2302c77cd8bf0aa52ddc453ec8b3a789eb6ed78b46536975fe1978b8d81680629ad68cd12317b32a3c17802dc6960abf5ba5673abc99a3a330c18c7f17eec569abc18bf4533fd9f92f59f251998801dad48dfce71fa9901a567244f3708d47cb28f48317a1a815b1cfec27bb46fc03ce0154f418a0d532826e257442b48bc52d51f6e6aa3e95bbb568ce11e17b4ef7daa50a674561a0512bb1f61ef840f3d7f3ad429f2277fc02d508ec23a9e9e6b3db6a2d60c66dad62e4dd42593d2935b15b10a47b2ab0b95fcfed3c6034a1ec7401e17ba8a226cb95d3e76a97537db85df30dbbcde75e560fce17fed60c12b63bffdd1fbbbcc3a45de077fa4561cf3dce587eab48d4fd96f664a6c7314ecbc8adb4e77ff9ad980ddd90317ae758fcfe972d96d01ab21f0ce898f28049f7b8da2ac62d745684e030af0754e51e3172088602493ad66367505a0663fa759cee29bc61ea8b4c0f44b3fd9b38ff9e70f2eb7547e112a1848d39e3c280d0b996fb40538eb2d3925f2d2c95b3c808825b492f225d70584bc8f3c76334db68e88fd0853416fb9194137a22bcd3265a35d54f2a6c7eb2de4e0278a5d21001787a3661dd7ea382ac235c4255ebdd86525738b37d94d3c3821ec84abeccf5b2ff78cf30e6aaa67be1204246a0a41036bf7362d7bd92c6885660bf88a3ad906b06e49e9bac144e1132b61c80905d712134c4881d5f38548fb20bdc0dcd688947819c1bc78ea681919373ee5367b138666e025d0ef7be230e92c54204df1cf1726b6ee48719ba395f58711cd21bf0780f6a8957a9e5ef3fa4802ffd2535d12daf1acba7641d4e3403c51cc70b7b7aaf81440b80db96b4df64b20824ce4f582b777d3e67249a7461b5b89ee7d8f6afe1dbf88892ac7ba3ed643ea5b576e056d1ca483548f254ee7e03d8930861966b93f567e7ff7d95efe0d88786e752531bec2d19accf5d5105410caec66eac08bf2882456ceac4a9a9a79806c3c4055806bbcaad0e9e34b64b9628b79abe9d7d403b1b26412c5bf513fc9c628c5ed701560cde48a1eeb0cf9737d0f09cc15fd9cf5e878aff2492739fc191b1542e198365655e44ddad6fd03aa281ef79798a70b245cba1bec65079"}, {0xc2, 0x0, "24a8b2369e74c6a2a34982f99f9fb635ec0d99b3035c09bfec9ce40cc8f52d3fcf72e2e90776e5779c0de4e4cc5f5f3cf2a183154928f47c9ae43276ccdf4b9a195d01e02077b393d749894a9c5e5e60a032abdf8aa55fd63a65bbc80b32d06abef3c18fa26225ef416dd741d162bbc385e626e7aab6e979a851785637b8d93bfa58bc9dce8e6b04d62939f7d96c2496ca9b50ee54eccc899fbad399e754ad3353a78fca40f83cdb672b17375b7b2a65f0f09a0bcfc34c0857cd5714bcef"}, {0x4}, {0xb9, 0x0, "11b1900c0f8d3075068094d57d67141df1191d4e4a161ff2146732ead0d601c060021016216db40e97840560ecb7b67c902b04a4fd25a0b8c338566564444471eeacfb1f6598465004c54cc36c5ee8297a61db4882f5ff76bd90ba2a1f0a41a85a98b0331efbab49c05fcf530b3b3b6e94fb4639747f6b3c49bf090c5dcbc40f44298bb30860533aed810f39468e7910a1ce07ad582f24a064804e9d51f614435d531ff52763a4ed3dd9e3399e0cec7c99265c16e6"}, {0xbe, 0x0, "b75497c58191ddc69fad59fdd5a14676d26b1e139aebdf6cde195c8c7449641af47b66d12a33ad392f354f9ff2940b4a5770a63881ce88e2cf059c9a20e0dcd1476bd617f995faabbbd51794827be124f194a7838b0333a7a071e4961318c8599c81029614e37a431f5e5af8dc8d9f1d265a6c1542ec840aacb8ae27307813f08bc02b99c554b147779bccb4bf5f55417891818b8570cde4c0f7bbc724a428061b58a2b400d7d949f913197292c1d5975f18b1a909663acd3772"}]}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7f}]}]}, 0x3b60}, 0x1, 0x0, 0x0, 0x805}, 0x20008000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:35 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) accept(r0, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x80) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x1, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x5, 0x0, 0x7, 0x80000000, 0x1, 0x5, 0x0, 0xfffffffa, 0x7ff, 0x8d], 0xa, 0x0, 0x0, 0xffffffffffffffff}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r4, 0xc0389424, &(0x7f0000000100)={0x9, 0x28, [], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000000080)={0x6}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1284.324618] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1284.331883] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1284.358281] CPU: 0 PID: 9627 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1284.366098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1284.375457] Call Trace: [ 1284.378048] dump_stack+0x1b2/0x281 [ 1284.381679] warn_alloc.cold+0x96/0x1cc [ 1284.385658] ? zone_watermark_ok_safe+0x220/0x220 [ 1284.390511] ? wait_for_completion_io+0x10/0x10 [ 1284.395298] __alloc_pages_nodemask+0x2127/0x2720 [ 1284.400157] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.404998] ? perf_trace_lock+0xf7/0x490 [ 1284.409145] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.413998] ? do_raw_spin_unlock+0x164/0x220 [ 1284.418495] alloc_pages_current+0x155/0x260 [ 1284.422906] kvm_mmu_create+0xda/0x1d0 [ 1284.426800] kvm_arch_vcpu_init+0x282/0x890 [ 1284.431125] ? alloc_pages_current+0x15d/0x260 [ 1284.435709] kvm_vcpu_init+0x26d/0x360 [ 1284.439600] vmx_create_vcpu+0xef/0x29d0 [ 1284.443668] ? __mutex_unlock_slowpath+0x75/0x770 [ 1284.448515] ? drop_futex_key_refs+0x2e/0xa0 [ 1284.452929] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1284.457008] ? get_futex_key+0x1160/0x1160 [ 1284.461355] kvm_vm_ioctl+0x4ca/0x13e0 [ 1284.465246] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.469407] ? check_preemption_disabled+0x35/0x240 [ 1284.474427] ? perf_trace_lock+0xf7/0x490 [ 1284.478577] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1284.483684] ? perf_trace_lock_acquire+0x510/0x510 [ 1284.488730] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.492886] do_vfs_ioctl+0x75a/0xff0 [ 1284.496689] ? ioctl_preallocate+0x1a0/0x1a0 [ 1284.501091] ? lock_downgrade+0x740/0x740 [ 1284.505239] ? __fget+0x225/0x360 [ 1284.508690] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.512756] ? security_file_ioctl+0x83/0xb0 [ 1284.517166] SyS_ioctl+0x7f/0xb0 [ 1284.520531] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.524506] do_syscall_64+0x1d5/0x640 [ 1284.528399] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1284.533585] RIP: 0033:0x465f69 [ 1284.536770] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1284.544476] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1284.551747] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1284.559015] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1284.566279] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1284.573544] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 13:27:36 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x103000, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) r5 = dup3(r0, r4, 0x80000) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000140)) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1284.610643] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1284.661023] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1284.669202] CPU: 0 PID: 9652 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1284.677096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1284.686447] Call Trace: [ 1284.689039] dump_stack+0x1b2/0x281 [ 1284.692669] warn_alloc.cold+0x96/0x1cc [ 1284.696643] ? zone_watermark_ok_safe+0x220/0x220 [ 1284.701498] ? wait_for_completion_io+0x10/0x10 [ 1284.706177] __alloc_pages_nodemask+0x2127/0x2720 [ 1284.711036] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.715876] ? perf_trace_lock+0xf7/0x490 [ 1284.720022] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1284.724876] ? do_raw_spin_unlock+0x164/0x220 [ 1284.729375] alloc_pages_current+0x155/0x260 [ 1284.733791] kvm_mmu_create+0xda/0x1d0 [ 1284.737677] kvm_arch_vcpu_init+0x282/0x890 [ 1284.741997] ? alloc_pages_current+0x15d/0x260 [ 1284.746585] kvm_vcpu_init+0x26d/0x360 [ 1284.750479] vmx_create_vcpu+0xef/0x29d0 [ 1284.754661] ? __mutex_unlock_slowpath+0x75/0x770 [ 1284.759509] ? drop_futex_key_refs+0x2e/0xa0 [ 1284.763922] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1284.767981] ? get_futex_key+0x1160/0x1160 [ 1284.772216] kvm_vm_ioctl+0x4ca/0x13e0 [ 1284.776104] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.780251] ? __fget+0x1fe/0x360 [ 1284.783704] ? check_preemption_disabled+0x35/0x240 [ 1284.788726] ? perf_trace_lock+0xf7/0x490 [ 1284.792872] ? perf_trace_lock_acquire+0x510/0x510 [ 1284.797804] ? sock_ioctl+0x16c/0x4c0 [ 1284.801600] ? kvm_vcpu_release+0xa0/0xa0 [ 1284.805751] do_vfs_ioctl+0x75a/0xff0 [ 1284.809555] ? ioctl_preallocate+0x1a0/0x1a0 [ 1284.813958] ? lock_downgrade+0x740/0x740 [ 1284.818108] ? __fget+0x225/0x360 [ 1284.821561] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.825533] ? security_file_ioctl+0x83/0xb0 [ 1284.829937] SyS_ioctl+0x7f/0xb0 [ 1284.833297] ? do_vfs_ioctl+0xff0/0xff0 [ 1284.837270] do_syscall_64+0x1d5/0x640 [ 1284.841162] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1284.846346] RIP: 0033:0x465f69 [ 1284.849526] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:27:36 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="5f454c44067b05107311996e8423c0524d53cb2ad09c08fef640e01eb14f391fe60fd1f4bdce51a9ce3551cebae0a219db2d6d4e64787c678d"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000400)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r5 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x5, 0x180) fadvise64(r5, 0x2, 0x8, 0x3) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) r6 = syz_mount_image$befs(&(0x7f0000000100)='befs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000240)="848cb687c8dbb68d2abcce1ca252a374c8c32333b39f5bf659fdbe3e55b4134bad1d49cc27cb7afe240dc855bcbd184da81b712a01eec854ca7d1d56e0c583e4f2dcc9c5d5ad59da5a95092c670c3933952838c991c487b56fd8adb33caf0b0af02fff658b049cbbe783bac26ae5c8a9dfa1f94aabc92aaf08325ffa784c45f6f3ab3b1f9fc15696d0f27dac2880a8508eed12ddafb75900ddc7d68b9a58ae29f65570966b2b8f03445679", 0xab, 0xfffffffffffffda3}], 0x91c428, &(0x7f0000000300)={[{'{'}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@audit='audit'}, {@fsmagic={'fsmagic', 0x3d, 0x100000000}}, {@subj_type={'subj_type', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '/'}}]}) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000001, 0x40010, r6, 0x72672000) [ 1284.857235] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1284.864498] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1284.871760] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1284.879028] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1284.886293] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1284.940178] warn_alloc_show_mem: 1 callbacks suppressed [ 1284.940182] Mem-Info: [ 1284.978351] active_anon:842365 inactive_anon:18063 isolated_anon:0 [ 1284.978351] active_file:9530 inactive_file:34103 isolated_file:0 [ 1284.978351] unevictable:0 dirty:382 writeback:0 unstable:0 [ 1284.978351] slab_reclaimable:16309 slab_unreclaimable:195213 [ 1284.978351] mapped:62781 shmem:8996 pagetables:18811 bounce:0 [ 1284.978351] free:488965 free_pcp:301 free_cma:0 13:27:36 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) r5 = timerfd_create(0x0, 0x800) fallocate(r5, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:36 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000200000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000024000b0f00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000a000100626669666f"], 0x38}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00', 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x34, r5, 0x801, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7118}]}]}]}, 0x34}}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1d8, r5, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK={0xd4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3d1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_NODE={0x90, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ID={0x7e, 0x3, "5d252981c7dcb49b03337d94eed98874dd02facf17dcbad1464fe54f135f53cbe4640a8e697c3f5cfd0f572ce9a767018d140f9f7c6ed1b59dbe3b524b59fedfdd8958d04aa46636af31ef41164faf3093af4b73bfbcb60d93ed2eacc874a0f2bbb18c154a7e6928b4d86bb4b0824f4cd8475b90b9e0ffd029e4"}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2fd}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffcdd}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x40040}, 0x40000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 1285.059112] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1285.150448] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1285.159332] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1285.194712] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1285.195730] Node 1 active_anon:1260500kB inactive_anon:53480kB active_file:38112kB inactive_file:136412kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34324kB dirty:1528kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1285.200183] CPU: 0 PID: 9701 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1285.236253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1285.245774] Call Trace: [ 1285.248361] dump_stack+0x1b2/0x281 [ 1285.251991] warn_alloc.cold+0x96/0x1cc [ 1285.255964] ? zone_watermark_ok_safe+0x220/0x220 [ 1285.260815] ? wait_for_completion_io+0x10/0x10 [ 1285.263891] Node 0 [ 1285.265478] __alloc_pages_nodemask+0x2127/0x2720 [ 1285.265502] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1285.269896] DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.272549] ? perf_trace_lock+0xf7/0x490 [ 1285.272559] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1285.272579] ? do_raw_spin_unlock+0x164/0x220 [ 1285.290964] lowmem_reserve[]: [ 1285.303230] alloc_pages_current+0x155/0x260 [ 1285.303246] kvm_mmu_create+0xda/0x1d0 [ 1285.303257] kvm_arch_vcpu_init+0x282/0x890 [ 1285.303265] ? alloc_pages_current+0x15d/0x260 [ 1285.303277] kvm_vcpu_init+0x26d/0x360 [ 1285.303291] vmx_create_vcpu+0xef/0x29d0 [ 1285.326862] 0 [ 1285.328095] ? __mutex_unlock_slowpath+0x75/0x770 [ 1285.328109] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1285.334627] 2717 [ 1285.336978] kvm_vm_ioctl+0x4ca/0x13e0 [ 1285.336991] ? kvm_vcpu_release+0xa0/0xa0 [ 1285.337004] ? perf_trace_lock_acquire+0x510/0x510 [ 1285.344985] 2718 [ 1285.346706] ? __lock_acquire+0x5fc/0x3f20 [ 1285.346722] ? check_preemption_disabled+0x35/0x240 [ 1285.354964] 2718 [ 1285.355587] ? perf_trace_lock+0xf7/0x490 [ 1285.360934] 2718 [ 1285.361493] ? lock_downgrade+0x740/0x740 [ 1285.370528] ? perf_trace_lock_acquire+0x510/0x510 [ 1285.375877] Node 0 [ 1285.376780] ? do_raw_spin_unlock+0x164/0x220 [ 1285.387257] DMA32 free:28644kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:228kB local_pcp:228kB free_cma:0kB [ 1285.387960] ? _raw_spin_unlock+0x29/0x40 [ 1285.393299] lowmem_reserve[]: [ 1285.394124] ? kvm_vcpu_release+0xa0/0xa0 [ 1285.394137] do_vfs_ioctl+0x75a/0xff0 [ 1285.394151] ? ioctl_preallocate+0x1a0/0x1a0 [ 1285.394159] ? lock_downgrade+0x740/0x740 [ 1285.394178] ? __fget+0x225/0x360 [ 1285.411177] 0 [ 1285.434214] ? do_vfs_ioctl+0xff0/0xff0 [ 1285.434226] ? security_file_ioctl+0x83/0xb0 [ 1285.434237] SyS_ioctl+0x7f/0xb0 [ 1285.434245] ? do_vfs_ioctl+0xff0/0xff0 [ 1285.434257] do_syscall_64+0x1d5/0x640 [ 1285.434275] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1285.434284] RIP: 0033:0x465f69 [ 1285.434291] RSP: 002b:00007f8db8940188 EFLAGS: 00000246 [ 1285.465995] 0 [ 1285.467135] ORIG_RAX: 0000000000000010 [ 1285.467142] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465f69 [ 1285.467148] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1285.467153] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1285.467158] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 1285.467172] R13: 00007ffe6abe2b0f R14: 00007f8db8940300 R15: 0000000000022000 [ 1285.472675] 0 [ 1285.564396] Bearer rejected, not supported in standalone mode [ 1285.580582] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1285.664204] 0 0 [ 1285.666378] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.692979] lowmem_reserve[]: 0 0 0 0 0 [ 1285.697366] Node 1 Normal free:1920088kB min:53696kB low:67120kB high:80544kB active_anon:1260000kB inactive_anon:53480kB active_file:38112kB inactive_file:136412kB unevictable:0kB writepending:1528kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17568kB pagetables:43588kB bounce:0kB free_pcp:1284kB local_pcp:712kB free_cma:0kB [ 1285.728694] lowmem_reserve[]: 0 0 0 0 0 [ 1285.733179] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1285.765461] Node 0 DMA32: 951*4kB (UME) 288*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28636kB [ 1285.786664] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1285.797541] Node 1 Normal: 189*4kB (UME) 120*8kB (UME) 183*16kB (UME) 171*32kB (UME) 52*64kB (U) 210*128kB (UME) 298*256kB (UME) 118*512kB (M) 34*1024kB (ME) 14*2048kB (UM) 410*4096kB (M) = 1919876kB [ 1285.817162] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1285.827127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1285.841441] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1285.851024] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1285.860478] 26735 total pagecache pages 13:27:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffffffffffbff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x80}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x20008000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000280)={'syz0', "249be53097a5650ed9012847932fdf44fe857f5101aaf06abeae7479be4b540bceb89345eea035255a382ef4fe6509b568dadf453127ea440ef348843f0af7c9ab28a9d5eb95fe62bd24301ca9ca50d63326c9c8a397a30d409cd39f7e4122dab5d01cfa616f14205b44ff5dc87ddbab1f05f17556ab6d1f13d41741509df88c91c40c051e4ce6aa233b6cf8a7cf8e73418f2aad657ae6deccd10420a8940ed4b1bbcce487bca0"}, 0xab) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="2f6465762f6e756c6c623100af798aa86d"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='affs\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x69000, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0x6, 0x2, 0x4, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r4, 0xc) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="d8e40f1834f20f5ea50c00b800088ed80fbef1baf80c66b80057228f66efbafc0c66b89f00000066eff30fa7c0660fd426000066b9de0b000066b80000010066ba000000000f30f2260f2372", 0x4c}], 0x1, 0x20, &(0x7f0000000100), 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:37 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x3, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) r6 = getpgid(0x0) write$P9_RGETLOCK(r5, &(0x7f0000000000)={0x21, 0x37, 0x1, {0x2, 0x1, 0xffffffffffff8001, r6, 0x3, '%.%'}}, 0x21) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000140)={[0x80000000, 0x0, 0x1, 0x7fff, 0x4, 0x5, 0x454, 0xdf, 0x100000000, 0x200, 0x7, 0xfff, 0x20, 0x100000001, 0x1, 0xa2c1], 0x4, 0x10}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x5, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r5, 0xc) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000280)=""/253) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x1e, 0x6, 0x1, 0xfe, 0x0, 0x7, 0x11881, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000040), 0x4}, 0x50018, 0xd62, 0x2, 0x9, 0x80000001, 0x5, 0x200}, r4, 0xffffffffffffffff, r3, 0xc) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000000000)={0x4}) 13:27:37 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1285.865627] 0 pages in swap cache [ 1285.869141] Swap cache stats: add 0, delete 0, find 0/0 [ 1285.876180] Free swap = 0kB [ 1285.879267] Total swap = 0kB [ 1285.882344] 2097051 pages RAM [ 1285.887908] 0 pages HighMem/MovableOnly [ 1285.891937] 363840 pages reserved [ 1285.896781] 0 pages cma reserved 13:27:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) ioctl$KVM_DEASSIGN_DEV_IRQ(r2, 0x4040ae75, &(0x7f0000000080)={0x7fffffff, 0x0, 0x1, 0x206}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1286.012172] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1286.025716] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1286.051856] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1286.085270] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1286.086273] syz-executor.3 cpuset= [ 1286.099307] syz-executor.4 cpuset= [ 1286.100092] syz-executor.2 cpuset= [ 1286.108186] / [ 1286.115169] / [ 1286.118062] mems_allowed=0-1 [ 1286.122950] mems_allowed=0-1 [ 1286.127429] CPU: 0 PID: 9753 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1286.135231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.139662] / [ 1286.144577] Call Trace: [ 1286.148863] dump_stack+0x1b2/0x281 [ 1286.152493] warn_alloc.cold+0x96/0x1cc [ 1286.155149] syz-executor.4 cpuset= [ 1286.156463] ? zone_watermark_ok_safe+0x220/0x220 [ 1286.156486] ? wait_for_completion_io+0x10/0x10 [ 1286.156502] __alloc_pages_nodemask+0x2127/0x2720 [ 1286.156531] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.168727] / [ 1286.169525] ? perf_trace_lock+0xf7/0x490 13:27:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/195, 0xc3}, {&(0x7f0000000280)=""/145, 0x91}, {&(0x7f0000000400)=""/212, 0xd4}], 0x3, 0x7ff, 0x6) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1286.181470] mems_allowed=0-1 [ 1286.185002] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.185027] ? do_raw_spin_unlock+0x164/0x220 [ 1286.185041] alloc_pages_current+0x155/0x260 [ 1286.185056] kvm_mmu_create+0xda/0x1d0 [ 1286.185066] kvm_arch_vcpu_init+0x282/0x890 [ 1286.185074] ? alloc_pages_current+0x15d/0x260 [ 1286.185087] kvm_vcpu_init+0x26d/0x360 [ 1286.185105] vmx_create_vcpu+0xef/0x29d0 [ 1286.185119] ? __mutex_unlock_slowpath+0x75/0x770 [ 1286.206950] mems_allowed=0-1 [ 1286.210092] ? drop_futex_key_refs+0x2e/0xa0 [ 1286.210111] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1286.210124] ? get_futex_key+0x1160/0x1160 [ 1286.210137] kvm_vm_ioctl+0x4ca/0x13e0 [ 1286.210150] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.251190] ? lock_downgrade+0x740/0x740 [ 1286.255339] ? _raw_spin_unlock_irq+0x24/0x80 [ 1286.259830] ? check_preemption_disabled+0x35/0x240 [ 1286.264838] ? perf_trace_lock+0xf7/0x490 [ 1286.268987] ? perf_trace_lock_acquire+0x510/0x510 [ 1286.273921] ? proc_reg_unlocked_ioctl+0xff/0x190 [ 1286.278753] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.282896] do_vfs_ioctl+0x75a/0xff0 [ 1286.286700] ? ioctl_preallocate+0x1a0/0x1a0 [ 1286.291109] ? lock_downgrade+0x740/0x740 [ 1286.295261] ? __fget+0x225/0x360 [ 1286.298710] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.302686] ? security_file_ioctl+0x83/0xb0 [ 1286.307087] SyS_ioctl+0x7f/0xb0 [ 1286.310440] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.314406] do_syscall_64+0x1d5/0x640 [ 1286.318299] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1286.323477] RIP: 0033:0x465f69 [ 1286.326666] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1286.334372] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1286.342069] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1286.349354] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1286.356614] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1286.364304] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1286.371580] CPU: 1 PID: 9769 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1286.379374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.388708] Call Trace: [ 1286.391295] dump_stack+0x1b2/0x281 [ 1286.394917] warn_alloc.cold+0x96/0x1cc [ 1286.398886] ? zone_watermark_ok_safe+0x220/0x220 [ 1286.403724] ? wait_for_completion_io+0x10/0x10 [ 1286.408377] __alloc_pages_nodemask+0x2127/0x2720 [ 1286.414698] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.419519] ? perf_trace_lock+0xf7/0x490 [ 1286.423659] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.428492] ? do_raw_spin_unlock+0x164/0x220 [ 1286.432977] alloc_pages_current+0x155/0x260 [ 1286.437395] kvm_mmu_create+0xda/0x1d0 [ 1286.441267] kvm_arch_vcpu_init+0x282/0x890 [ 1286.445569] ? alloc_pages_current+0x15d/0x260 [ 1286.450345] kvm_vcpu_init+0x26d/0x360 [ 1286.454219] vmx_create_vcpu+0xef/0x29d0 [ 1286.458268] ? __mutex_unlock_slowpath+0x75/0x770 [ 1286.463093] ? drop_futex_key_refs+0x2e/0xa0 [ 1286.467484] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1286.471529] kvm_vm_ioctl+0x4ca/0x13e0 [ 1286.475407] ? perf_trace_lock+0xf7/0x490 [ 1286.479551] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.483694] ? do_futex+0x12b/0x1570 [ 1286.488364] ? __might_fault+0x104/0x1b0 [ 1286.492423] ? lock_acquire+0x170/0x3f0 [ 1286.496409] ? futex_exit_release+0x220/0x220 [ 1286.500983] ? __might_fault+0x177/0x1b0 [ 1286.505034] ? _copy_from_user+0x96/0x100 [ 1286.509160] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.513290] do_vfs_ioctl+0x75a/0xff0 [ 1286.517080] ? ioctl_preallocate+0x1a0/0x1a0 [ 1286.521485] ? kmem_cache_free+0x23a/0x2b0 [ 1286.525715] ? SyS_futex+0x1da/0x290 [ 1286.529419] ? SyS_futex+0x1e3/0x290 [ 1286.533133] ? do_futex+0x1570/0x1570 [ 1286.536922] ? security_file_ioctl+0x83/0xb0 [ 1286.541663] SyS_ioctl+0x7f/0xb0 [ 1286.545013] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.549084] do_syscall_64+0x1d5/0x640 [ 1286.553106] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1286.558281] RIP: 0033:0x465f69 [ 1286.561461] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1286.569157] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1286.576413] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 1286.583675] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1286.591015] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1286.598286] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1286.605562] CPU: 0 PID: 9746 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1286.613368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.622894] Call Trace: [ 1286.625482] dump_stack+0x1b2/0x281 [ 1286.629114] warn_alloc.cold+0x96/0x1cc [ 1286.633096] ? zone_watermark_ok_safe+0x220/0x220 [ 1286.637950] ? wait_for_completion_io+0x10/0x10 [ 1286.642635] __alloc_pages_nodemask+0x2127/0x2720 [ 1286.647490] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.652327] ? perf_trace_lock+0xf7/0x490 [ 1286.656468] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.661316] ? do_raw_spin_unlock+0x164/0x220 [ 1286.665808] alloc_pages_current+0x155/0x260 [ 1286.670214] kvm_mmu_create+0xda/0x1d0 [ 1286.674106] kvm_arch_vcpu_init+0x282/0x890 [ 1286.678417] ? alloc_pages_current+0x15d/0x260 [ 1286.682987] kvm_vcpu_init+0x26d/0x360 [ 1286.686870] vmx_create_vcpu+0xef/0x29d0 [ 1286.690933] ? __mutex_unlock_slowpath+0x75/0x770 [ 1286.695773] ? drop_futex_key_refs+0x2e/0xa0 [ 1286.700183] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1286.704238] kvm_vm_ioctl+0x4ca/0x13e0 [ 1286.708121] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.712292] ? check_preemption_disabled+0x35/0x240 [ 1286.717308] ? perf_trace_lock+0xf7/0x490 [ 1286.721456] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1286.726565] ? perf_trace_lock_acquire+0x510/0x510 [ 1286.731488] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.735630] do_vfs_ioctl+0x75a/0xff0 [ 1286.739434] ? ioctl_preallocate+0x1a0/0x1a0 [ 1286.743841] ? lock_downgrade+0x740/0x740 [ 1286.748013] ? __fget+0x225/0x360 [ 1286.751973] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.755940] ? security_file_ioctl+0x83/0xb0 [ 1286.760362] SyS_ioctl+0x7f/0xb0 [ 1286.763711] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.767677] do_syscall_64+0x1d5/0x640 [ 1286.771992] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1286.781157] RIP: 0033:0x465f69 [ 1286.784339] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1286.792041] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1286.799394] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1286.806686] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1286.814297] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1286.821558] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1286.828832] CPU: 1 PID: 9754 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1286.836634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.845982] Call Trace: [ 1286.848576] dump_stack+0x1b2/0x281 [ 1286.852289] warn_alloc.cold+0x96/0x1cc [ 1286.856269] ? zone_watermark_ok_safe+0x220/0x220 [ 1286.861119] ? wait_for_completion_io+0x10/0x10 [ 1286.865793] __alloc_pages_nodemask+0x2127/0x2720 [ 1286.870650] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.875487] ? perf_trace_lock+0xf7/0x490 [ 1286.879630] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1286.884482] ? do_raw_spin_unlock+0x164/0x220 [ 1286.888980] alloc_pages_current+0x155/0x260 [ 1286.893389] kvm_mmu_create+0xda/0x1d0 [ 1286.897274] kvm_arch_vcpu_init+0x282/0x890 [ 1286.901604] ? alloc_pages_current+0x15d/0x260 [ 1286.906184] kvm_vcpu_init+0x26d/0x360 [ 1286.910072] vmx_create_vcpu+0xef/0x29d0 [ 1286.914136] ? __mutex_unlock_slowpath+0x75/0x770 [ 1286.918975] ? drop_futex_key_refs+0x2e/0xa0 [ 1286.923380] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1286.927438] ? get_futex_key+0x1160/0x1160 [ 1286.931761] kvm_vm_ioctl+0x4ca/0x13e0 [ 1286.935647] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.939829] ? check_preemption_disabled+0x35/0x240 [ 1286.944846] ? perf_trace_lock+0xf7/0x490 [ 1286.948992] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1286.954093] ? perf_trace_lock_acquire+0x510/0x510 [ 1286.959019] ? kvm_vcpu_release+0xa0/0xa0 [ 1286.963162] do_vfs_ioctl+0x75a/0xff0 [ 1286.966962] ? ioctl_preallocate+0x1a0/0x1a0 [ 1286.971364] ? lock_downgrade+0x740/0x740 [ 1286.975772] ? __fget+0x225/0x360 [ 1286.979219] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.983192] ? security_file_ioctl+0x83/0xb0 [ 1286.987597] SyS_ioctl+0x7f/0xb0 [ 1286.990958] ? do_vfs_ioctl+0xff0/0xff0 [ 1286.994942] do_syscall_64+0x1d5/0x640 [ 1286.998846] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1287.004028] RIP: 0033:0x465f69 [ 1287.007211] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1287.014916] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1287.022178] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1287.029441] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1287.036703] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1287.043965] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 13:27:38 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000400)=""/217, 0xd9}], 0x2, 0x8, 0x5) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) 13:27:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000080)=""/46, 0x2e}, {&(0x7f0000000180)=""/88, 0x58}, {&(0x7f00000000c0)=""/3, 0x3}, {&(0x7f0000000200)=""/199, 0xc7}, {&(0x7f0000000400)=""/225, 0xe1}, {&(0x7f0000000500)=""/122, 0x7a}], 0x6, 0x8cf, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1287.139387] warn_alloc_show_mem: 3 callbacks suppressed [ 1287.139391] Mem-Info: [ 1287.155438] active_anon:842458 inactive_anon:18064 isolated_anon:0 [ 1287.155438] active_file:9533 inactive_file:34117 isolated_file:0 [ 1287.155438] unevictable:0 dirty:419 writeback:0 unstable:0 [ 1287.155438] slab_reclaimable:16333 slab_unreclaimable:195279 [ 1287.155438] mapped:62833 shmem:8997 pagetables:18874 bounce:0 [ 1287.155438] free:488629 free_pcp:345 free_cma:0 13:27:38 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) r2 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x1c1042, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)=@gettaction={0xf8, 0x32, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x223cea37}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fffffff}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xa9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x2}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x20}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0xf65a}, @action_gd=@TCA_ACT_TAB={0x48, 0x1, [{0x14, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x767e}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffff8}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}]}, 0xf8}, 0x1, 0x0, 0x0, 0x1}, 0x2000000) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) fallocate(r3, 0x20, 0x0, 0xfffffeff000) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fallocate(r3, 0x0, 0x0, 0x10000101) [ 1287.244278] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 13:27:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) perf_event_open$cgroup(&(0x7f0000000080)={0x3, 0x70, 0x81, 0x22, 0x80, 0x4, 0x0, 0x0, 0x400, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x5, 0x90}, 0x4020, 0x6, 0x8, 0x6, 0xaf0, 0x81, 0x9}, r1, 0x5, r1, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1287.345907] Node 1 active_anon:1260472kB inactive_anon:53484kB active_file:38124kB inactive_file:136468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34232kB dirty:1676kB writeback:0kB shmem:16484kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1287.441937] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1287.520284] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1287.531306] Node 0 DMA32 free:28512kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:340kB local_pcp:120kB free_cma:0kB [ 1287.599030] lowmem_reserve[]: 0 0 0 0 0 [ 1287.607583] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1287.633908] lowmem_reserve[]: 0 0 0 0 0 [ 1287.638029] Node 1 Normal free:1914260kB min:53696kB low:67120kB high:80544kB active_anon:1260572kB inactive_anon:53484kB active_file:38124kB inactive_file:136468kB unevictable:0kB writepending:1676kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:17728kB pagetables:43840kB bounce:0kB free_pcp:1288kB local_pcp:668kB free_cma:0kB [ 1287.668747] lowmem_reserve[]: 0 0 0 0 0 [ 1287.672894] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1287.690423] Node 0 DMA32: 920*4kB (UME) 295*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28568kB [ 1287.706088] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1287.717780] Node 1 Normal: 102*4kB (UME) 80*8kB (UME) 5*16kB (UE) 79*32kB (UME) 54*64kB (UM) 208*128kB (UME) 301*256kB (UME) 118*512kB (M) 34*1024kB (ME) 14*2048kB (UM) 410*4096kB (M) = 1914056kB [ 1287.737321] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1287.747076] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1287.756579] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1287.766485] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1287.775950] 26753 total pagecache pages [ 1287.780061] 0 pages in swap cache [ 1287.784832] Swap cache stats: add 0, delete 0, find 0/0 [ 1287.790308] Free swap = 0kB [ 1287.796042] Total swap = 0kB 13:27:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe2(&(0x7f0000000000), 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x44258, 0xd64, 0x2, 0x6, 0x100000000, 0x0, 0x200}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xc) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x5, 0x1, 0xfe, 0x4, 0x0, 0xff, 0x1000, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xcc34, 0x4, @perf_config_ext={0x5, 0x3}, 0x200, 0x9, 0x5, 0x8, 0x5, 0x1f, 0x200}, 0x0, 0x6, r1, 0x10) [ 1287.799176] 2097051 pages RAM [ 1287.802367] 0 pages HighMem/MovableOnly [ 1287.808038] 363840 pages reserved [ 1287.811656] 0 pages cma reserved 13:27:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x101000, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000000c0)={0x100000, 0x100000}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x44, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10200, 0x1, 0x100000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) 13:27:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000080)={{0x0, 0x4, 0x2, 0xaad, 0x2, 0x3, 0xfa7, 0x2, 0x77, 0x6, 0x7f, 0x2, 0x34f, 0x9, 0x5}, 0x20, [0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000140)={0x0, r1, "757a816e3507f17265ae781e45c365b6ceefe4990e4c02dbd3a4e6ff4480505216cea8da9c1d1bb50dacc80d34baf5a7fe3b5d2d405e90bd7a54984eca0473f0470c38ee1cd89f7175697144c2afa02fd4d87eeef991fda2a1b384b8231ccf2e91180681aba77c5651a42b2f4aedfce01dbe0b41b9ac655329b862f4dda086fee35f34cd6f9e4951ca99cedc1236e25cc8a5db13b2c3d94823002d2f0f00b0e41599c5121f1a7042f9b23196c90bf7a98a2cb1052bdbb7e2d8210c57fe93a32e1c5b79fe71fd62d7caf1a901c876e566f4d1b2af610e773f3779e34dba32b81a8221c2bb6734510d6dc60d4787595839ba95164206378042bfe1bcd118427ba1", "73adfb579e292f07b4e276dfdd422330bf0b5e1e8e6907030dd9de6b8952b31f7b3e735bdbddfcec792f24c44fd8951fa9848c87d9638126875988c5c36092804cce7684ebf5a84897b4d3b9dccb26516915071dad64beeeb14eb9784b587dad6a83f7f3bbc7d1d02d8273f302545ae0aa184fb5bcf22543aa706cc8b1b139b86db1cecdc19729152b71b94ba504d5d58a78dcbd5c25e2da1e7a0bc37320d5abfa60996dfd8390f8d5fe9d73f1743f462a8d05f93d13fed2da2bd8e0a865561139c2cbf3d9c3d4ed01705c9449a0299ecb4e09516678678ed990cba49c86e1bc2895bf781c3e4a51589ec98438b718df47c6333bb4d05b7468891be56e06954492aac537b095632433ef908332a15cdc403ae877cbb443c13d65e9521538b4ab3e2a7cfdc8b6b4584cdbe876ea3f72fb7586a15c26a9705a32a5645a8514984669b50b253e3b417e8cad271cf3420e8d891d39a07d34f6289e08bb952e564d9487710779825cdddd3375b470473a3c16bcb685d3c760add115aed3c609d1fd347cc73404c269bb3377646514c7ec0f67f8cc418b47153078df30e5a992b13cc4f163184d33c697269ccd1a3b984c9fc3a58b5e3c0eb007491cf1cecb04097bc0f2d2095c4ae13f2d1cc727b9fd667098cae5281e1d9126c9cba1f65b78a9d5f60e6a985a1c004743a01072286d4162f46feb6e079c1c6c7960594fae9ad27c2afe623776356601f13e7480c5709bb89b6f6d62a80fd2a2bb23c793bea08d1a5a4e3e9cc041bd5e4489b44a5047e7ea630c4ca2bb35419902127e9403f80b022e62a9d7afcaecb7b8e28cfe9d141b2bda4ca1364de420f81396cf28c873507d823b8474d7c9ac3cab0b15e798d852870c9fe68f96e38a60ebb612e03ec2fa5ab755301260b1c34c27003a72229e9ef1a7b9094f0d674490428c002a2974596d5b366e502d81f05dc72cb3e9c175b803a6d9f880c6b2f2b549755646659315fa09479c7f1a03e08135cb90e5d1205fea25d94188c64e7024e99d8990d86a371edd4998b2e9b547a6523b85ec9c604e7e606feb28f580feda65beacd4e64942ec5c5508586b8a2d154277fdcc4122d919a7b7045b748a3339db1d1654282ac6acf15e3b613b6ce4c0a32b805bdd5fc92ce6a9578f0339a94b37d45558e7d728a312f8cbc5befa7f93f2a1dc03ccba10ea4af596e58c7f25612041fd716ca4aa60bd8512d8e6e348442c0226525b69cf2dbdbc24fb408c0c6d7a10f568fdd18dfdc6361ce3574c98e2acc69f88ca7d35f6d03ef68c380a221d7ecc6495f83637e55b5dc42e8e49a9c21cf0b31c1d6b83e6f678700fcd627719fcd0e7481818c24d8b17e172032390cfe8be29c68da0cf2cb6c0cc70467ab1b196e39e56eea31d9466ed0d454a2f0aa39c4e029d57c47a9f17a98b24fafee5bf8682202e7f4d9c1270c387395bbb18257733d8e76c32e80691e8b344671c9276313446c9d14b9d9a0b7ac160a656c96056a344cf528f9b5f76d786597ecc92ad8b4522dbd38635c03b5041b2ac0380edec48477dc629391d13fe67d362db67f8f34bf18a9d9e373be8ac2c0d1af281179f94c2c2e2075c46d02ae7bbe8b8860367f396e5f3e9842a7bfb59e43dfeea51f72f5b45afe4bbf10912d8d71999e69af52a5ba280d58063597a16a65624c2daff0bca02aa14621131fc931213ae42bc58eb197c8f6ee805227bed48d8799e222412b880216a9fceed71a677558d837b85fa9f678888fb8781e6d22d2209c6d8b2d156c1f58d94c44d6f3d1bad8ebf4c309c782c12b032d6d685fab8a5eb5cadeb396ce1a3385142ec69444dec4d70629acd793e7a822cf24d2e67ce48479ec842c11917e93135c3744d0287af167bb3fedf331c3a8aad79a80f896f0fc673e5e81132be3b2205952f26783633aadee5ab981c2dc7091696721b56d35e90f0a970f11832ad77b8def3ed08a1974e2c5c34b5e9ebeca9b34ea40b8c2327cd782a2fe84f7345bd156ad3d38b5d1de74922254d88421cd787ceead5d897d1982cd93cd12e275d91c0cb59ef60a2257c85e21cfd7d36a654751f9644d579f65cf36ebf7f3e74e65f9ba6c246772ed4e5e71833197ab551af6865050955fec4ee6f2f4225836ae5bd7ecbc578730b38442745a516664ff82c72ef21129ecb645650dc3ce4b996979597284e4695c71a1d04587ed38285fa6685dc59cddb47707c1c5921c39307df49aee3b31a9fad48faf935abe11707bb07c59bb181934db7b9b91702007d8ae1b42ac4233334846df585fa67093fb10cd8347559b760d4f24bd056198480895faf0fa87e2660bef0f10621ddb7bae97d4a12c459b44daef761af820079843c7b88082a252a650bf0ba7b046f51c323f97a7d51bb158537609dd4366a6dcb4e6b56f49acc51a83b7238911f242d5bcbc694cca87785fd7b95a6942476dfbf5f3e039b45497effbd327c5f5b625565325d6b8916a11b2bb52cbf37de478e5f29990da07178dde16e98aa88645a9dc8043f6521d845dc1ec92ffa1e2750701810645a3ea4ecb425b17aa712a9c856604904809bb9a43c8f6e40b940296a3653a4ef9934734d004531d4f3f7a254c02b1c8fdad130c98547c1b70ed2ab0602a20d944fcb130bee9d40db7706eab47b2c8f3b138a004a1decda6fcaa37134d4ebe3e95d1a20de9d054c2263ad6a2493c2fb0b8ca25dd6e6f4a9068eb949e2f6cfa41bb30e86115c3cfdc47215ad623495bfc62801b039af9a74d1639f6415a10fff45ff0fad77344cb8e23f837fcf879a925781ed67b6232507cb62e202103c5f08437e73bf96802794c9c103c9da5fcaac08f1524051d6a1278baba68e43b2c8aaef73d65dea2d78489c76e15c2bcfd17c0021dc8a475174b207c483c43688c52595ff307ac8a57e4446b5dc3b24cda7bf65d979d5e8c12e1c0d6e16d22907ca47a89f265d001b6a635327d27343e4eba55358ff397da2ff091f44233ac8d72a10da0ea596a93c908006df5478c26c529a3a063fed26a9ba01972c5342ce6d11c425d23cd946dfe406f774222144b659e54a6f3974eebae475c83fbcce2eb79aa245ba6f557776943da3ffc3652afafe8aabe14fbf08a5a9f3b67e8a17aedfbf7773f0ed24e46e330869565e076d55531cd779746865d7093e04b2959c034f11fa42662a6c8e17e215f8d283bfb9cb26dd535542cc74e42e1ef5784403425f9b4534101b776bb6e192e106b016e007d5c2246dc491726f65d9e670ac4ccaf71e3cd2f5bca9dbf08ce7eb98e4a8f292548bb962a8a800c52013ebdbda531ae42de5c3001fc353e87f61986dc978278e3927b232b6c8792bd097228a061a01a20e85b3f3ca78175e1197b4a8a97dd790db6a76fce7eb72c806c07a2407a4e9da7cb6f478aa2ba24c5b34a9a9d51b992eb71545c08ce015d54d25c0379d8c57985b497f7ee3867533ecb869c0e2118f59d42a7c16ea39dbbf384c4c76abc967cc0892d976f55aada5e6846abc683f92db6ffa8afef03841d048a3d20cc792db59393c79f29a53066a242ba2b21cb930c64b1c86e4c3005282c0e8a3b11b66b6886f429062dc5428b1e1f3910a25a637d81e626e35c05527052bb2f5806ac6b7f0061ac1341b3cc6bf2847196aef7cd4648975bebf5d72cc01f75749cd9af5e5519b970a2c223f282759ead5eea4b4b2e49035d716407199f50f0a0c3ffc0c2af038289a888fa1f6f2746c0d04e732ead21e0fa68f7e11c98c11185b386ddf059db5716aa777af91f10d4d75575f2b72909ae2906e4d93edd06869a2bf7cfe2363765fb56c1e8cfc8039a14d92aae071433eaea17fb86029743c0bfc8dfaaae8ba69ae3922ad94766c3f3e2ba0ef6d36ba67429919641b0468a77db0beff37ada49f95ccc7d7371826d74017f42e0c49343e83acb267880eeae0ec6b5f804a71cb6890d6f6393b77e6c064e866164561b4121a23e021e4fad2a497721c22d386f64f91525c5aa5c45b0d95085387d81c0a0cde94369c8013cffd2dfaaf07f2cce55ecbdce82beb89af16f029cd8d54c00c2fefed4df9972357464f6219f2e7134e2ac546f38dab287a87f110bc56dc1300b25c965e1a02115bcc5bdcba50b129080ff104623859015573fdb140e05f715a296fd413507775b105f8284faa79109f755ee2af31a17c6d3101d76c37a38c5c8b28916c3597b8cc175c2c53acac837fc8f1a26bf7cfbf3b0cf1b4a50ad23ac424e0aa200d205c7c2cba633245d848b2715cba44450668609c502786da986664bae55558a8ed0d664b9777b58185a5a47ebe029039ddbbfaa34aac4d7010a446f5e5a6c13015faaf330cda94307e126947ec91183acf8ae1560f54da5bb4aef5f1da9043959b750cfee0a2d0e66331564785d12e8aa2ea38faa0df176937b91701e5b09fe97e6e4a97b9a1453443dd304ec051c9a22248044ad85a88c02abf32b199fa0748b5b1532c7d717b820dcc1a1a7491b19ae0c139a2e5c5cc372416b27dceb061d5055bf9adbdca4c35c6b10df1339cf652799fcf9cdae7cc045d5ea0d54d742320cb968c773e41d3786293c58525b1210d2b8a2d3925601486967ea18e6f80207dc05bd05368292185106ff0358e8721d09e116ac9a211c25eb768e39501ca07d733d7d0c93f0fa384fdfcdcc46f5174e5a46d470898292296f3c9e3531f3dbaf16351f805a0d7a7f759ca0df42f075356a68139ed5eacc901663879abe005f6343f37315e07cd531209594e8bbda1677badc14c4c15d5d0dd2f976fd9f43839b7988dca2465ff6062db0221a8d8dceadb61652eae8020b88a95f8ef4b72a073ad9cf4ed9cbcf47c5c46210fc404f655ac0c10bfe935d1f9539e18d9f9afaa2d31aeafbf669c95ccbf0309747e59b7dc4d5eb471e9d78a58a0f6d3e0fcde81958e75d0e61efef3dab417ac89651b4002cf48451e7d88fa97af8c6246221b84cb231e87568816e0b1c5af9e8e9293d1b87a7e16cfcd05a80a80f76a985f0aa2d79945501662f2f2bc3c6e57de4177b1fca854a008d1a0ab4747115a870555dc870c9e7185a334ecd5cf197392d4f68b358ab09e5ee9b946e27a321deeee9f501473b322adf45091f1a14919a9d565244bfc9c9fd482868da8ec786d1334e0164a5589140de3c4cb565682d4162edc84711673923014d1b270700621f8064f9a0cffd510983a881450369cfe3fdcdd8adb43377d4afcf09750310b3c12ea54478bf021190e9f8b06b75c84f5605ecbdd34d01ce7a95f45b4fe03781b0b5a2ef9a15abba94c2b8b1cbe9c7d2621a14da823b7d67a1bbe7987b404744a5d23602389b7809c729cef037da57ca77dbab3cc1fabe458293c4de218d6dc621c5c43f5a6bed577c38c9851ded032045cccfb01f4503914"}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 13:27:39 executing program 5: fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000200)=@v2={0x2000000, [{0x4, 0x7f}, {0x7, 0x8}]}, 0x14, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000018c0)=""/246) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000180)=0x2) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000280)=""/182) r2 = memfd_create(&(0x7f00000004c0)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:dFq\xd9\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xceH\xb8\a\x96\xff\xa9b\x03\xb5@#\f\xfa-\x03`\xef\xd20=\x18\x823\xb1\x86\x96Zg\r|\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xfc\xd7\xe9\x8a\xbb\xb7\xa1=\xcb\xdb\xa7W\x947\xe0\xb6\x85\x7f\xbd\xcc\xcbN\xad%\x19\x04\xb2\x02hE<\x1f\xda\x17\xce\x10\xa7^6\x896O\x00\x00\x00\xf3`\\\xe5\xa6WTz\xd5\xb7\r\x17\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\xad\x88\xa3\xdb\r\xabH\xa6*\x84\xda\xb3\x1a\xaf\x93\x8bP\xa9T0\xdc\xe4\x9cA\xbc\xc1Z\xcc\xed\x13\xf1\xcc\xd4-lf\x18\xc4\xad\xf5\t\'\x9c\xb7i>\xfagX&\x02\fx}G\x10\xbf{\xab\xe0:G\x03C-\xd63q\x98y\xc0\xe8]w\xce\v6\xcd\xb6E\xca}\xb7\xd2g\xd3\x16\x1a\xc2?\"\xda,\xd72\xd0\xec\"\xc3\xa1\xb5\xd7\xa2\xab\x18\xf2\x80b\xa0\xea{gv>\r\xb4%\xfc\n\xb2\xc5zO\x96l\xc9@tuG\x92\xddq\xf0~\x81(f\x8c\xfc\xf3\xe2\x9b', 0x7) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000003c0)=0x16453d0) pwritev(r2, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x84102, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f0000000140)={0x7, &(0x7f0000000000)=[{0x2543, 0x0, 0x6}, {0x2d, 0x5, 0x3f, 0x3ff}, {0x7, 0x7, 0x6, 0x7f}, {0x8001, 0x8, 0x7, 0x1}, {0x2, 0x2, 0x7f, 0x9}, {0x200, 0x3f, 0xc0, 0xfffff000}, {0x5, 0x4, 0x80, 0x6}]}) fallocate(0xffffffffffffffff, 0x20, 0x0, 0x2) fallocate(r3, 0x0, 0x0, 0x10000101) fallocate(r3, 0x3, 0x0, 0xffff) fsync(r1) fallocate(r3, 0x0, 0x0, 0x10000101) 13:27:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@updpolicy={0xd4, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in6=@private1, 0x0, 0x7, 0x4e23, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, [@replay_thresh={0x8, 0xb, 0x1ff}, @policy_type={0xa, 0x10, {0x1}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x1}]}, 0xd4}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x80}}, [@mark={0xc, 0x15, {0x0, 0x3}}]}, 0xc4}}, 0x0) fchmod(r2, 0x2) finit_module(r1, &(0x7f0000000080)='\x00', 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)=@newspdinfo={0x44, 0x24, 0x300, 0x70bd29, 0xffffffff, 0x80, [@XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008810}, 0x40) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x2, 0x3, 0x6000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1dfffc0c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x80200, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x70, 0x8, 0x6, 0x1, 0x8, 0x0, 0x116, 0x4, 0x8, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000180), 0x1}, 0x4, 0x6, 0x7, 0x691166587a66c620, 0x5, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r4, 0x1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1287.910254] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1287.959025] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1287.981295] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1287.989946] CPU: 1 PID: 9868 Comm: syz-executor.4 Not tainted 4.14.224-syzkaller #0 [ 1287.992294] audit: type=1800 audit(1615210059.655:149): pid=9876 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=16737 res=0 [ 1287.999744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.999748] Call Trace: 13:27:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$int_in(r2, 0x73, &(0x7f0000000000)=0x10001) [ 1287.999764] dump_stack+0x1b2/0x281 [ 1287.999778] warn_alloc.cold+0x96/0x1cc [ 1287.999791] ? zone_watermark_ok_safe+0x220/0x220 [ 1287.999813] ? wait_for_completion_io+0x10/0x10 [ 1288.047308] __alloc_pages_nodemask+0x2127/0x2720 [ 1288.052260] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.057105] ? perf_trace_lock+0xf7/0x490 [ 1288.061252] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.066109] ? do_raw_spin_unlock+0x164/0x220 [ 1288.066640] syz-executor.2 cpuset= [ 1288.070602] alloc_pages_current+0x155/0x260 [ 1288.070619] kvm_mmu_create+0xda/0x1d0 [ 1288.070631] kvm_arch_vcpu_init+0x282/0x890 [ 1288.070641] ? alloc_pages_current+0x15d/0x260 [ 1288.076318] / [ 1288.078568] kvm_vcpu_init+0x26d/0x360 [ 1288.082651] mems_allowed=0-1 [ 1288.086737] vmx_create_vcpu+0xef/0x29d0 [ 1288.086752] ? __mutex_unlock_slowpath+0x75/0x770 [ 1288.086764] ? drop_futex_key_refs+0x2e/0xa0 [ 1288.086775] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1288.086788] ? get_futex_key+0x1160/0x1160 [ 1288.086799] kvm_vm_ioctl+0x4ca/0x13e0 [ 1288.086813] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.130521] ? check_preemption_disabled+0x35/0x240 [ 1288.135529] ? perf_trace_lock+0xf7/0x490 [ 1288.139664] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1288.144750] ? perf_trace_lock_acquire+0x510/0x510 [ 1288.149663] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.153793] do_vfs_ioctl+0x75a/0xff0 [ 1288.157579] ? ioctl_preallocate+0x1a0/0x1a0 [ 1288.161971] ? lock_downgrade+0x740/0x740 [ 1288.166104] ? __fget+0x225/0x360 [ 1288.169540] ? do_vfs_ioctl+0xff0/0xff0 [ 1288.173504] ? security_file_ioctl+0x83/0xb0 [ 1288.177894] SyS_ioctl+0x7f/0xb0 [ 1288.181240] ? do_vfs_ioctl+0xff0/0xff0 [ 1288.185201] do_syscall_64+0x1d5/0x640 [ 1288.189078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.194248] RIP: 0033:0x465f69 [ 1288.197418] RSP: 002b:00007f0f532c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1288.205108] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1288.212360] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1288.219610] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1288.226861] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1288.234112] R13: 00007fffed84577f R14: 00007f0f532c7300 R15: 0000000000022000 [ 1288.241375] CPU: 0 PID: 9882 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1288.249171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.258518] Call Trace: [ 1288.261105] dump_stack+0x1b2/0x281 [ 1288.264011] INFO: task kworker/0:0:22002 blocked for more than 140 seconds. [ 1288.264731] warn_alloc.cold+0x96/0x1cc [ 1288.264745] ? zone_watermark_ok_safe+0x220/0x220 [ 1288.264764] ? wait_for_completion_io+0x10/0x10 [ 1288.272065] Not tainted 4.14.224-syzkaller #0 [ 1288.276033] __alloc_pages_nodemask+0x2127/0x2720 [ 1288.276058] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.276067] ? perf_trace_lock+0xf7/0x490 [ 1288.276084] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.301515] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.304351] ? do_raw_spin_unlock+0x164/0x220 [ 1288.304365] alloc_pages_current+0x155/0x260 [ 1288.304380] kvm_mmu_create+0xda/0x1d0 [ 1288.304390] kvm_arch_vcpu_init+0x282/0x890 [ 1288.304400] ? alloc_pages_current+0x15d/0x260 [ 1288.315917] kworker/0:0 D [ 1288.317286] kvm_vcpu_init+0x26d/0x360 [ 1288.317301] vmx_create_vcpu+0xef/0x29d0 [ 1288.317315] ? __mutex_unlock_slowpath+0x75/0x770 [ 1288.324076] 28024 22002 2 0x80000000 [ 1288.326188] ? drop_futex_key_refs+0x2e/0xa0 [ 1288.326201] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1288.326211] ? get_futex_key+0x1160/0x1160 [ 1288.326223] kvm_vm_ioctl+0x4ca/0x13e0 [ 1288.334534] Workqueue: usb_hub_wq hub_event 13:27:40 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="07f08730f34fac51c050c4255266c03c2097960c045df40271ee1e72b06ef6387fb02aab096f43796dcdf887be6b566f2263def051a8789e0fe00e4d343d661d07f789474c2208d7cca25ce3b49bc0806773bac690dca823370110da22e34c0bfe245687e856d5db2bf62ec1dcef1e9812cc8406d82d5c7601c06cab01c8c7a373d3d0834f272364804161a10711f321d2be67e156"], 0xa) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r2) r4 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x2}, 0x4) splice(r0, 0x0, r2, 0x0, 0x4f0a, 0x0) [ 1288.338965] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.338989] ? check_preemption_disabled+0x35/0x240 [ 1288.339001] ? perf_trace_lock+0xf7/0x490 [ 1288.354826] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1288.354840] ? perf_trace_lock_acquire+0x510/0x510 [ 1288.354852] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.354864] do_vfs_ioctl+0x75a/0xff0 [ 1288.354877] ? ioctl_preallocate+0x1a0/0x1a0 [ 1288.354885] ? lock_downgrade+0x740/0x740 [ 1288.354900] ? __fget+0x225/0x360 [ 1288.363663] Call Trace: [ 1288.367471] ? do_vfs_ioctl+0xff0/0xff0 13:27:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r1, 0xc) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r3 = accept4$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000280)=0x1c, 0x40000) fcntl$setsig(r3, 0xa, 0xb) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r2, 0xc) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000080)="ded76241ba2636260f015a80660f23ceba4100b0b0eef00fba380866b8010000000f01d90fd8df66b9800000c00f326635000400000f3066b9800000c00f326635002000000f30", 0x47}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000010904000000000000000002000000240001801400018008000100e000000108000200001b94000000000000000100000047504770e3fc0000240002801400010100ac1c140008000200ac1e00010c0002800500000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:40 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r0, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1288.367483] ? security_file_ioctl+0x83/0xb0 [ 1288.367493] SyS_ioctl+0x7f/0xb0 [ 1288.367502] ? do_vfs_ioctl+0xff0/0xff0 [ 1288.380554] __schedule+0x88b/0x1de0 [ 1288.384027] do_syscall_64+0x1d5/0x640 [ 1288.384046] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.384054] RIP: 0033:0x465f69 [ 1288.384059] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1288.384074] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1288.384078] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1288.384082] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1288.384087] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1288.384091] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1288.498864] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. 13:27:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x6, 0x4, 0x0, 0x0, 0x7, 0x0, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xec8, 0x4, @perf_config_ext={0x8, 0x8}, 0x40010, 0xd64, 0x2, 0x9, 0x80000001, 0x0, 0x200}, 0xffffffffffffffff, 0x7, r3, 0xc) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x2000, 0x4000}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f00000000c0)={r3, 0x1ff, 0x2a6f, 0x5}) perf_event_open(&(0x7f0000000140)={0x3, 0x70, 0x3, 0x0, 0x3, 0x7, 0x0, 0xf4d, 0x42, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0x6, 0x80}, 0x20, 0x8, 0x3, 0x4, 0x100000000, 0xba7, 0x6}, 0xffffffffffffffff, 0x0, r4, 0x1) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1288.542663] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 13:27:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x409, 0x0, 0x0, {0x5, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x20008080}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)={0x1, 0x3, 0x4, 0x1}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvme-fabrics\x00', 0xc202c0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000080)={r0, 0x10001, 0x0, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e24, 0x9, @empty, 0x10001}, 0x1c) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000100)) [ 1288.604657] warn_alloc_show_mem: 3 callbacks suppressed [ 1288.604661] Mem-Info: [ 1288.666367] active_anon:842512 inactive_anon:18063 isolated_anon:0 [ 1288.666367] active_file:9535 inactive_file:34126 isolated_file:0 [ 1288.666367] unevictable:0 dirty:423 writeback:0 unstable:0 [ 1288.666367] slab_reclaimable:16272 slab_unreclaimable:196361 [ 1288.666367] mapped:62827 shmem:8996 pagetables:18957 bounce:0 [ 1288.666367] free:487381 free_pcp:406 free_cma:0 [ 1288.755333] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1288.794475] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1288.799953] Node 0 active_anon:2109260kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:217100kB dirty:0kB writeback:0kB shmem:19504kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1116160kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1288.813243] ? io_schedule_timeout+0x140/0x140 [ 1288.847030] CPU: 0 PID: 9949 Comm: syz-executor.3 Not tainted 4.14.224-syzkaller #0 [ 1288.854831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.864184] Call Trace: [ 1288.866774] dump_stack+0x1b2/0x281 [ 1288.870403] warn_alloc.cold+0x96/0x1cc [ 1288.874377] ? zone_watermark_ok_safe+0x220/0x220 [ 1288.879229] ? wait_for_completion_io+0x10/0x10 [ 1288.883899] __alloc_pages_nodemask+0x2127/0x2720 [ 1288.888756] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.893595] ? perf_trace_lock+0xf7/0x490 [ 1288.897738] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.902595] ? do_raw_spin_unlock+0x164/0x220 [ 1288.907092] alloc_pages_current+0x155/0x260 [ 1288.911502] kvm_mmu_create+0xda/0x1d0 [ 1288.915387] kvm_arch_vcpu_init+0x282/0x890 [ 1288.919702] ? alloc_pages_current+0x15d/0x260 [ 1288.924282] kvm_vcpu_init+0x26d/0x360 [ 1288.928171] vmx_create_vcpu+0xef/0x29d0 [ 1288.932235] ? __mutex_unlock_slowpath+0x75/0x770 [ 1288.937075] ? drop_futex_key_refs+0x2e/0xa0 [ 1288.941478] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1288.945536] ? get_futex_key+0x1160/0x1160 [ 1288.949770] kvm_vm_ioctl+0x4ca/0x13e0 [ 1288.953660] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.957816] ? check_preemption_disabled+0x35/0x240 [ 1288.962835] ? perf_trace_lock+0xf7/0x490 [ 1288.966988] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1288.972095] ? perf_trace_lock_acquire+0x510/0x510 [ 1288.977024] ? kvm_vcpu_release+0xa0/0xa0 [ 1288.981172] do_vfs_ioctl+0x75a/0xff0 [ 1288.984976] ? ioctl_preallocate+0x1a0/0x1a0 [ 1288.989380] ? lock_downgrade+0x740/0x740 [ 1288.993529] ? __fget+0x225/0x360 [ 1288.996976] ? do_vfs_ioctl+0xff0/0xff0 [ 1289.000959] ? security_file_ioctl+0x83/0xb0 [ 1289.005369] SyS_ioctl+0x7f/0xb0 [ 1289.008734] ? do_vfs_ioctl+0xff0/0xff0 [ 1289.012708] do_syscall_64+0x1d5/0x640 [ 1289.016599] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1289.021781] RIP: 0033:0x465f69 [ 1289.024964] RSP: 002b:00007f8db8982188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1289.032668] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1289.039935] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 1289.047198] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 13:27:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x81, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x5c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1289.050843] schedule+0x8d/0x1b0 [ 1289.054456] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1289.054462] R13: 00007ffe6abe2b0f R14: 00007f8db8982300 R15: 0000000000022000 [ 1289.096002] Node 1 active_anon:1260852kB inactive_anon:53480kB active_file:38136kB inactive_file:136536kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34208kB dirty:1744kB writeback:0kB shmem:16480kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 6144kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1289.119550] usb_kill_urb.part.0+0x125/0x190 [ 1289.125131] Node 0 DMA free:10972kB min:204kB low:252kB high:300kB active_anon:388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:32kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1289.146023] ? usb_anchor_resume_wakeups+0xb0/0xb0 [ 1289.157657] lowmem_reserve[]: 0 2717 2718 2718 2718 [ 1289.167015] Node 0 DMA32 free:28568kB min:36200kB low:45248kB high:54296kB active_anon:2108872kB inactive_anon:18772kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2788160kB mlocked:0kB kernel_stack:11200kB pagetables:31488kB bounce:0kB free_pcp:336kB local_pcp:116kB free_cma:0kB [ 1289.178932] ? out_of_line_wait_on_atomic_t+0x1a0/0x1a0 [ 1289.197338] lowmem_reserve[]: 0 0 0 0 0 [ 1289.207434] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1289.229182] ? wait_woken+0x230/0x230 [ 1289.234488] lowmem_reserve[]: 0 0 0 0 0 [ 1289.242136] Node 1 Normal free:1911236kB min:53696kB low:67120kB high:80544kB active_anon:1260852kB inactive_anon:53480kB active_file:38136kB inactive_file:136536kB unevictable:0kB writepending:1744kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:18080kB pagetables:44300kB bounce:0kB free_pcp:880kB local_pcp:300kB free_cma:0kB [ 1289.252274] usb_kill_urb+0x7c/0x90 [ 1289.311244] lowmem_reserve[]: 0 0 0 0 0 [ 1289.311499] usb_start_wait_urb+0x209/0x440 [ 1289.319000] Node 0 DMA: 33*4kB (UM) 3*8kB (UM) 4*16kB (UM) 4*32kB (U) 4*64kB (UM) 1*128kB (U) 2*256kB (M) 1*512kB (U) 1*1024kB (M) 0*2048kB 2*4096kB (M) = 10972kB [ 1289.336061] ? usb_api_blocking_completion+0xa0/0xa0 [ 1289.338291] Node 0 DMA32: 920*4kB (UME) 295*8kB (UME) 688*16kB (UME) 290*32kB (UME) 23*64kB (U) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28568kB [ 1289.361734] ? __kmalloc+0x3a4/0x400 [ 1289.375691] ? usb_alloc_urb+0x1f/0x130 [ 1289.378350] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1289.381949] ? memset+0x20/0x40 [ 1289.406249] Node 1 Normal: 122*4kB (UME) 30*8kB (UME) 18*16kB (UME) 15*32kB (UME) 52*64kB (U) 205*128kB (UME) 302*256kB (UME) 118*512kB (M) 34*1024kB (ME) 14*2048kB (UM) 410*4096kB (M) = 1911640kB [ 1289.418514] usb_control_msg+0x302/0x450 [ 1289.434553] ? usb_start_wait_urb+0x440/0x440 [ 1289.445171] usb_get_descriptor+0xc0/0x160 [ 1289.449552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1289.455510] usb_get_device_descriptor+0x71/0xd0 [ 1289.468498] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1289.471066] hub_port_init+0x629/0x2970 [ 1289.484051] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1289.489629] ? _find_next_bit+0xdb/0x100 [ 1289.492964] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=3 hugepages_size=2048kB [ 1289.504733] hub_event+0x18fd/0x3d70 [ 1289.512405] 26773 total pagecache pages [ 1289.513958] ? hub_port_debounce+0x310/0x310 [ 1289.517373] 0 pages in swap cache [ 1289.524141] ? lock_acquire+0x170/0x3f0 [ 1289.532847] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1289.535493] Swap cache stats: add 0, delete 0, find 0/0 [ 1289.544043] process_one_work+0x793/0x14a0 [ 1289.548377] Free swap = 0kB [ 1289.551477] Total swap = 0kB [ 1289.552740] ? work_busy+0x320/0x320 [ 1289.555939] 2097051 pages RAM [ 1289.560485] ? worker_thread+0x158/0xff0 13:27:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x100, 0x0) fchdir(r1) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x7) 13:27:41 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) [ 1289.561399] 0 pages HighMem/MovableOnly [ 1289.571038] ? _raw_spin_unlock_irq+0x24/0x80 [ 1289.575847] 363840 pages reserved [ 1289.579379] 0 pages cma reserved [ 1289.580067] worker_thread+0x5cc/0xff0 [ 1289.597976] ? rescuer_thread+0xc80/0xc80 [ 1289.606278] kthread+0x30d/0x420 [ 1289.641075] ? kthread_create_on_node+0xd0/0xd0 [ 1289.651855] ret_from_fork+0x24/0x30 [ 1289.670608] [ 1289.670608] Showing all locks held in the system: [ 1289.696581] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null) [ 1289.724883] 1 lock held by khungtaskd/1532: [ 1289.729589] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1289.738803] 5 locks held by kworker/0:0/22002: [ 1289.743381] #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1289.752134] #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1289.761062] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3d70 [ 1289.769127] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x18e8/0x3d70 [ 1289.778228] #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_init+0x15b/0x2970 [ 1289.787352] [ 1289.788968] ============================================= [ 1289.788968] [ 1289.812826] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 1289.823765] CPU: 1 PID: 9993 Comm: syz-executor.2 Not tainted 4.14.224-syzkaller #0 [ 1289.830124] NMI backtrace for cpu 0 [ 1289.831566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1289.831571] Call Trace: [ 1289.831586] dump_stack+0x1b2/0x281 [ 1289.831600] warn_alloc.cold+0x96/0x1cc [ 1289.854814] ? zone_watermark_ok_safe+0x220/0x220 [ 1289.859656] ? wait_for_completion_io+0x10/0x10 [ 1289.864309] __alloc_pages_nodemask+0x2127/0x2720 [ 1289.869142] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1289.873966] ? perf_trace_lock+0xf7/0x490 [ 1289.878091] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1289.882922] ? do_raw_spin_unlock+0x164/0x220 [ 1289.887400] alloc_pages_current+0x155/0x260 [ 1289.891792] kvm_mmu_create+0xda/0x1d0 [ 1289.895660] kvm_arch_vcpu_init+0x282/0x890 [ 1289.899961] ? alloc_pages_current+0x15d/0x260 [ 1289.904528] kvm_vcpu_init+0x26d/0x360 [ 1289.908487] vmx_create_vcpu+0xef/0x29d0 [ 1289.912540] ? __mutex_unlock_slowpath+0x75/0x770 [ 1289.917365] ? drop_futex_key_refs+0x2e/0xa0 [ 1289.921844] ? vmx_free_vcpu+0x2f0/0x2f0 [ 1289.925886] ? get_futex_key+0x1160/0x1160 [ 1289.930213] kvm_vm_ioctl+0x4ca/0x13e0 [ 1289.934083] ? kvm_vcpu_release+0xa0/0xa0 [ 1289.938219] ? check_preemption_disabled+0x35/0x240 [ 1289.943255] ? perf_trace_lock+0xf7/0x490 [ 1289.947389] ? perf_trace_lock_acquire+0x510/0x510 [ 1289.952296] ? btrfs_statfs+0x1280/0x1280 [ 1289.956436] ? kvm_vcpu_release+0xa0/0xa0 [ 1289.960568] do_vfs_ioctl+0x75a/0xff0 [ 1289.964350] ? ioctl_preallocate+0x1a0/0x1a0 [ 1289.969605] ? lock_downgrade+0x740/0x740 [ 1289.973739] ? __fget+0x225/0x360 [ 1289.977175] ? do_vfs_ioctl+0xff0/0xff0 [ 1289.981128] ? security_file_ioctl+0x83/0xb0 [ 1289.985516] SyS_ioctl+0x7f/0xb0 [ 1289.988861] ? do_vfs_ioctl+0xff0/0xff0 [ 1289.992816] do_syscall_64+0x1d5/0x640 [ 1289.996687] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1290.001855] RIP: 0033:0x465f69 [ 1290.005022] RSP: 002b:00007f58847db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1290.012724] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69 [ 1290.019974] RDX: 0000000000000007 RSI: 000000000000ae41 RDI: 0000000000000005 [ 1290.027223] RBP: 00000000004bfa67 R08: 0000000000000000 R09: 0000000000000000 [ 1290.034477] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1290.041726] R13: 00007ffd2f6bf3cf R14: 00007f58847db300 R15: 0000000000022000 [ 1290.048992] CPU: 0 PID: 1532 Comm: khungtaskd Not tainted 4.14.224-syzkaller #0 [ 1290.056436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.065787] Call Trace: [ 1290.068375] dump_stack+0x1b2/0x281 [ 1290.072003] nmi_cpu_backtrace.cold+0x57/0x93 [ 1290.076620] ? irq_force_complete_move+0x350/0x350 [ 1290.081546] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 1290.086817] watchdog+0x5b9/0xb40 [ 1290.090265] ? hungtask_pm_notify+0x50/0x50 [ 1290.094581] kthread+0x30d/0x420 [ 1290.097941] ? kthread_create_on_node+0xd0/0xd0 [ 1290.102605] ret_from_fork+0x24/0x30 [ 1290.106750] Sending NMI from CPU 0 to CPUs 1: [ 1290.111532] NMI backtrace for cpu 1 [ 1290.111537] CPU: 1 PID: 7984 Comm: syz-fuzzer Not tainted 4.14.224-syzkaller #0 [ 1290.111540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.111544] task: ffff8880b33f06c0 task.stack: ffff888090310000 [ 1290.111546] RIP: 0010:__sanitizer_cov_trace_pc+0x28/0x50 [ 1290.111549] RSP: 0000:ffff888090317c50 EFLAGS: 00000297 [ 1290.111554] RAX: ffff8880b33f06c0 RBX: 0000000000000001 RCX: 0000000000000001 [ 1290.111557] RDX: 0000000000000000 RSI: ffffea0001e465c0 RDI: 0000000000000001 [ 1290.111560] RBP: 0000000000000001 R08: ffff888090317d78 R09: 0000000000040411 [ 1290.111563] R10: ffff8880b33f0f70 R11: ffff8880b33f06c0 R12: ffffea0001e465c0 [ 1290.111566] R13: ffff8880b33f06c0 R14: ffff8880ac37d800 R15: ffff8880b33f1960 [ 1290.111569] FS: 000000c00002f090(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 1290.111572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1290.111576] CR2: 000000c010b97000 CR3: 000000009a821000 CR4: 00000000001426e0 [ 1290.111579] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1290.111582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1290.111583] Call Trace: [ 1290.111586] __cpu_to_node+0xc/0xa0 [ 1290.111588] should_numa_migrate_memory+0x49/0x470 [ 1290.111590] mpol_misplaced+0x174/0x5d0 [ 1290.111592] __handle_mm_fault+0x1a4e/0x4620 [ 1290.111595] ? vm_insert_page+0x7c0/0x7c0 [ 1290.111597] ? perf_trace_lock_acquire+0x510/0x510 [ 1290.111600] ? __fsnotify_update_child_dentry_flags.part.0+0x2e0/0x2e0 [ 1290.111602] handle_mm_fault+0x391/0x860 13:27:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fsetxattr$security_ima(r1, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000040)=@sha1={0x1, "c96ce2a18df1e5c7eccd2abd665c679282e9c6f0"}, 0x15, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c00000000018480a9c4c9b61cca000002000000240001881400018008000100e000000108000200000000000c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000"], 0x5c}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 13:27:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0xae401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:27:41 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfffffffffffffff7, 0x20002) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00', 0xffffffffffffffff) sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x4c, r1, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x80000001}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x40440c0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="5f454c44065b05107311"], 0xa) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r4) r6 = socket$netlink(0x10, 0x3, 0x4) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000003c0)=0xc) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r2, 0x0, r4, 0x0, 0x4f0a, 0x0) 13:27:41 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x12c, &(0x7f0000002ac0)="c4c691019919da078a0098d1e0a593b040f762914000000000000022addee07bee0d6333b5cacd893169b618322ff6602022511253508b5a4496020000000000000029b9ab9b7136283e350808ffdb2dbea7410b363de4fb357baa17dacdcfac32957dc8bb44e203c4b1bc83d8c0b275bcf2e3482945fef116371f8c8c0c4db583a208718e3cccd9dd3bf7a0b9daf36c29d2d3e73af34a91a4a8844ee497e66472419a30843900bb4ff9a7df5ee0fdbb6e3a288594f90399ef71d1fa7b32513f49d5135aea235f80005999dd604f5f3bcdc9ded4aad49dc3d25b919b831d2c8e6845a80deedf485234af0e7317f1ec9f9a795c21f38800907bac0a7553cf257c7f2b6761d38c43d422393d282ae11c9cadc5691f10a8f02b116f9a7507f9cc07de5216ffa863d438437e68f7"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x17) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = gettid() tkill(r2, 0x40) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x103002, 0x0) ioctl$EVIOCGPROP(r3, 0xc004743e, &(0x7f0000000140)=""/249) r4 = memfd_create(&(0x7f0000000080)='^\x92\x88jo\x98Y+\xe1k\xf2\xc6\x12\xd8\x98c:d\xc2q\xd9Xk\xbd\x80K\xd4W\xdf&\xdb\xc5\xbc\xb3\\\xf9\xd3\xce\xe3\x81\x97\xee\xff\xa9b\x03\xb5@\x82\x05\xa1O#\x89\xb0\xe1\xe0\xa0#\f\xfa-\x033\xb1\x86\x96Zg\r|/\x9c\xf7@y\xf8c2\xe7\'\xec\ag\x94\x9f\xa0\xcf\xca\xfb\x02\x00'/103, 0x0) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f00000003c0)=0x16452d0) pwritev(r4, &(0x7f0000001540)=[{&(0x7f0000000040)='\r', 0x1}], 0x1, 0x81001, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x1c18c1, 0x0) [ 1290.111605] __do_page_fault+0x549/0xad0 [ 1290.111607] ? spurious_fault+0x640/0x640 [ 1290.111609] ? do_page_fault+0x60/0x500 [ 1290.111611] ? page_fault+0x2f/0x50 [ 1290.111613] page_fault+0x45/0x50 [ 1290.111614] RIP: 0017:0x17 [ 1290.111617] RSP: 1000:000000c01c6836f8 EFLAGS: 00000000 [ 1290.111618] Code: 90 90 90 65 48 8b 04 25 80 df 01 00 48 85 c0 74 1a 65 8b 15 cb bd ac 7e 81 e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 83 fa 01 74 01 48 8b 34 24 48 8b 88 60 13 00 00 8b 80 5c 13 00 00 48 8b 11 [ 1290.167326] Kernel panic - not syncing: hung_task: blocked tasks 13:27:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0xd000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x8, 0xffff, 0x5, 0x40, 0xd4, 0xb0, 0x1f, 0x88, 0x3f, 0x2, 0xf7, 0x6, 0x2b}, {0x7, 0x7, 0x20, 0x1, 0x3, 0x0, 0x9, 0x1, 0x8, 0x6, 0x1, 0x5, 0xb3}, {0xbfcf, 0x5, 0x9, 0x9, 0x12, 0x6, 0x7, 0x24, 0x6c, 0x0, 0x1, 0x0, 0x5}], 0x1}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) [ 1290.314256] CPU: 0 PID: 1532 Comm: khungtaskd Not tainted 4.14.224-syzkaller #0 [ 1290.321696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.331048] Call Trace: [ 1290.333631] dump_stack+0x1b2/0x281 [ 1290.337259] panic+0x1f9/0x42d [ 1290.340449] ? add_taint.cold+0x16/0x16 [ 1290.344426] watchdog+0x5ca/0xb40 [ 1290.347875] ? hungtask_pm_notify+0x50/0x50 [ 1290.352197] kthread+0x30d/0x420 [ 1290.355560] ? kthread_create_on_node+0xd0/0xd0 [ 1290.360235] ret_from_fork+0x24/0x30 [ 1290.364885] Kernel Offset: disabled [ 1290.373499] Rebooting in 86400 seconds..