u_release+0xa0/0xa0
[ 1076.225960]  ? trace_hardirqs_on+0x10/0x10
[ 1076.230212]  ? trace_hardirqs_on+0x10/0x10
[ 1076.234463]  ? __might_fault+0x110/0x1d0
[ 1076.238541]  ? save_trace+0x290/0x290
[ 1076.242392]  ? __might_fault+0x110/0x1d0
[ 1076.246469]  ? __fget+0x210/0x370
[ 1076.249937]  ? find_held_lock+0x35/0x130
[ 1076.254012]  ? __fget+0x210/0x370
[ 1076.257478]  ? kvm_vcpu_release+0xa0/0xa0
[ 1076.261726]  do_vfs_ioctl+0x7ae/0x1060
[ 1076.265632]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1076.270560]  ? lock_downgrade+0x740/0x740
[ 1076.274723]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1076.279147]  ? __fget+0x237/0x370
[ 1076.282625]  ? security_file_ioctl+0x89/0xb0
[ 1076.287045]  SyS_ioctl+0x8f/0xc0
[ 1076.290607]  ? do_vfs_ioctl+0x1060/0x1060
[ 1076.294773]  do_syscall_64+0x1e8/0x640
[ 1076.298685]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1076.303549]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1076.308757] RIP: 0033:0x45c429
[ 1076.311958] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1076.319680] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1076.327921] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1076.335207] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1076.342617] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
05:08:23 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:23 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:23 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
accept$alg(r1, 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)=[{&(0x7f000077ff7d), 0xf0ff7f}], 0x1}, 0x0)

05:08:23 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

[ 1076.349901] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1076.367501] warn_alloc_show_mem: 2 callbacks suppressed
[ 1076.367505] Mem-Info:
[ 1076.369049] syz-executor.2: 
[ 1076.377865] active_anon:837573 inactive_anon:4833 isolated_anon:0
[ 1076.377865]  active_file:14304 inactive_file:6575 isolated_file:0
[ 1076.377865]  unevictable:0 dirty:288 writeback:0 unstable:0
[ 1076.377865]  slab_reclaimable:17425 slab_unreclaimable:150256
[ 1076.377865]  mapped:59413 shmem:255 pagetables:16914 bounce:0
[ 1076.377865]  free:474997 free_pcp:330 free_cma:0
[ 1076.390231] page allocation failure: order:0
[ 1076.420831] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1076.420851] Node 1 active_anon:1429612kB inactive_anon:18548kB active_file:55360kB inactive_file:23204kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26916kB dirty:1032kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
05:08:24 executing program 1:
r0 = getpid()
ptrace$setregs(0xd, 0x0, 0x30000000000, 0x0)
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x0, &(0x7f0000000380))
getpgid(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r3, 0x80685600, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close(r2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000200)={0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

05:08:24 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f58827", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:24 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:24 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

[ 1076.420856] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1076.420879] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1076.420900] Node 0 DMA32 free:31544kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:168kB local_pcp:60kB free_cma:0kB
[ 1076.420924] lowmem_reserve[]: 0 0 0 0 0
05:08:24 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, 0x0, 0x0)

[ 1076.420944] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1076.420965] lowmem_reserve[]: 0 0 0 0 0
[ 1076.420985] Node 1 Normal free:1857956kB min:53504kB low:66880kB high:80256kB active_anon:1429612kB inactive_anon:18548kB active_file:55360kB inactive_file:23204kB unevictable:0kB writepending:1032kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13984kB pagetables:28040kB bounce:0kB free_pcp:1104kB local_pcp:492kB free_cma:0kB
[ 1076.421007] lowmem_reserve[]: 0 0 0 0 0
[ 1076.421026] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1076.421102] Node 0 DMA32: 828*4kB (UME) 553*8kB (UMH) 362*16kB (UM) 323*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31544kB
05:08:24 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

[ 1076.421341] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1076.421391] Node 1 Normal: 157*4kB (UME) 85*8kB (UME) 54*16kB (UME) 192*32kB (UM) 40*64kB (UM) 2*128kB (ME) 2*256kB (M) 4*512kB (UME) 3*1024kB (UM) 3*2048kB (UM) 448*4096kB (M) = 1857916kB
[ 1076.421480] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1076.421486] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1076.421493] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:08:24 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:24 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, 0x0, 0x0)

[ 1076.421500] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1076.421504] 21141 total pagecache pages
[ 1076.421522] 0 pages in swap cache
[ 1076.421527] Swap cache stats: add 0, delete 0, find 0/0
[ 1076.421531] Free swap  = 0kB
[ 1076.421534] Total swap = 0kB
[ 1076.421540] 1965979 pages RAM
[ 1076.421544] 0 pages HighMem/MovableOnly
[ 1076.421547] 335854 pages reserved
[ 1076.421550] 0 pages cma reserved
[ 1076.770398] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1076.795075] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1076.840848] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1076.862074] CPU: 0 PID: 9682 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1076.873480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1076.883450] Call Trace:
[ 1076.886249]  dump_stack+0x142/0x197
[ 1076.890011]  warn_alloc.cold+0x96/0x1af
[ 1076.894097]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1076.898998]  ? wait_for_completion+0x420/0x420
[ 1076.903604]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1076.909603]  ? warn_alloc+0xf0/0xf0
[ 1076.913259]  ? __might_sleep+0x93/0xb0
[ 1076.917165]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1076.921953]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1076.926812]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1076.931839]  ? check_preemption_disabled+0x3c/0x250
[ 1076.937010]  alloc_pages_current+0xec/0x1e0
[ 1076.941450]  ? kvm_set_tsc_khz+0x14b/0x490
[ 1076.944516] syz-executor.1: page allocation failure: order:0
[ 1076.945704]  kvm_mmu_create+0xdf/0x1e0
[ 1076.945719]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1076.951701] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1076.955395]  kvm_vcpu_init+0x272/0x360
[ 1076.955409]  vmx_create_vcpu+0xfc/0x2aa0
[ 1076.955421]  ? mutex_trylock+0x1c0/0x1c0
[ 1076.955436]  ? handle_rdmsr+0x6e0/0x6e0
[ 1076.955449]  ? wait_for_completion+0x420/0x420
[ 1076.959878] (null)
[ 1076.965670]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1076.965685]  kvm_vm_ioctl+0x501/0x1600
[ 1076.965696]  ? __lock_acquire+0x5f7/0x4620
[ 1076.965704]  ? find_held_lock+0x35/0x130
[ 1076.965716]  ? kvm_vcpu_release+0xa0/0xa0
[ 1076.965727]  ? trace_hardirqs_on+0x10/0x10
[ 1076.965739]  ? retint_kernel+0x2d/0x2d
[ 1076.965753]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1076.973940] syz-executor.1 cpuset=
[ 1076.977916]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1076.977932]  ? check_preemption_disabled+0x3c/0x250
[ 1076.977945]  ? retint_kernel+0x2d/0x2d
[ 1076.982047] syz1
[ 1076.986523]  ? do_vfs_ioctl+0x74f/0x1060
[ 1076.988833]  mems_allowed=0-1
[ 1076.992977]  ? kvm_vcpu_release+0xa0/0xa0
[ 1076.992989]  do_vfs_ioctl+0x7ae/0x1060
[ 1076.993003]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1076.993013]  ? lock_downgrade+0x740/0x740
[ 1076.993024]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1076.993036]  ? __fget+0x237/0x370
[ 1076.993052]  ? security_file_ioctl+0x89/0xb0
[ 1077.078199]  SyS_ioctl+0x8f/0xc0
[ 1077.081609]  ? do_vfs_ioctl+0x1060/0x1060
[ 1077.085849]  do_syscall_64+0x1e8/0x640
[ 1077.089963]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1077.094940]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1077.100130] RIP: 0033:0x45c429
[ 1077.103310] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1077.111031] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1077.118301] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1077.125580] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1077.133216] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1077.140590] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1077.148080] CPU: 1 PID: 9709 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1077.155900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1077.165359] Call Trace:
[ 1077.167967]  dump_stack+0x142/0x197
[ 1077.171612]  warn_alloc.cold+0x96/0x1af
[ 1077.175599]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1077.180609]  ? wait_for_completion+0x420/0x420
[ 1077.185224]  __alloc_pages_slowpath+0x23c6/0x2930
05:08:24 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:24 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f58827", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:24 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f1", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:24 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, 0x0, 0x0)

[ 1077.190323]  ? warn_alloc+0xf0/0xf0
[ 1077.194006]  ? __might_sleep+0x93/0xb0
[ 1077.198327]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1077.203236]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1077.208248]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1077.213269]  alloc_pages_current+0xec/0x1e0
[ 1077.217592]  kvm_mmu_create+0xdf/0x1e0
[ 1077.221494]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1077.225961]  kvm_vcpu_init+0x272/0x360
[ 1077.229896]  vmx_create_vcpu+0xfc/0x2aa0
[ 1077.233982]  ? mutex_trylock+0x1c0/0x1c0
[ 1077.238063]  ? handle_rdmsr+0x6e0/0x6e0
[ 1077.242059]  ? wait_for_completion+0x420/0x420
[ 1077.246661]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1077.251000]  kvm_vm_ioctl+0x501/0x1600
[ 1077.254897]  ? __lock_acquire+0x5f7/0x4620
[ 1077.259142]  ? find_held_lock+0x35/0x130
[ 1077.263221]  ? kvm_vcpu_release+0xa0/0xa0
[ 1077.267386]  ? trace_hardirqs_on+0x10/0x10
[ 1077.271640]  ? trace_hardirqs_on+0x10/0x10
[ 1077.276000]  ? __might_fault+0x110/0x1d0
[ 1077.280073]  ? save_trace+0x290/0x290
[ 1077.283884]  ? __might_fault+0x110/0x1d0
[ 1077.288055]  ? __fget+0x210/0x370
[ 1077.291528]  ? find_held_lock+0x35/0x130
[ 1077.295627]  ? __fget+0x210/0x370
[ 1077.299150]  ? kvm_vcpu_release+0xa0/0xa0
[ 1077.303322]  do_vfs_ioctl+0x7ae/0x1060
[ 1077.307246]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1077.312015]  ? lock_downgrade+0x740/0x740
[ 1077.316178]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1077.320611]  ? __fget+0x237/0x370
[ 1077.324169]  ? security_file_ioctl+0x89/0xb0
[ 1077.328654]  SyS_ioctl+0x8f/0xc0
[ 1077.332098]  ? do_vfs_ioctl+0x1060/0x1060
[ 1077.336263]  do_syscall_64+0x1e8/0x640
[ 1077.340307]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1077.345194]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1077.350402] RIP: 0033:0x45c429
[ 1077.353600] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1077.361322] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1077.368602] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1077.375887] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1077.383294] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1077.390573] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1077.419276] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1077.424308] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1077.440940] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1077.464769] warn_alloc_show_mem: 1 callbacks suppressed
[ 1077.464773] Mem-Info:
[ 1077.483088] active_anon:837594 inactive_anon:4834 isolated_anon:0
[ 1077.483088]  active_file:14304 inactive_file:6587 isolated_file:0
[ 1077.483088]  unevictable:0 dirty:301 writeback:0 unstable:0
[ 1077.483088]  slab_reclaimable:17468 slab_unreclaimable:149907
[ 1077.483088]  mapped:59432 shmem:255 pagetables:16901 bounce:0
[ 1077.483088]  free:475255 free_pcp:321 free_cma:0
[ 1077.511612] CPU: 0 PID: 9722 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1077.529097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1077.536214] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1077.538489] Call Trace:
[ 1077.567093] Node 1 active_anon:1429796kB inactive_anon:18552kB active_file:55360kB inactive_file:23252kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27092kB dirty:1084kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1077.569642]  dump_stack+0x142/0x197
[ 1077.598831] Node 0 
[ 1077.602489]  warn_alloc.cold+0x96/0x1af
[ 1077.602501]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1077.602512]  ? check_preemption_disabled+0x3c/0x250
[ 1077.602532]  ? retint_kernel+0x2d/0x2d
[ 1077.604794] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.608784]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1077.613667] lowmem_reserve[]:
[ 1077.618668]  ? warn_alloc+0xf0/0xf0
[ 1077.618688]  ? __might_sleep+0x93/0xb0
[ 1077.622609]  0
[ 1077.648972]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1077.648987]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1077.648997]  ? retint_kernel+0x2d/0x2d
[ 1077.649018]  alloc_pages_current+0xec/0x1e0
[ 1077.654473]  2569
[ 1077.657513]  kvm_mmu_create+0xdf/0x1e0
[ 1077.661154]  2569
[ 1077.665030]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1077.666798]  2569 2569
[ 1077.671479]  kvm_vcpu_init+0x272/0x360
[ 1077.671494]  vmx_create_vcpu+0xfc/0x2aa0
[ 1077.671504]  ? mutex_trylock+0x1c0/0x1c0
[ 1077.671518]  ? retint_kernel+0x2d/0x2d
[ 1077.680430]  ? handle_rdmsr+0x6e0/0x6e0
[ 1077.680444]  ? wait_for_completion+0x420/0x420
[ 1077.680458]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1077.680472]  kvm_vm_ioctl+0x501/0x1600
[ 1077.684797] Node 0 
[ 1077.686882]  ? __lock_acquire+0x5f7/0x4620
[ 1077.690831] DMA32 free:31544kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:176kB local_pcp:76kB free_cma:0kB
[ 1077.692979]  ? kvm_vcpu_release+0xa0/0xa0
[ 1077.697282] lowmem_reserve[]:
[ 1077.699791]  ? trace_hardirqs_on+0x10/0x10
[ 1077.703719]  0
[ 1077.707952]  ? trace_hardirqs_on+0x10/0x10
[ 1077.712032]  0
[ 1077.716482]  ? __might_fault+0x110/0x1d0
[ 1077.720475]  0
[ 1077.725034]  ? save_trace+0x290/0x290
[ 1077.729345]  0
[ 1077.733244]  ? __might_fault+0x110/0x1d0
[ 1077.733256]  ? __fget+0x210/0x370
[ 1077.733266]  ? find_held_lock+0x35/0x130
[ 1077.733275]  ? __fget+0x210/0x370
[ 1077.733290]  ? kvm_vcpu_release+0xa0/0xa0
[ 1077.735529]  0
[ 1077.739772]  do_vfs_ioctl+0x7ae/0x1060
[ 1077.773341]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1077.773355]  ? lock_downgrade+0x740/0x740
[ 1077.776451] Node 0 
[ 1077.780691]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1077.780703]  ? __fget+0x237/0x370
[ 1077.780721]  ? security_file_ioctl+0x89/0xb0
[ 1077.780734]  SyS_ioctl+0x8f/0xc0
[ 1077.782546] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.787296]  ? do_vfs_ioctl+0x1060/0x1060
[ 1077.789076] lowmem_reserve[]:
[ 1077.793157]  do_syscall_64+0x1e8/0x640
[ 1077.793169]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1077.793184]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1077.793191] RIP: 0033:0x45c429
[ 1077.793199] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246
[ 1077.794990]  0
[ 1077.798771]  ORIG_RAX: 0000000000000010
[ 1077.800596]  0
[ 1077.804623] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1077.804631] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1077.808081]  0
[ 1077.812147] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1077.812153] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1077.812158] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1077.909602] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1077.967301]  0 0
[ 1077.968140] syz-executor.1 cpuset=
[ 1077.969334] Node 1 Normal free:1857404kB min:53504kB low:66880kB high:80256kB active_anon:1429596kB inactive_anon:18552kB active_file:55360kB inactive_file:23252kB unevictable:0kB writepending:1084kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13728kB pagetables:27692kB bounce:0kB free_pcp:1324kB local_pcp:652kB free_cma:0kB
[ 1077.969360] lowmem_reserve[]:
[ 1077.973630] syz1
[ 1078.008251]  0
[ 1078.010572]  mems_allowed=0-1
[ 1078.012893]  0 0 0 0
[ 1078.015678] CPU: 0 PID: 9718 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1078.017888] Node 0 
[ 1078.025699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1078.025705] Call Trace:
[ 1078.025725]  dump_stack+0x142/0x197
[ 1078.025739]  warn_alloc.cold+0x96/0x1af
[ 1078.025748]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1078.025765]  ? wait_for_completion+0x420/0x420
[ 1078.025778]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1078.025800]  ? warn_alloc+0xf0/0xf0
[ 1078.025820]  ? __might_sleep+0x93/0xb0
[ 1078.025832]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1078.025846]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1078.025856]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1078.025878]  alloc_pages_current+0xec/0x1e0
[ 1078.025892]  kvm_mmu_create+0xdf/0x1e0
[ 1078.025905]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1078.025918]  kvm_vcpu_init+0x272/0x360
[ 1078.025930]  vmx_create_vcpu+0xfc/0x2aa0
[ 1078.025939]  ? mutex_trylock+0x1c0/0x1c0
[ 1078.025955]  ? handle_rdmsr+0x6e0/0x6e0
[ 1078.025964]  ? wait_for_completion+0x420/0x420
[ 1078.025988]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1078.025999]  kvm_vm_ioctl+0x501/0x1600
[ 1078.026009]  ? __lock_acquire+0x5f7/0x4620
[ 1078.026022]  ? kvm_vcpu_release+0xa0/0xa0
[ 1078.026030]  ? retint_kernel+0x2d/0x2d
[ 1078.026041]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1078.026053]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1078.026067]  ? check_preemption_disabled+0x3c/0x250
[ 1078.026076]  ? retint_kernel+0x2d/0x2d
[ 1078.026094]  ? selinux_file_ioctl+0x400/0x560
[ 1078.026110]  ? __sanitizer_cov_trace_pc+0x4e/0x60
[ 1078.026123]  ? kvm_vcpu_release+0xa0/0xa0
[ 1078.026133]  do_vfs_ioctl+0x7ae/0x1060
[ 1078.026143]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1078.026151]  ? lock_downgrade+0x740/0x740
[ 1078.026162]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1078.026174]  ? __fget+0x237/0x370
[ 1078.026191]  ? security_file_ioctl+0x89/0xb0
[ 1078.026202]  SyS_ioctl+0x8f/0xc0
[ 1078.026213]  ? do_vfs_ioctl+0x1060/0x1060
[ 1078.028685] DMA: 
[ 1078.037969]  do_syscall_64+0x1e8/0x640
[ 1078.037981]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1078.038000]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1078.040595] 12*4kB 
[ 1078.044581] RIP: 0033:0x45c429
[ 1078.048539] (UM) 
[ 1078.053391] RSP: 002b:00007f39eeb5dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1078.053403] RAX: ffffffffffffffda RBX: 00007f39eeb5e6d4 RCX: 000000000045c429
[ 1078.053407] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1078.053412] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1078.053416] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1078.053421] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1078.279078] 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1078.292073] Node 0 DMA32: 828*4kB (UME) 553*8kB (UMH) 362*16kB (UM) 325*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31608kB
[ 1078.307606] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1078.318398] Node 1 Normal: 350*4kB (UM) 231*8kB (UME) 66*16kB (UME) 217*32kB (UM) 45*64kB (UME) 2*128kB (UM) 4*256kB (UME) 3*512kB (UM) 3*1024kB (UM) 2*2048kB (M) 448*4096kB (M) = 1859120kB
[ 1078.336002] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.345205] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1078.353844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.362782] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:08:26 executing program 1:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:26 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:26 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f1", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:26 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f5882722", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:26 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, 0x0}, 0x0)

05:08:26 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1078.371404] 21168 total pagecache pages
[ 1078.375388] 0 pages in swap cache
[ 1078.378869] Swap cache stats: add 0, delete 0, find 0/0
[ 1078.384289] Free swap  = 0kB
[ 1078.387311] Total swap = 0kB
[ 1078.390398] 1965979 pages RAM
[ 1078.393587] 0 pages HighMem/MovableOnly
[ 1078.397576] 335854 pages reserved
[ 1078.401110] 0 pages cma reserved
05:08:26 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f1", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:26 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, 0x0}, 0x0)

[ 1078.457377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:26 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f5882722", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:26 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:26 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:26 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f5882722", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1078.596688] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1078.742861] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1078.778032] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1078.825588] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1078.833726] syz-executor.1 cpuset=syz1 mems_allowed=0-1
[ 1078.841013] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1078.846447] CPU: 1 PID: 9755 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1078.855479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1078.864853] Call Trace:
[ 1078.867977]  dump_stack+0x142/0x197
[ 1078.871611]  warn_alloc.cold+0x96/0x1af
[ 1078.875614]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1078.882174]  ? wait_for_completion+0x420/0x420
[ 1078.886794]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1078.891671]  ? warn_alloc+0xf0/0xf0
[ 1078.895491]  ? __might_sleep+0x93/0xb0
[ 1078.900560]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1078.905266]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1078.910310]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1078.915352]  alloc_pages_current+0xec/0x1e0
[ 1078.919696]  kvm_mmu_create+0xdf/0x1e0
[ 1078.923593]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1078.928038]  kvm_vcpu_init+0x272/0x360
[ 1078.931940]  vmx_create_vcpu+0xfc/0x2aa0
[ 1078.936350]  ? mutex_trylock+0x1c0/0x1c0
[ 1078.940440]  ? handle_rdmsr+0x6e0/0x6e0
[ 1078.944430]  ? wait_for_completion+0x420/0x420
[ 1078.949020]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1078.953372]  kvm_vm_ioctl+0x501/0x1600
[ 1078.957277]  ? __lock_acquire+0x5f7/0x4620
[ 1078.961523]  ? find_held_lock+0x35/0x130
[ 1078.965599]  ? kvm_vcpu_release+0xa0/0xa0
[ 1078.969794]  ? trace_hardirqs_on+0x10/0x10
[ 1078.974052]  ? trace_hardirqs_on+0x10/0x10
[ 1078.978293]  ? __might_fault+0x110/0x1d0
[ 1078.982376]  ? save_trace+0x290/0x290
[ 1078.986304]  ? __might_fault+0x110/0x1d0
[ 1078.990384]  ? __fget+0x210/0x370
[ 1078.993857]  ? find_held_lock+0x35/0x130
[ 1078.997924]  ? __fget+0x210/0x370
[ 1079.001396]  ? kvm_vcpu_release+0xa0/0xa0
[ 1079.005552]  do_vfs_ioctl+0x7ae/0x1060
[ 1079.009498]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1079.014435]  ? lock_downgrade+0x740/0x740
[ 1079.018693]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1079.023107]  ? __fget+0x237/0x370
[ 1079.026604]  ? security_file_ioctl+0x89/0xb0
[ 1079.031074]  SyS_ioctl+0x8f/0xc0
[ 1079.034454]  ? do_vfs_ioctl+0x1060/0x1060
[ 1079.038619]  do_syscall_64+0x1e8/0x640
[ 1079.042528]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.047443]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1079.052648] RIP: 0033:0x45c429
[ 1079.055841] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.063559] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1079.070937] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1079.078318] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1079.085831] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1079.093131] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1079.100702] CPU: 0 PID: 9746 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1079.107510] warn_alloc_show_mem: 2 callbacks suppressed
[ 1079.107514] Mem-Info:
[ 1079.108529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.108534] Call Trace:
[ 1079.108552]  dump_stack+0x142/0x197
[ 1079.108565]  warn_alloc.cold+0x96/0x1af
[ 1079.108577]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1079.114597] active_anon:837595 inactive_anon:4832 isolated_anon:0
[ 1079.114597]  active_file:14304 inactive_file:6601 isolated_file:0
[ 1079.114597]  unevictable:0 dirty:291 writeback:0 unstable:0
[ 1079.114597]  slab_reclaimable:17532 slab_unreclaimable:150055
[ 1079.114597]  mapped:59417 shmem:255 pagetables:16875 bounce:0
[ 1079.114597]  free:475120 free_pcp:331 free_cma:0
[ 1079.116454]  ? wait_for_completion+0x420/0x420
[ 1079.116476]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1079.126541] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1079.128461]  ? warn_alloc+0xf0/0xf0
[ 1079.128482]  ? __might_sleep+0x93/0xb0
[ 1079.132372] Node 1 active_anon:1429700kB inactive_anon:18544kB active_file:55360kB inactive_file:23308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26932kB dirty:1048kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1079.136433]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1079.136447]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1079.136460]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1079.136469]  ? check_preemption_disabled+0x3c/0x250
[ 1079.136490]  alloc_pages_current+0xec/0x1e0
[ 1079.141982] Node 0 
[ 1079.176815]  ? kvm_set_tsc_khz+0x188/0x490
[ 1079.176832]  kvm_mmu_create+0xdf/0x1e0
[ 1079.176846]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1079.176860]  kvm_vcpu_init+0x272/0x360
[ 1079.176871]  vmx_create_vcpu+0xfc/0x2aa0
[ 1079.176881]  ? mutex_trylock+0x1c0/0x1c0
[ 1079.176895]  ? retint_kernel+0x2d/0x2d
[ 1079.176908]  ? handle_rdmsr+0x6e0/0x6e0
[ 1079.182044] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1079.186359]  ? wait_for_completion+0x420/0x420
[ 1079.186376]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1079.186390]  kvm_vm_ioctl+0x501/0x1600
[ 1079.186401]  ? __lock_acquire+0x5f7/0x4620
[ 1079.186414]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1079.215350] lowmem_reserve[]:
[ 1079.218346]  ? kvm_vcpu_release+0xa0/0xa0
[ 1079.218366]  ? trace_hardirqs_on+0x10/0x10
[ 1079.218378]  ? save_trace+0x290/0x290
[ 1079.222428]  0
[ 1079.250141]  ? lock_release+0x44d/0x940
[ 1079.250156]  ? __fget+0x210/0x370
[ 1079.250165]  ? find_held_lock+0x35/0x130
[ 1079.250175]  ? __fget+0x210/0x370
[ 1079.250189]  ? kvm_vcpu_release+0xa0/0xa0
[ 1079.250199]  do_vfs_ioctl+0x7ae/0x1060
[ 1079.250212]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1079.250220]  ? lock_downgrade+0x740/0x740
[ 1079.250230]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1079.250240]  ? __fget+0x237/0x370
[ 1079.250256]  ? security_file_ioctl+0x89/0xb0
[ 1079.256633]  2569
[ 1079.259678]  SyS_ioctl+0x8f/0xc0
[ 1079.259688]  ? do_vfs_ioctl+0x1060/0x1060
[ 1079.259701]  do_syscall_64+0x1e8/0x640
[ 1079.264886]  2569
[ 1079.269792]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.269811]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1079.269822] RIP: 0033:0x45c429
[ 1079.274589]  2569
[ 1079.276395] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.276417] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1079.276426] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1079.276432] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1079.276436] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1079.276445] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1079.280874]  2569
[ 1079.475766] syz-executor.1: 
[ 1079.489462] page allocation failure: order:0
[ 1079.493083] Node 0 
[ 1079.504787] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1079.505489] DMA32 free:31808kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:192kB local_pcp:80kB free_cma:0kB
[ 1079.510500] (null)
[ 1079.512229] lowmem_reserve[]:
[ 1079.518431] syz-executor.1 cpuset=
[ 1079.547158]  0 0 0 0 0
[ 1079.547178] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1079.547198] lowmem_reserve[]: 0 0 0 0 0
[ 1079.547219] Node 1 Normal free:1859316kB min:53504kB low:66880kB high:80256kB active_anon:1429496kB inactive_anon:18552kB active_file:55360kB inactive_file:23316kB unevictable:0kB writepending:1064kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13792kB pagetables:27692kB bounce:0kB free_pcp:1204kB local_pcp:596kB free_cma:0kB
[ 1079.547249] lowmem_reserve[]: 0 0 0 0 0
[ 1079.547267] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB 
[ 1079.554751] syz1
[ 1079.556300] (UM) 
[ 1079.558864]  mems_allowed=0-1
[ 1079.584153] 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1079.584192] Node 0 DMA32: 828*4kB (UME) 578*8kB (UMH) 362*16kB (UM) 325*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31808kB
[ 1079.584259] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 
[ 1079.592964] CPU: 0 PID: 9776 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1079.621421] 0*4096kB 
[ 1079.625424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.632765] = 0kB
[ 1079.634714] Call Trace:
[ 1079.636767] Node 1 
[ 1079.639881]  dump_stack+0x142/0x197
[ 1079.648288] Normal: 
[ 1079.663619]  warn_alloc.cold+0x96/0x1af
[ 1079.663630]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1079.663648]  ? wait_for_completion+0x420/0x420
[ 1079.663662]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1079.673163] 353*4kB 
[ 1079.681071]  ? warn_alloc+0xf0/0xf0
[ 1079.681091]  ? __might_sleep+0x93/0xb0
[ 1079.681104]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1079.683555] (UME) 
[ 1079.692985]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.692997]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1079.693016]  alloc_pages_current+0xec/0x1e0
[ 1079.693028]  kvm_mmu_create+0xdf/0x1e0
[ 1079.693040]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1079.693058]  kvm_vcpu_init+0x272/0x360
[ 1079.693069]  vmx_create_vcpu+0xfc/0x2aa0
[ 1079.693084]  ? mutex_trylock+0x1c0/0x1c0
[ 1079.695135] 294*8kB 
[ 1079.697729]  ? handle_rdmsr+0x6e0/0x6e0
[ 1079.699937] (UME) 
[ 1079.703667]  ? wait_for_completion+0x420/0x420
[ 1079.703683]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1079.703696]  kvm_vm_ioctl+0x501/0x1600
[ 1079.703710]  ? __lock_acquire+0x5f7/0x4620
[ 1079.706046] 157*16kB 
[ 1079.710043]  ? find_held_lock+0x35/0x130
[ 1079.710058]  ? kvm_vcpu_release+0xa0/0xa0
[ 1079.710067]  ? trace_hardirqs_on+0x10/0x10
[ 1079.710080]  ? trace_hardirqs_on+0x10/0x10
[ 1079.710095]  ? __might_fault+0x110/0x1d0
[ 1079.714920] (UE) 
[ 1079.719664]  ? save_trace+0x290/0x290
[ 1079.724539] 225*32kB 
[ 1079.726816]  ? __might_fault+0x110/0x1d0
[ 1079.730457] (UE) 
[ 1079.734345]  ? __fget+0x210/0x370
[ 1079.739000] 43*64kB 
[ 1079.741156]  ? find_held_lock+0x35/0x130
[ 1079.741167]  ? __fget+0x210/0x370
[ 1079.741181]  ? kvm_vcpu_release+0xa0/0xa0
[ 1079.741195]  do_vfs_ioctl+0x7ae/0x1060
[ 1079.746345] (UM) 
[ 1079.751383]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1079.751395]  ? lock_downgrade+0x740/0x740
[ 1079.751406]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1079.751417]  ? __fget+0x237/0x370
[ 1079.751433]  ? security_file_ioctl+0x89/0xb0
[ 1079.755763] 3*128kB 
[ 1079.759672]  SyS_ioctl+0x8f/0xc0
[ 1079.764031] (UME) 
[ 1079.767905]  ? do_vfs_ioctl+0x1060/0x1060
[ 1079.772117] 3*256kB 
[ 1079.776169]  do_syscall_64+0x1e8/0x640
[ 1079.778476] (UM) 
[ 1079.782451]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.782467]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1079.782474] RIP: 0033:0x45c429
[ 1079.782478] RSP: 002b:00007f39eeb5dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.782488] RAX: ffffffffffffffda RBX: 00007f39eeb5e6d4 RCX: 000000000045c429
[ 1079.782493] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1079.782500] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1079.784643] 2*512kB 
[ 1079.789240] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1079.793599] (M) 
[ 1079.798304] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1079.971013] 2*1024kB (M) 2*2048kB (M) 448*4096kB (M) = 1859556kB
[ 1079.977327] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1079.987237] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1079.996040] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1080.005158] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1080.014183] 21183 total pagecache pages
[ 1080.018319] 0 pages in swap cache
[ 1080.023335] Swap cache stats: add 0, delete 0, find 0/0
[ 1080.029061] Free swap  = 0kB
[ 1080.032176] Total swap = 0kB
[ 1080.035212] 1965979 pages RAM
[ 1080.038301] 0 pages HighMem/MovableOnly
[ 1080.042464] 335854 pages reserved
[ 1080.045923] 0 pages cma reserved
05:08:27 executing program 1:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0xffff)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x100082)
memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0)
setresuid(0x0, 0x0, 0x0)
geteuid()
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='auxv\x00')
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100))
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
shmctl$IPC_SET(0x0, 0x1, 0x0)
shmget(0x1, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000380)=0xfffffffe)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f00000000c0)='./file0\x00')

05:08:27 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:27 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, 0x0}, 0x0)

05:08:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:27 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:27 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:27 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff000005000000000000000000", @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:27 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)}, 0x0)

[ 1080.141289] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:27 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:27 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:27 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:27 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)}, 0x0)

[ 1080.285547] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:28 executing program 1:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0xffff)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x100082)
memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0)
setresuid(0x0, 0x0, 0x0)
geteuid()
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='auxv\x00')
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100))
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
shmctl$IPC_SET(0x0, 0x1, 0x0)
shmget(0x1, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000380)=0xfffffffe)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f00000000c0)='./file0\x00')

05:08:28 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:28 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:28 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:28 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)}, 0x0)

[ 1080.485696] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1080.655484] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1080.667864] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1080.673950] CPU: 1 PID: 9791 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1080.681792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1080.691673] Call Trace:
[ 1080.694269]  dump_stack+0x142/0x197
[ 1080.697903]  warn_alloc.cold+0x96/0x1af
[ 1080.701880]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1080.706727]  ? wait_for_completion+0x420/0x420
[ 1080.711321]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1080.716186]  ? warn_alloc+0xf0/0xf0
[ 1080.719808]  ? __might_sleep+0x93/0xb0
[ 1080.723707]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1080.728388]  ? retint_kernel+0x2d/0x2d
[ 1080.732269]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1080.737291]  ? __sanitizer_cov_trace_pc+0x23/0x60
[ 1080.742168]  alloc_pages_current+0xec/0x1e0
[ 1080.747034]  kvm_mmu_create+0xdf/0x1e0
[ 1080.751918]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1080.756255]  kvm_vcpu_init+0x272/0x360
[ 1080.760158]  vmx_create_vcpu+0xfc/0x2aa0
[ 1080.764219]  ? mutex_trylock+0x1c0/0x1c0
[ 1080.768395]  ? handle_rdmsr+0x6e0/0x6e0
[ 1080.772374]  ? wait_for_completion+0x420/0x420
[ 1080.777072]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1080.781419]  kvm_vm_ioctl+0x501/0x1600
[ 1080.785314]  ? __lock_acquire+0x5f7/0x4620
[ 1080.789665]  ? kvm_vcpu_release+0xa0/0xa0
[ 1080.794170]  ? trace_hardirqs_on+0x10/0x10
[ 1080.798502]  ? trace_hardirqs_on+0x10/0x10
[ 1080.802745]  ? __might_fault+0x110/0x1d0
[ 1080.806816]  ? save_trace+0x290/0x290
[ 1080.810673]  ? __might_fault+0x110/0x1d0
[ 1080.815609]  ? __fget+0x210/0x370
[ 1080.819052]  ? find_held_lock+0x35/0x130
[ 1080.823220]  ? __fget+0x210/0x370
[ 1080.826684]  ? kvm_vcpu_release+0xa0/0xa0
[ 1080.830826]  do_vfs_ioctl+0x7ae/0x1060
[ 1080.834764]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1080.839614]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1080.844132]  ? check_preemption_disabled+0x3c/0x250
[ 1080.849304]  ? retint_kernel+0x2d/0x2d
[ 1080.853289]  SyS_ioctl+0x8f/0xc0
[ 1080.856670]  ? do_vfs_ioctl+0x1060/0x1060
[ 1080.860827]  do_syscall_64+0x1e8/0x640
[ 1080.864880]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1080.869726]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1080.875121] RIP: 0033:0x45c429
[ 1080.878309] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1080.886179] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1080.893439] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1080.901145] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1080.908493] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1080.915940] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1080.924922] warn_alloc_show_mem: 2 callbacks suppressed
[ 1080.924945] Mem-Info:
[ 1080.933733] active_anon:837551 inactive_anon:4834 isolated_anon:0
[ 1080.933733]  active_file:14304 inactive_file:6617 isolated_file:0
[ 1080.933733]  unevictable:0 dirty:312 writeback:0 unstable:0
[ 1080.933733]  slab_reclaimable:17569 slab_unreclaimable:149639
[ 1080.933733]  mapped:59432 shmem:255 pagetables:16827 bounce:0
[ 1080.933733]  free:475598 free_pcp:393 free_cma:0
[ 1080.968928] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1080.997953] Node 1 active_anon:1429524kB inactive_anon:18552kB active_file:55360kB inactive_file:23372kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:1128kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1081.026392] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1081.053561] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1081.058698] Node 0 DMA32 free:31912kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:184kB local_pcp:80kB free_cma:0kB
[ 1081.089035] lowmem_reserve[]: 0 0 0 0 0
[ 1081.093076] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1081.120416] lowmem_reserve[]: 0 0 0 0 0
[ 1081.124434] Node 1 Normal free:1860016kB min:53504kB low:66880kB high:80256kB active_anon:1429480kB inactive_anon:18552kB active_file:55360kB inactive_file:23372kB unevictable:0kB writepending:1184kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13664kB pagetables:27692kB bounce:0kB free_pcp:1380kB local_pcp:732kB free_cma:0kB
[ 1081.156008] lowmem_reserve[]: 0 0 0 0 0
[ 1081.160160] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1081.174755] Node 0 DMA32: 828*4kB (UME) 591*8kB (UMH) 363*16kB (UM) 325*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31928kB
[ 1081.190756] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1081.201691] Node 1 Normal: 294*4kB (UME) 125*8kB (UME) 245*16kB (UM) 251*32kB (UE) 50*64kB (UME) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 447*4096kB (M) = 1860016kB
[ 1081.219171] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1081.228225] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1081.237731] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1081.246671] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:08:28 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:28 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:28 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x4}}, 0x0)

05:08:28 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000001c0))

05:08:28 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)=[{0x0}], 0x1}, 0x0)

05:08:28 executing program 1:

[ 1081.255611] 21191 total pagecache pages
[ 1081.259701] 0 pages in swap cache
[ 1081.263206] Swap cache stats: add 0, delete 0, find 0/0
[ 1081.268577] Free swap  = 0kB
[ 1081.271786] Total swap = 0kB
[ 1081.274912] 1965979 pages RAM
[ 1081.278019] 0 pages HighMem/MovableOnly
[ 1081.282054] 335854 pages reserved
[ 1081.285529] 0 pages cma reserved
05:08:29 executing program 1:

05:08:29 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)=[{0x0}], 0x1}, 0x0)

05:08:29 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

[ 1081.362557] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:29 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f00000001c0))

[ 1081.416009] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:29 executing program 1:

05:08:29 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000004c0)={0x4000000, 0x0, &(0x7f0000000440)=[{0x0}], 0x1}, 0x0)

[ 1081.695767] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1081.706897] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1081.713299] CPU: 0 PID: 9847 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1081.721148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1081.730516] Call Trace:
[ 1081.733112]  dump_stack+0x142/0x197
[ 1081.736735]  warn_alloc.cold+0x96/0x1af
[ 1081.740698]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1081.745675]  ? wait_for_completion+0x420/0x420
[ 1081.750273]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1081.755535]  ? warn_alloc+0xf0/0xf0
[ 1081.759293]  ? __might_sleep+0x93/0xb0
[ 1081.763182]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1081.768033]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1081.773044]  ? retint_kernel+0x2d/0x2d
[ 1081.776937]  alloc_pages_current+0xec/0x1e0
[ 1081.781367]  kvm_mmu_create+0xdf/0x1e0
[ 1081.785262]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1081.789587]  kvm_vcpu_init+0x272/0x360
[ 1081.793596]  vmx_create_vcpu+0xfc/0x2aa0
[ 1081.797928]  ? mutex_trylock+0x1c0/0x1c0
[ 1081.802192]  ? handle_rdmsr+0x6e0/0x6e0
[ 1081.806169]  ? wait_for_completion+0x420/0x420
[ 1081.810759]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1081.815356]  kvm_vm_ioctl+0x501/0x1600
[ 1081.819348]  ? __lock_acquire+0x5f7/0x4620
[ 1081.823652]  ? find_held_lock+0x35/0x130
[ 1081.827736]  ? kvm_vcpu_release+0xa0/0xa0
[ 1081.831897]  ? retint_kernel+0x2d/0x2d
[ 1081.835787]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1081.840809]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1081.845796]  ? check_preemption_disabled+0x3c/0x250
[ 1081.850818]  ? retint_kernel+0x2d/0x2d
[ 1081.854918]  ? selinux_file_ioctl+0x2d0/0x560
[ 1081.860146]  ? kvm_vcpu_release+0xa0/0xa0
[ 1081.864302]  do_vfs_ioctl+0x7ae/0x1060
[ 1081.868192]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1081.873120]  ? check_preemption_disabled+0x3c/0x250
[ 1081.878512]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1081.882930]  ? security_file_ioctl+0x89/0xb0
[ 1081.887370]  SyS_ioctl+0x8f/0xc0
[ 1081.890757]  ? do_vfs_ioctl+0x1060/0x1060
[ 1081.894908]  do_syscall_64+0x1e8/0x640
[ 1081.898795]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1081.903727]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1081.909037] RIP: 0033:0x45c429
[ 1081.912373] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1081.920090] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1081.927503] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1081.934772] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1081.942051] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1081.949315] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1081.959610] Mem-Info:
[ 1081.962429] active_anon:837539 inactive_anon:4834 isolated_anon:0
[ 1081.962429]  active_file:14304 inactive_file:6626 isolated_file:0
[ 1081.962429]  unevictable:0 dirty:332 writeback:0 unstable:0
[ 1081.962429]  slab_reclaimable:17612 slab_unreclaimable:149684
[ 1081.962429]  mapped:59407 shmem:255 pagetables:16826 bounce:0
[ 1081.962429]  free:475506 free_pcp:404 free_cma:0
[ 1081.997603] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1082.026235] Node 1 active_anon:1429476kB inactive_anon:18552kB active_file:55360kB inactive_file:23408kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1208kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1082.054561] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1082.082237] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1082.087441] Node 0 DMA32 free:31912kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:192kB local_pcp:116kB free_cma:0kB
[ 1082.117739] lowmem_reserve[]: 0 0 0 0 0
[ 1082.122090] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1082.148179] lowmem_reserve[]: 0 0 0 0 0
[ 1082.152852] Node 1 Normal free:1859888kB min:53504kB low:66880kB high:80256kB active_anon:1429480kB inactive_anon:18552kB active_file:55360kB inactive_file:23408kB unevictable:0kB writepending:1208kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27688kB bounce:0kB free_pcp:1360kB local_pcp:660kB free_cma:0kB
[ 1082.184149] lowmem_reserve[]: 0 0 0 0 0
[ 1082.188279] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1082.203082] Node 0 DMA32: 828*4kB (UME) 589*8kB (UMH) 363*16kB (UM) 327*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31976kB
[ 1082.218367] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1082.229749] Node 1 Normal: 298*4kB (UM) 126*8kB (UME) 259*16kB (UME) 254*32kB (UE) 51*64kB (UM) 3*128kB (UME) 3*256kB (ME) 4*512kB (UME) 4*1024kB (UME) 4*2048kB (UME) 446*4096kB (M) = 1860040kB
[ 1082.247384] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1082.256597] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1082.265254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1082.274189] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1082.282939] 21195 total pagecache pages
[ 1082.287110] 0 pages in swap cache
[ 1082.290661] Swap cache stats: add 0, delete 0, find 0/0
[ 1082.298495] Free swap  = 0kB
[ 1082.301654] Total swap = 0kB
[ 1082.304780] 1965979 pages RAM
[ 1082.307913] 0 pages HighMem/MovableOnly
[ 1082.311927] 335854 pages reserved
[ 1082.315376] 0 pages cma reserved
05:08:30 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:30 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:30 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:30 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0))

05:08:30 executing program 1:

05:08:30 executing program 4:

05:08:30 executing program 4:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
capget(&(0x7f0000000000), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$inet(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10)
r5 = epoll_create(0x7fffffff)
r6 = fcntl$dupfd(r4, 0x0, r5)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @initdev}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xfef0)
splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0)

[ 1082.392304] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:30 executing program 1:

05:08:30 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:30 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0))

[ 1082.470012] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:30 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:30 executing program 1:

[ 1082.609881] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1082.657022] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1082.825638] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1082.836775] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1082.848729] CPU: 0 PID: 9884 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1082.856570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1082.865935] Call Trace:
[ 1082.868634]  dump_stack+0x142/0x197
[ 1082.872417]  warn_alloc.cold+0x96/0x1af
[ 1082.876534]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1082.881384]  ? wait_for_completion+0x420/0x420
[ 1082.886028]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1082.890980]  ? retint_kernel+0x2d/0x2d
[ 1082.894859]  ? warn_alloc+0xf0/0xf0
[ 1082.898482]  ? __might_sleep+0x93/0xb0
[ 1082.902364]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1082.907034]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.912172]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1082.917193]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1082.922067]  alloc_pages_current+0xec/0x1e0
[ 1082.926417]  kvm_mmu_create+0xdf/0x1e0
[ 1082.930319]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1082.934644]  kvm_vcpu_init+0x272/0x360
[ 1082.938531]  vmx_create_vcpu+0xfc/0x2aa0
[ 1082.942718]  ? check_preemption_disabled+0x3c/0x250
[ 1082.947747]  ? handle_rdmsr+0x6e0/0x6e0
[ 1082.951881]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1082.956200]  kvm_vm_ioctl+0x501/0x1600
[ 1082.960243]  ? __lock_acquire+0x5f7/0x4620
[ 1082.964651]  ? kvm_vcpu_release+0xa0/0xa0
[ 1082.968935]  ? trace_hardirqs_on+0x10/0x10
[ 1082.973419]  ? trace_hardirqs_on+0x10/0x10
[ 1082.977884]  ? __might_fault+0x110/0x1d0
[ 1082.982159]  ? save_trace+0x290/0x290
[ 1082.985955]  ? __might_fault+0x110/0x1d0
[ 1082.990099]  ? __fget+0x210/0x370
[ 1082.993649]  ? find_held_lock+0x35/0x130
[ 1082.997695]  ? __fget+0x210/0x370
[ 1083.001147]  ? kvm_vcpu_release+0xa0/0xa0
[ 1083.005304]  do_vfs_ioctl+0x7ae/0x1060
[ 1083.009185]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1083.013942]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1083.018706]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1083.023313]  ? check_preemption_disabled+0x3c/0x250
[ 1083.028326]  ? retint_kernel+0x2d/0x2d
[ 1083.032315]  ? security_file_ioctl+0x89/0xb0
[ 1083.036727]  SyS_ioctl+0x8f/0xc0
[ 1083.040342]  ? do_vfs_ioctl+0x1060/0x1060
[ 1083.044666]  do_syscall_64+0x1e8/0x640
[ 1083.048562]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1083.053407]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1083.058699] RIP: 0033:0x45c429
[ 1083.061873] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1083.069995] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1083.077531] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1083.084798] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1083.092262] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1083.099607] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1083.110591] Mem-Info:
[ 1083.113187] active_anon:837535 inactive_anon:4834 isolated_anon:0
[ 1083.113187]  active_file:14304 inactive_file:6626 isolated_file:0
[ 1083.113187]  unevictable:0 dirty:257 writeback:75 unstable:0
[ 1083.113187]  slab_reclaimable:17601 slab_unreclaimable:149620
[ 1083.113187]  mapped:59432 shmem:255 pagetables:16837 bounce:0
[ 1083.113187]  free:475575 free_pcp:305 free_cma:0
[ 1083.151317] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1083.182356] Node 1 active_anon:1429468kB inactive_anon:18552kB active_file:55360kB inactive_file:23452kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:664kB writeback:76kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1083.211201] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.238394] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1083.244040] Node 0 DMA32 free:31968kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:96kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:172kB local_pcp:116kB free_cma:0kB
[ 1083.274310] lowmem_reserve[]: 0 0 0 0 0
[ 1083.278531] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.304008] lowmem_reserve[]: 0 0 0 0 0
[ 1083.308029] Node 1 Normal free:1861260kB min:53504kB low:66880kB high:80256kB active_anon:1429468kB inactive_anon:18552kB active_file:55360kB inactive_file:23452kB unevictable:0kB writepending:744kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27688kB bounce:0kB free_pcp:1104kB local_pcp:464kB free_cma:0kB
[ 1083.338894] lowmem_reserve[]: 0 0 0 0 0
[ 1083.343000] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1083.357538] Node 0 DMA32: 828*4kB (UME) 588*8kB (UMH) 363*16kB (UM) 327*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31968kB
[ 1083.374915] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1083.385984] Node 1 Normal: 351*4kB (UM) 214*8kB (UME) 286*16kB (UME) 256*32kB (UME) 56*64kB (UME) 1*128kB (M) 4*256kB (UME) 3*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 446*4096kB (M) = 1861260kB
[ 1083.403766] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1083.413638] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.422402] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1083.431409] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.440243] 21205 total pagecache pages
[ 1083.445876] 0 pages in swap cache
[ 1083.449338] Swap cache stats: add 0, delete 0, find 0/0
[ 1083.454754] Free swap  = 0kB
[ 1083.457795] Total swap = 0kB
[ 1083.460862] 1965979 pages RAM
[ 1083.463965] 0 pages HighMem/MovableOnly
[ 1083.467950] 335854 pages reserved
[ 1083.471461] 0 pages cma reserved
05:08:31 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:31 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:31 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0))

05:08:31 executing program 1:

05:08:31 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:31 executing program 4:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
capget(&(0x7f0000000000), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$inet(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10)
r5 = epoll_create(0x7fffffff)
r6 = fcntl$dupfd(r4, 0x0, r5)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @initdev}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xfef0)
splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0)

05:08:31 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:31 executing program 1:

05:08:31 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)

[ 1083.573915] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:31 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:31 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:31 executing program 1:

[ 1083.754235] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1083.921402] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1083.933504] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1083.944960] CPU: 0 PID: 9923 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1083.952882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1083.962258] Call Trace:
[ 1083.964875]  dump_stack+0x142/0x197
[ 1083.968616]  warn_alloc.cold+0x96/0x1af
[ 1083.972626]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1083.977470]  ? wait_for_completion+0x420/0x420
[ 1083.982064]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1083.987015]  ? warn_alloc+0xf0/0xf0
[ 1083.990656]  ? __might_sleep+0x93/0xb0
[ 1083.994555]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1083.999322]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1084.004364]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1084.009517]  alloc_pages_current+0xec/0x1e0
[ 1084.013840]  kvm_mmu_create+0xdf/0x1e0
[ 1084.017738]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1084.022055]  kvm_vcpu_init+0x272/0x360
[ 1084.025949]  vmx_create_vcpu+0xfc/0x2aa0
[ 1084.030097]  ? mutex_trylock+0x1c0/0x1c0
[ 1084.034187]  ? handle_rdmsr+0x6e0/0x6e0
[ 1084.038162]  ? wait_for_completion+0x420/0x420
[ 1084.042746]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1084.047092]  kvm_vm_ioctl+0x501/0x1600
[ 1084.051081]  ? __lock_acquire+0x5f7/0x4620
[ 1084.055313]  ? kvm_vcpu_release+0xa0/0xa0
[ 1084.059468]  ? trace_hardirqs_on+0x10/0x10
[ 1084.063833]  ? trace_hardirqs_on+0x10/0x10
[ 1084.068082]  ? __might_fault+0x110/0x1d0
[ 1084.072138]  ? save_trace+0x290/0x290
[ 1084.076899]  ? __might_fault+0x110/0x1d0
[ 1084.080980]  ? __fget+0x210/0x370
[ 1084.084439]  ? retint_kernel+0x2d/0x2d
[ 1084.088344]  ? kvm_vcpu_release+0xa0/0xa0
[ 1084.092589]  do_vfs_ioctl+0x7ae/0x1060
[ 1084.096470]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1084.101243]  ? check_preemption_disabled+0x3c/0x250
[ 1084.106277]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1084.110696]  ? security_file_ioctl+0x89/0xb0
[ 1084.115103]  SyS_ioctl+0x8f/0xc0
[ 1084.118483]  ? do_vfs_ioctl+0x1060/0x1060
[ 1084.122641]  do_syscall_64+0x1e8/0x640
[ 1084.126527]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1084.131475]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1084.136655] RIP: 0033:0x45c429
[ 1084.139843] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1084.147597] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1084.154901] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1084.162400] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1084.169787] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1084.177067] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1084.201228] Mem-Info:
[ 1084.203791] active_anon:837542 inactive_anon:4832 isolated_anon:0
[ 1084.203791]  active_file:14304 inactive_file:6648 isolated_file:0
[ 1084.203791]  unevictable:0 dirty:235 writeback:0 unstable:0
[ 1084.203791]  slab_reclaimable:17666 slab_unreclaimable:149312
[ 1084.203791]  mapped:59410 shmem:255 pagetables:16842 bounce:0
[ 1084.203791]  free:475897 free_pcp:298 free_cma:0
[ 1084.238794] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:104kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1084.267757] Node 1 active_anon:1429488kB inactive_anon:18544kB active_file:55360kB inactive_file:23468kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26904kB dirty:836kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1084.296466] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1084.324549] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1084.329722] Node 0 DMA32 free:31992kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:104kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:160kB local_pcp:116kB free_cma:0kB
[ 1084.359971] lowmem_reserve[]: 0 0 0 0 0
[ 1084.364358] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1084.391050] lowmem_reserve[]: 0 0 0 0 0
[ 1084.395141] Node 1 Normal free:1861244kB min:53504kB low:66880kB high:80256kB active_anon:1429488kB inactive_anon:18544kB active_file:55360kB inactive_file:23468kB unevictable:0kB writepending:840kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27752kB bounce:0kB free_pcp:1196kB local_pcp:472kB free_cma:0kB
[ 1084.425956] lowmem_reserve[]: 0 0 0 0 0
[ 1084.430418] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1084.445948] Node 0 DMA32: 828*4kB (UME) 591*8kB (UMH) 363*16kB (UM) 327*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31992kB
[ 1084.462268] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1084.473461] Node 1 Normal: 315*4kB (UM) 250*8kB (UME) 304*16kB (UE) 257*32kB (UE) 55*64kB (UM) 2*128kB (ME) 2*256kB (M) 3*512kB (ME) 4*1024kB (UME) 4*2048kB (UME) 446*4096kB (M) = 1861276kB
[ 1084.490732] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1084.499589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1084.508389] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1084.517279] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1084.525970] 21213 total pagecache pages
[ 1084.529966] 0 pages in swap cache
[ 1084.534247] Swap cache stats: add 0, delete 0, find 0/0
[ 1084.539636] Free swap  = 0kB
[ 1084.542751] Total swap = 0kB
[ 1084.545765] 1965979 pages RAM
[ 1084.548981] 0 pages HighMem/MovableOnly
[ 1084.553077] 335854 pages reserved
[ 1084.556665] 0 pages cma reserved
05:08:32 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:32 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:32 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)

05:08:32 executing program 1:

05:08:32 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x4}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:32 executing program 4:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
capget(&(0x7f0000000000), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$inet(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0x10)
r5 = epoll_create(0x7fffffff)
r6 = fcntl$dupfd(r4, 0x0, r5)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @initdev}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0xfef0)
splice(r1, 0x0, r3, 0x0, 0x80000001, 0x0)

05:08:32 executing program 1:

05:08:32 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe847a071")
r1 = socket$inet(0x2, 0x100000000003, 0x400000000001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000001c0)=ANY=[], 0x17)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))
getsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)

05:08:32 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:32 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1084.668886] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:32 executing program 1:

05:08:32 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

[ 1084.784298] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1084.983132] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1084.995465] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1085.002086] CPU: 0 PID: 9951 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1085.010113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1085.019578] Call Trace:
[ 1085.022204]  dump_stack+0x142/0x197
[ 1085.025867]  warn_alloc.cold+0x96/0x1af
[ 1085.029857]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1085.034846]  ? check_preemption_disabled+0x3c/0x250
[ 1085.040009]  ? retint_kernel+0x2d/0x2d
[ 1085.043919]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1085.048883]  ? warn_alloc+0xf0/0xf0
[ 1085.052533]  ? __might_sleep+0x93/0xb0
[ 1085.056433]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1085.061119]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1085.066139]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1085.071151]  ? check_preemption_disabled+0x3c/0x250
[ 1085.076267]  alloc_pages_current+0xec/0x1e0
[ 1085.080695]  kvm_mmu_create+0xdf/0x1e0
[ 1085.084584]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1085.088954]  kvm_vcpu_init+0x272/0x360
[ 1085.092841]  vmx_create_vcpu+0xfc/0x2aa0
[ 1085.096998]  ? check_preemption_disabled+0x3c/0x250
[ 1085.102104]  ? handle_rdmsr+0x6e0/0x6e0
[ 1085.106240]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1085.110572]  kvm_vm_ioctl+0x501/0x1600
[ 1085.114455]  ? __lock_acquire+0x5f7/0x4620
[ 1085.118785]  ? kvm_vcpu_release+0xa0/0xa0
[ 1085.122921]  ? retint_kernel+0x2d/0x2d
[ 1085.126928]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1085.131975]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1085.136728]  ? check_preemption_disabled+0x3c/0x250
[ 1085.141840]  ? retint_kernel+0x2d/0x2d
[ 1085.145731]  ? __fget+0x210/0x370
[ 1085.149180]  ? lock_release+0x44d/0x940
[ 1085.153144]  ? kvm_vcpu_release+0xa0/0xa0
[ 1085.157342]  do_vfs_ioctl+0x7ae/0x1060
[ 1085.161296]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1085.166077]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1085.170484]  ? check_preemption_disabled+0x3c/0x250
[ 1085.175750]  ? retint_kernel+0x2d/0x2d
[ 1085.179645]  SyS_ioctl+0x8f/0xc0
[ 1085.183128]  ? do_vfs_ioctl+0x1060/0x1060
[ 1085.187268]  do_syscall_64+0x1e8/0x640
[ 1085.191143]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1085.195984]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1085.202686] RIP: 0033:0x45c429
[ 1085.205875] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1085.213612] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1085.220877] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1085.228163] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1085.235424] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1085.242869] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1085.253200] Mem-Info:
[ 1085.255677] active_anon:837540 inactive_anon:4834 isolated_anon:0
[ 1085.255677]  active_file:14304 inactive_file:6654 isolated_file:0
[ 1085.255677]  unevictable:0 dirty:246 writeback:0 unstable:0
[ 1085.255677]  slab_reclaimable:17691 slab_unreclaimable:149230
[ 1085.255677]  mapped:59407 shmem:255 pagetables:16827 bounce:0
[ 1085.255677]  free:475909 free_pcp:316 free_cma:0
[ 1085.290513] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:104kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1085.319005] Node 1 active_anon:1429480kB inactive_anon:18552kB active_file:55360kB inactive_file:23492kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:880kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1085.347392] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1085.374642] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1085.379880] Node 0 DMA32 free:31992kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:104kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:160kB local_pcp:116kB free_cma:0kB
[ 1085.410116] lowmem_reserve[]: 0 0 0 0 0
[ 1085.414457] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1085.440167] lowmem_reserve[]: 0 0 0 0 0
[ 1085.444467] Node 1 Normal free:1861360kB min:53504kB low:66880kB high:80256kB active_anon:1429480kB inactive_anon:18552kB active_file:55360kB inactive_file:23492kB unevictable:0kB writepending:880kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1272kB local_pcp:620kB free_cma:0kB
[ 1085.476019] lowmem_reserve[]: 0 0 0 0 0
[ 1085.480231] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1085.495007] Node 0 DMA32: 828*4kB (UME) 591*8kB (UMH) 363*16kB (UM) 327*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31992kB
[ 1085.510859] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1085.521857] Node 1 Normal: 284*4kB (UME) 165*8kB (UM) 343*16kB (UME) 278*32kB (UME) 60*64kB (UM) 1*128kB (M) 2*256kB (M) 4*512kB (UME) 3*1024kB (ME) 4*2048kB (UME) 446*4096kB (M) = 1861448kB
[ 1085.540343] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1085.549507] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1085.558217] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1085.567315] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1085.576112] 21216 total pagecache pages
[ 1085.580259] 0 pages in swap cache
[ 1085.583777] Swap cache stats: add 0, delete 0, find 0/0
[ 1085.589267] Free swap  = 0kB
[ 1085.592410] Total swap = 0kB
[ 1085.595435] 1965979 pages RAM
[ 1085.598647] 0 pages HighMem/MovableOnly
[ 1085.602673] 335854 pages reserved
[ 1085.606132] 0 pages cma reserved
05:08:33 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:33 executing program 0:

05:08:33 executing program 1:

05:08:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:33 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:33 executing program 4:

05:08:33 executing program 1:

05:08:33 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:33 executing program 4:

05:08:33 executing program 0:

05:08:33 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:33 executing program 1:

[ 1085.976589] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1085.987781] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1085.994738] CPU: 1 PID: 9992 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1086.002664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1086.012133] Call Trace:
[ 1086.014739]  dump_stack+0x142/0x197
[ 1086.018384]  warn_alloc.cold+0x96/0x1af
[ 1086.022479]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1086.027357]  ? wait_for_completion+0x420/0x420
[ 1086.031964]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1086.036832]  ? warn_alloc+0xf0/0xf0
[ 1086.040755]  ? __might_sleep+0x93/0xb0
[ 1086.044633]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1086.049302]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1086.054164]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1086.059173]  ? check_preemption_disabled+0x3c/0x250
[ 1086.064201]  alloc_pages_current+0xec/0x1e0
[ 1086.068519]  ? kvm_set_tsc_khz+0x188/0x490
[ 1086.073289]  kvm_mmu_create+0xdf/0x1e0
[ 1086.077170]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1086.081488]  ? kvm_arch_vcpu_init+0x1/0x8e0
[ 1086.085811]  kvm_vcpu_init+0x272/0x360
[ 1086.089780]  vmx_create_vcpu+0xfc/0x2aa0
[ 1086.093838]  ? mutex_trylock+0x1c0/0x1c0
[ 1086.097932]  ? handle_rdmsr+0x6e0/0x6e0
[ 1086.101922]  ? wait_for_completion+0x420/0x420
[ 1086.106588]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1086.111144]  kvm_vm_ioctl+0x501/0x1600
[ 1086.115030]  ? __lock_acquire+0x5f7/0x4620
[ 1086.119261]  ? do_futex+0xdc/0x19e0
[ 1086.122968]  ? kvm_vcpu_release+0xa0/0xa0
[ 1086.127215]  ? trace_hardirqs_on+0x10/0x10
[ 1086.131449]  ? retint_kernel+0x2d/0x2d
[ 1086.135341]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1086.140354]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1086.145143]  ? check_preemption_disabled+0x3c/0x250
[ 1086.150304]  ? retint_kernel+0x2d/0x2d
[ 1086.154192]  ? do_vfs_ioctl+0x83/0x1060
[ 1086.158248]  ? kvm_vcpu_release+0xa0/0xa0
[ 1086.162421]  do_vfs_ioctl+0x7ae/0x1060
[ 1086.166300]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1086.171049]  ? lock_downgrade+0x740/0x740
[ 1086.175206]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1086.179733]  ? __fget+0x237/0x370
[ 1086.183192]  ? security_file_ioctl+0x89/0xb0
[ 1086.187596]  SyS_ioctl+0x8f/0xc0
[ 1086.191082]  ? do_vfs_ioctl+0x1060/0x1060
[ 1086.195224]  do_syscall_64+0x1e8/0x640
[ 1086.199244]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1086.204080]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1086.209319] RIP: 0033:0x45c429
[ 1086.212525] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1086.220326] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1086.227596] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1086.235038] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1086.242583] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1086.250561] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1086.263549] Mem-Info:
[ 1086.266044] active_anon:837544 inactive_anon:4834 isolated_anon:0
[ 1086.266044]  active_file:14304 inactive_file:6662 isolated_file:0
[ 1086.266044]  unevictable:0 dirty:270 writeback:0 unstable:0
[ 1086.266044]  slab_reclaimable:17710 slab_unreclaimable:149486
[ 1086.266044]  mapped:59407 shmem:255 pagetables:16827 bounce:0
[ 1086.266044]  free:475598 free_pcp:353 free_cma:0
[ 1086.300750] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1086.329625] Node 1 active_anon:1429496kB inactive_anon:18552kB active_file:55360kB inactive_file:23524kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:968kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1086.358427] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1086.386296] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1086.392458] Node 0 DMA32 free:31992kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:184kB local_pcp:48kB free_cma:0kB
[ 1086.422898] lowmem_reserve[]: 0 0 0 0 0
[ 1086.427069] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1086.453098] lowmem_reserve[]: 0 0 0 0 0
[ 1086.457298] Node 1 Normal free:1860216kB min:53504kB low:66880kB high:80256kB active_anon:1429496kB inactive_anon:18552kB active_file:55360kB inactive_file:23524kB unevictable:0kB writepending:968kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1276kB local_pcp:628kB free_cma:0kB
[ 1086.488904] lowmem_reserve[]: 0 0 0 0 0
[ 1086.493289] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1086.508637] Node 0 DMA32: 828*4kB (UME) 591*8kB (UMH) 363*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32024kB
[ 1086.525222] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1086.536568] Node 1 Normal: 310*4kB (UME) 151*8kB (UME) 291*16kB (UM) 276*32kB (U) 62*64kB (UM) 2*128kB (UM) 2*256kB (M) 3*512kB (ME) 3*1024kB (ME) 4*2048kB (UME) 446*4096kB (M) = 1860288kB
[ 1086.554233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1086.564943] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1086.573952] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1086.583231] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1086.592672] 21224 total pagecache pages
[ 1086.597559] 0 pages in swap cache
[ 1086.601249] Swap cache stats: add 0, delete 0, find 0/0
[ 1086.606758] Free swap  = 0kB
[ 1086.609922] Total swap = 0kB
[ 1086.613387] 1965979 pages RAM
[ 1086.616549] 0 pages HighMem/MovableOnly
[ 1086.620659] 335854 pages reserved
[ 1086.624242] 0 pages cma reserved
05:08:34 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:34 executing program 4:

05:08:34 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff00000500000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:34 executing program 0:

05:08:34 executing program 1:

05:08:34 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

05:08:34 executing program 0:

05:08:34 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000050000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:34 executing program 1:

05:08:34 executing program 4:

[ 1086.708320] nla_parse: 2 callbacks suppressed
[ 1086.708326] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:34 executing program 0:

05:08:34 executing program 1:

[ 1087.013003] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1087.024223] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1087.029701] CPU: 1 PID: 10014 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1087.037577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1087.046936] Call Trace:
[ 1087.049525]  dump_stack+0x142/0x197
[ 1087.053144]  warn_alloc.cold+0x96/0x1af
[ 1087.057209]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1087.062121]  ? wait_for_completion+0x420/0x420
[ 1087.066698]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1087.071682]  ? warn_alloc+0xf0/0xf0
[ 1087.075316]  ? __might_sleep+0x93/0xb0
[ 1087.079199]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1087.083871]  ? retint_kernel+0x2d/0x2d
[ 1087.087756]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1087.092798]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1087.097586]  ? check_preemption_disabled+0x3c/0x250
[ 1087.102612]  ? retint_kernel+0x2d/0x2d
[ 1087.106495]  alloc_pages_current+0xec/0x1e0
[ 1087.110840]  kvm_mmu_create+0xdf/0x1e0
[ 1087.114753]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1087.119077]  kvm_vcpu_init+0x272/0x360
[ 1087.122981]  vmx_create_vcpu+0xfc/0x2aa0
[ 1087.127151]  ? mutex_trylock+0x1c0/0x1c0
[ 1087.131228]  ? handle_rdmsr+0x6e0/0x6e0
[ 1087.135217]  ? wait_for_completion+0x420/0x420
[ 1087.139804]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1087.144153]  kvm_vm_ioctl+0x501/0x1600
[ 1087.148150]  ? __lock_acquire+0x5f7/0x4620
[ 1087.152399]  ? mark_held_locks+0xb1/0x100
[ 1087.156746]  ? kvm_vcpu_release+0xa0/0xa0
[ 1087.160913]  ? retint_kernel+0x2d/0x2d
[ 1087.164809]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1087.169843]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1087.174605]  ? check_preemption_disabled+0x3c/0x250
[ 1087.179753]  ? retint_kernel+0x2d/0x2d
[ 1087.183666]  ? selinux_file_ioctl+0x30a/0x560
[ 1087.188166]  ? selinux_file_ioctl+0x323/0x560
[ 1087.192681]  ? kvm_vcpu_release+0xa0/0xa0
[ 1087.196838]  do_vfs_ioctl+0x7ae/0x1060
[ 1087.200734]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1087.205486]  ? lock_downgrade+0x740/0x740
[ 1087.210181]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1087.214602]  ? __fget+0x237/0x370
[ 1087.218117]  ? security_file_ioctl+0x89/0xb0
[ 1087.222537]  SyS_ioctl+0x8f/0xc0
[ 1087.225912]  ? do_vfs_ioctl+0x1060/0x1060
[ 1087.230067]  do_syscall_64+0x1e8/0x640
[ 1087.233959]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1087.238814]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1087.244009] RIP: 0033:0x45c429
[ 1087.247197] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1087.255360] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1087.262651] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1087.269925] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1087.277520] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1087.284799] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1087.294809] Mem-Info:
[ 1087.297378] active_anon:837541 inactive_anon:4835 isolated_anon:0
[ 1087.297378]  active_file:14304 inactive_file:6655 isolated_file:0
[ 1087.297378]  unevictable:0 dirty:271 writeback:0 unstable:0
[ 1087.297378]  slab_reclaimable:17712 slab_unreclaimable:149679
[ 1087.297378]  mapped:59424 shmem:255 pagetables:16820 bounce:0
[ 1087.297378]  free:475407 free_pcp:399 free_cma:0
[ 1087.335302] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1087.363869] Node 1 active_anon:1429476kB inactive_anon:18552kB active_file:55360kB inactive_file:23552kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1032kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1087.392701] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1087.419838] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1087.425729] Node 0 DMA32 free:32120kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:196kB local_pcp:56kB free_cma:0kB
[ 1087.456693] lowmem_reserve[]: 0 0 0 0 0
[ 1087.461124] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1087.486764] lowmem_reserve[]: 0 0 0 0 0
[ 1087.491136] Node 1 Normal free:1859156kB min:53504kB low:66880kB high:80256kB active_anon:1429476kB inactive_anon:18552kB active_file:55360kB inactive_file:23552kB unevictable:0kB writepending:1040kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1388kB local_pcp:704kB free_cma:0kB
[ 1087.522073] lowmem_reserve[]: 0 0 0 0 0
[ 1087.526205] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1087.541463] Node 0 DMA32: 828*4kB (UME) 601*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32120kB
[ 1087.557847] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1087.569177] Node 1 Normal: 289*4kB (UM) 60*8kB (UME) 315*16kB (UME) 276*32kB (UE) 63*64kB (UM) 2*128kB (UM) 3*256kB (ME) 3*512kB (UM) 4*1024kB (UME) 3*2048kB (ME) 446*4096kB (M) = 1859156kB
[ 1087.587280] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1087.596389] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1087.605090] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1087.614228] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1087.623199] 21234 total pagecache pages
[ 1087.627184] 0 pages in swap cache
[ 1087.630720] Swap cache stats: add 0, delete 0, find 0/0
[ 1087.636094] Free swap  = 0kB
[ 1087.639216] Total swap = 0kB
[ 1087.642302] 1965979 pages RAM
[ 1087.645542] 0 pages HighMem/MovableOnly
[ 1087.649511] 335854 pages reserved
[ 1087.653002] 0 pages cma reserved
05:08:35 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:35 executing program 4:

05:08:35 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000050000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:35 executing program 0:

05:08:35 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

05:08:35 executing program 1:

05:08:35 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010001fff0000050000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e0000001800028014000100000000b6a19c324dec3fab0ebbc757c7bc7f458168a5d5a12af6f4cebbba3a6b286cc70230251b0cfaec50864c69e23dabdda2e67d7a4e7d06c890f9a743e6f134", @ANYRES32=0x0, @ANYBLOB="0120000000000000"], 0x5}}, 0x0)

05:08:35 executing program 0:

05:08:35 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

[ 1087.741959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:35 executing program 4:

05:08:35 executing program 1:

05:08:35 executing program 4:

[ 1087.906791] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1088.042294] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1088.054212] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1088.059745] CPU: 1 PID: 10040 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1088.067661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1088.077023] Call Trace:
[ 1088.079766]  dump_stack+0x142/0x197
[ 1088.083410]  warn_alloc.cold+0x96/0x1af
[ 1088.087523]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1088.092506]  ? wait_for_completion+0x420/0x420
[ 1088.097176]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1088.102133]  ? warn_alloc+0xf0/0xf0
[ 1088.105978]  ? __might_sleep+0x93/0xb0
[ 1088.110009]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1088.115064]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1088.119929]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1088.124935]  ? check_preemption_disabled+0x3c/0x250
[ 1088.129963]  alloc_pages_current+0xec/0x1e0
[ 1088.134294]  ? kvm_set_tsc_khz+0x188/0x490
[ 1088.138532]  kvm_mmu_create+0xdf/0x1e0
[ 1088.142549]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1088.146899]  kvm_vcpu_init+0x272/0x360
[ 1088.150794]  vmx_create_vcpu+0xfc/0x2aa0
[ 1088.154870]  ? mutex_trylock+0x1c0/0x1c0
[ 1088.159013]  ? retint_kernel+0x2d/0x2d
[ 1088.162929]  ? handle_rdmsr+0x6e0/0x6e0
[ 1088.167153]  ? wait_for_completion+0x420/0x420
[ 1088.172114]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1088.176680]  kvm_vm_ioctl+0x501/0x1600
[ 1088.180569]  ? __lock_acquire+0x5f7/0x4620
[ 1088.184818]  ? kvm_vcpu_release+0xa0/0xa0
[ 1088.189077]  ? retint_kernel+0x2d/0x2d
[ 1088.192974]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1088.197993]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1088.202745]  ? check_preemption_disabled+0x3c/0x250
[ 1088.207768]  ? retint_kernel+0x2d/0x2d
[ 1088.211674]  ? selinux_file_ioctl+0x83/0x560
[ 1088.216216]  ? selinux_file_ioctl+0xb8/0x560
[ 1088.220619]  ? kvm_vcpu_release+0xa0/0xa0
[ 1088.224896]  do_vfs_ioctl+0x7ae/0x1060
[ 1088.228781]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1088.233638]  ? lock_downgrade+0x740/0x740
[ 1088.237931]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1088.242346]  ? __fget+0x237/0x370
[ 1088.246031]  ? security_file_ioctl+0x89/0xb0
[ 1088.250445]  SyS_ioctl+0x8f/0xc0
[ 1088.253969]  ? do_vfs_ioctl+0x1060/0x1060
[ 1088.258269]  do_syscall_64+0x1e8/0x640
[ 1088.262251]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1088.267231]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1088.272437] RIP: 0033:0x45c429
[ 1088.275629] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1088.283480] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1088.290881] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1088.298265] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1088.305537] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1088.314168] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1088.326609] Mem-Info:
[ 1088.329117] active_anon:837544 inactive_anon:4834 isolated_anon:0
[ 1088.329117]  active_file:14304 inactive_file:6680 isolated_file:0
[ 1088.329117]  unevictable:0 dirty:271 writeback:30 unstable:0
[ 1088.329117]  slab_reclaimable:17749 slab_unreclaimable:149940
[ 1088.329117]  mapped:59407 shmem:255 pagetables:16827 bounce:0
[ 1088.329117]  free:475129 free_pcp:299 free_cma:0
[ 1088.364356] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:84kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1088.393896] Node 1 active_anon:1429496kB inactive_anon:18552kB active_file:55360kB inactive_file:23596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1004kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1088.422738] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1088.449941] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1088.456054] Node 0 DMA32 free:32120kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:84kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:220kB local_pcp:84kB free_cma:0kB
[ 1088.495848] lowmem_reserve[]: 0 0 0 0 0
[ 1088.497969] NOHZ: local_softirq_pending 08
[ 1088.500329] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1088.530199] lowmem_reserve[]: 0 0 0 0 0
[ 1088.534467] Node 1 Normal free:1859244kB min:53504kB low:66880kB high:80256kB active_anon:1429496kB inactive_anon:18552kB active_file:55360kB inactive_file:23596kB unevictable:0kB writepending:1008kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1100kB local_pcp:468kB free_cma:0kB
[ 1088.565470] lowmem_reserve[]: 0 0 0 0 0
[ 1088.569480] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1088.584618] Node 0 DMA32: 828*4kB (UME) 600*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32112kB
[ 1088.599921] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1088.610832] Node 1 Normal: 305*4kB (UM) 135*8kB (UME) 303*16kB (UME) 276*32kB (UE) 64*64kB (UME) 1*128kB (M) 4*256kB (UME) 2*512kB (M) 4*1024kB (UME) 3*2048kB (ME) 446*4096kB (M) = 1859308kB
[ 1088.628258] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1088.637211] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1088.645890] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1088.654934] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1088.663569] 21243 total pagecache pages
[ 1088.667550] 0 pages in swap cache
[ 1088.671090] Swap cache stats: add 0, delete 0, find 0/0
[ 1088.676628] Free swap  = 0kB
[ 1088.679825] Total swap = 0kB
[ 1088.683006] 1965979 pages RAM
[ 1088.686110] 0 pages HighMem/MovableOnly
[ 1088.690263] 335854 pages reserved
[ 1088.693716] 0 pages cma reserved
05:08:36 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:36 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:36 executing program 0:

05:08:36 executing program 1:

05:08:36 executing program 5:

05:08:36 executing program 4:

05:08:36 executing program 5:

05:08:36 executing program 4:

05:08:36 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:36 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)

[ 1088.801446] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:36 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@broadcast, 0x0, 0x3c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8)
sendmmsg(r2, &(0x7f0000008440)=[{{0x0, 0x536, 0x0, 0x0, 0x0, 0x0, 0x2000000}}], 0x400000000000107, 0x0)

05:08:36 executing program 4:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x4ff00, 0x0)

[ 1089.246788] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1089.258150] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1089.268394] CPU: 0 PID: 10074 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1089.276318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1089.285674] Call Trace:
[ 1089.288288]  dump_stack+0x142/0x197
[ 1089.291912]  warn_alloc.cold+0x96/0x1af
[ 1089.295889]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1089.301528]  ? wait_for_completion+0x420/0x420
[ 1089.306104]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1089.310993]  ? warn_alloc+0xf0/0xf0
[ 1089.314625]  ? __might_sleep+0x93/0xb0
[ 1089.318513]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1089.323175]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1089.328199]  ? retint_kernel+0x2d/0x2d
[ 1089.332084]  alloc_pages_current+0xec/0x1e0
[ 1089.336399]  kvm_mmu_create+0xdf/0x1e0
[ 1089.340291]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1089.344611]  kvm_vcpu_init+0x272/0x360
[ 1089.348489]  vmx_create_vcpu+0xfc/0x2aa0
[ 1089.352558]  ? mutex_trylock+0x1c0/0x1c0
[ 1089.356620]  ? handle_rdmsr+0x6e0/0x6e0
[ 1089.360708]  ? wait_for_completion+0x420/0x420
[ 1089.365302]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1089.369659]  kvm_vm_ioctl+0x501/0x1600
[ 1089.373545]  ? __lock_acquire+0x5f7/0x4620
[ 1089.377884]  ? find_held_lock+0x35/0x130
[ 1089.381942]  ? kvm_vcpu_release+0xa0/0xa0
[ 1089.386139]  ? trace_hardirqs_on+0x10/0x10
[ 1089.390375]  ? retint_kernel+0x2d/0x2d
[ 1089.394271]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1089.399295]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1089.404061]  ? check_preemption_disabled+0x3c/0x250
[ 1089.409070]  ? retint_kernel+0x2d/0x2d
[ 1089.413065]  ? kvm_vcpu_release+0xa0/0xa0
[ 1089.417220]  ? kvm_vcpu_release+0xa0/0xa0
[ 1089.421362]  do_vfs_ioctl+0x7ae/0x1060
[ 1089.425358]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1089.430111]  ? lock_downgrade+0x740/0x740
[ 1089.434261]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1089.438674]  ? __fget+0x237/0x370
[ 1089.442130]  ? security_file_ioctl+0x89/0xb0
[ 1089.446532]  SyS_ioctl+0x8f/0xc0
[ 1089.449890]  ? do_vfs_ioctl+0x1060/0x1060
[ 1089.454032]  do_syscall_64+0x1e8/0x640
[ 1089.458421]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1089.463370]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1089.468642] RIP: 0033:0x45c429
[ 1089.471963] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1089.479672] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1089.486945] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1089.494210] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1089.501485] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1089.508758] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1089.524243] Mem-Info:
[ 1089.526974] active_anon:841662 inactive_anon:4834 isolated_anon:0
[ 1089.526974]  active_file:14304 inactive_file:6679 isolated_file:0
[ 1089.526974]  unevictable:0 dirty:304 writeback:0 unstable:0
[ 1089.526974]  slab_reclaimable:17736 slab_unreclaimable:149627
[ 1089.526974]  mapped:59419 shmem:255 pagetables:16850 bounce:0
[ 1089.526974]  free:471319 free_pcp:335 free_cma:0
[ 1089.566688] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1089.599937] Node 1 active_anon:1429432kB inactive_anon:18552kB active_file:55360kB inactive_file:23612kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1104kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1089.629707] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1089.658302] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1089.663707] Node 0 DMA32 free:32120kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:224kB local_pcp:140kB free_cma:0kB
[ 1089.693636] lowmem_reserve[]: 0 0 0 0 0
[ 1089.697684] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1089.723908] lowmem_reserve[]: 0 0 0 0 0
[ 1089.727978] Node 1 Normal free:1860660kB min:53504kB low:66880kB high:80256kB active_anon:1429488kB inactive_anon:18552kB active_file:55360kB inactive_file:23612kB unevictable:0kB writepending:1128kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27692kB bounce:0kB free_pcp:1156kB local_pcp:668kB free_cma:0kB
[ 1089.758695] lowmem_reserve[]: 0 0 0 0 0
[ 1089.762730] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1089.777380] Node 0 DMA32: 828*4kB (UME) 601*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32120kB
[ 1089.792818] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1089.803799] Node 1 Normal: 405*4kB (UME) 333*8kB (UME) 315*16kB (UM) 289*32kB (UM) 71*64kB (UM) 14*128kB (UME) 9*256kB (UME) 7*512kB (UM) 5*1024kB (ME) 5*2048kB (ME) 443*4096kB (M) = 1860684kB
[ 1089.821263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.830173] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1089.838782] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.848127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1089.856845] 21249 total pagecache pages
[ 1089.860918] 0 pages in swap cache
[ 1089.864371] Swap cache stats: add 0, delete 0, find 0/0
[ 1089.870122] Free swap  = 0kB
[ 1089.873149] Total swap = 0kB
[ 1089.876172] 1965979 pages RAM
[ 1089.879855] 0 pages HighMem/MovableOnly
[ 1089.883905] 335854 pages reserved
[ 1089.887605] 0 pages cma reserved
05:08:37 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:37 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
prctl$PR_GET_SECCOMP(0x15)
prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x242002, 0x42)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB, @ANYBLOB="000225bd7000fbdbdf251f00000007002100616100"], 0x2}}, 0x0)
recvmmsg(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
syz_open_procfs(0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getdents(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x4, 0xfffffffffffffc38, 0x7e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4)
writev(r1, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9623b", 0x8b}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a94", 0x8d}, {&(0x7f0000001340)="f15c93cb35c215fe339d1e9060c5b23e77cb58a87329a00288504db389cc6e395885fa906ac30eeae99fa388c31b5717e641e1586a90961b5f99b26c939d944f6cb1cf6817b7e51402a8459f9db642e97d3c05db56250a665d3ff188eb47e5b036d508aa5a5796fb8806b6a41487e0bfc3df087c18269bd7d2f477104c5d5db497ceaf3e1b11a5d63a2b7035dc69fa701f3b46fe701880800a7d38dccd4b3e8014aa15c96968359533ce2c5ffdd5f0d3297018bd7c025150940cdead92eb1e6bc6ba45eecf067b32425b6000b2f376ef9172426ae7fa97e5a84ef4dc540bbf5dd458ffcb75724135bd32fa04db6d6a75aedda7ab6e8501fc94e209dc3b2525ae24c954255d3247ca9c1b9525ce68179a52a87333aa2b0a8c1baa6ba6160c6d2018e67bac5402d0d89c5f798b8d1a87b0dc3306f546c61724530d9f4b6f0ee68677c7b261de5afa02d708a8ec979791de8f4831cc354ba453bc253e2435207f25494a594d4e5be39902358d362cb318ad965b7e7480a5ca5b6fe74e101c400c77392ee4419ad788f494230487811046f21f0f9665dfbaa9e94ed305a02e3fa47039e67dde19f89c8f1741aad752cdfe458ddf54e8fc10ff79b5", 0x1b9}], 0x3)
sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600f53f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)
write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0)

05:08:37 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:37 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:37 executing program 0:
r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/member\x00', 0x2, 0x0)
flistxattr(r0, &(0x7f0000001a40)=""/4083, 0xff3)

05:08:37 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1089.971161] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:37 executing program 0:
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x5}}, 0x1c)
write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES64, @ANYRESOCT]], 0x8)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$team(0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
socket$nl_route(0x10, 0x3, 0x0)
gettid()
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
open(0x0, 0x0, 0x0)
dup2(r3, r4)

05:08:37 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:37 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1090.096580] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:37 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1090.138731] audit: type=1804 audit(1582348117.803:100): pid=10119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2743/bus" dev="sda1" ino=17603 res=1
[ 1090.166019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1090.265421] audit: type=1804 audit(1582348117.803:101): pid=10119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2743/bus" dev="sda1" ino=17603 res=1
[ 1090.294740] audit: type=1804 audit(1582348117.933:102): pid=10136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2743/bus" dev="sda1" ino=17603 res=1
[ 1090.323727] audit: type=1804 audit(1582348117.963:103): pid=10119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2743/bus" dev="sda1" ino=17603 res=1
[ 1090.406198] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1090.417375] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1090.424735] CPU: 1 PID: 10113 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1090.432756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1090.442120] Call Trace:
[ 1090.444783]  dump_stack+0x142/0x197
[ 1090.448414]  warn_alloc.cold+0x96/0x1af
[ 1090.452386]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1090.457318]  ? wait_for_completion+0x420/0x420
[ 1090.461932]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1090.466912]  ? warn_alloc+0xf0/0xf0
[ 1090.470823]  ? __might_sleep+0x93/0xb0
[ 1090.474793]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1090.479678]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1090.484433]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1090.489450]  ? check_preemption_disabled+0x3c/0x250
[ 1090.494467]  alloc_pages_current+0xec/0x1e0
[ 1090.498942]  ? kvm_set_tsc_khz+0xf0/0x490
[ 1090.503292]  kvm_mmu_create+0xdf/0x1e0
[ 1090.507182]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1090.512030]  kvm_vcpu_init+0x272/0x360
[ 1090.516039]  vmx_create_vcpu+0xfc/0x2aa0
[ 1090.520122]  ? check_preemption_disabled+0x3c/0x250
[ 1090.525230]  ? retint_kernel+0x2d/0x2d
[ 1090.529128]  ? handle_rdmsr+0x6e0/0x6e0
[ 1090.533110]  ? kvm_arch_vcpu_create+0x61/0xc0
[ 1090.537626]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1090.542201]  kvm_vm_ioctl+0x501/0x1600
[ 1090.546151]  ? __lock_acquire+0x5f7/0x4620
[ 1090.550385]  ? kvm_vcpu_release+0xa0/0xa0
[ 1090.554528]  ? trace_hardirqs_on+0x10/0x10
[ 1090.558898]  ? trace_hardirqs_on+0x10/0x10
[ 1090.563138]  ? __might_fault+0x110/0x1d0
[ 1090.567586]  ? save_trace+0x290/0x290
[ 1090.571598]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1090.576612]  ? __fget+0x210/0x370
[ 1090.580215]  ? find_held_lock+0x35/0x130
[ 1090.584294]  ? __fget+0x210/0x370
[ 1090.587821]  ? kvm_vcpu_release+0xa0/0xa0
[ 1090.591979]  do_vfs_ioctl+0x7ae/0x1060
[ 1090.595866]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1090.600626]  ? lock_downgrade+0x740/0x740
[ 1090.604978]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1090.609399]  ? __fget+0x237/0x370
[ 1090.612854]  ? security_file_ioctl+0x89/0xb0
[ 1090.617283]  SyS_ioctl+0x8f/0xc0
[ 1090.620647]  ? do_vfs_ioctl+0x1060/0x1060
[ 1090.624785]  do_syscall_64+0x1e8/0x640
[ 1090.628673]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1090.633518]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1090.638712] RIP: 0033:0x45c429
[ 1090.641890] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1090.649593] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1090.657090] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1090.664447] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1090.671940] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1090.679221] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1090.688603] Mem-Info:
[ 1090.691371] active_anon:837608 inactive_anon:4833 isolated_anon:0
[ 1090.691371]  active_file:14320 inactive_file:6692 isolated_file:0
[ 1090.691371]  unevictable:0 dirty:338 writeback:0 unstable:0
[ 1090.691371]  slab_reclaimable:17728 slab_unreclaimable:149437
[ 1090.691371]  mapped:59433 shmem:255 pagetables:16878 bounce:0
[ 1090.691371]  free:475760 free_pcp:54 free_cma:0
[ 1090.726277] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1090.758243] Node 1 active_anon:1429752kB inactive_anon:18548kB active_file:55424kB inactive_file:23672kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26996kB dirty:1244kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1090.787383] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1090.823687] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1090.831866] Node 0 DMA32 free:32108kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB
[ 1090.863132] lowmem_reserve[]: 0 0 0 0 0
[ 1090.867419] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1090.897311] lowmem_reserve[]: 0 0 0 0 0
[ 1090.905909] Node 1 Normal free:1859964kB min:53504kB low:66880kB high:80256kB active_anon:1429552kB inactive_anon:18548kB active_file:55424kB inactive_file:23672kB unevictable:0kB writepending:1244kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27748kB bounce:0kB free_pcp:804kB local_pcp:532kB free_cma:0kB
[ 1090.937763] lowmem_reserve[]: 0 0 0 0 0
[ 1090.941878] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1090.956581] Node 0 DMA32: 849*4kB (UME) 599*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 11*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32188kB
[ 1090.971965] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1090.983297] Node 1 Normal: 308*4kB (UME) 168*8kB (UME) 352*16kB (UM) 293*32kB (UM) 73*64kB (UM) 14*128kB (UME) 8*256kB (UME) 8*512kB (UM) 5*1024kB (ME) 5*2048kB (ME) 443*4096kB (M) = 1860080kB
[ 1091.000953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1091.009824] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1091.018545] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1091.027456] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1091.036099] 21258 total pagecache pages
[ 1091.040326] 0 pages in swap cache
[ 1091.043787] Swap cache stats: add 0, delete 0, find 0/0
[ 1091.049217] Free swap  = 0kB
[ 1091.052263] Total swap = 0kB
[ 1091.055399] 1965979 pages RAM
05:08:38 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:38 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:38 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:38 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="8500000022400000351000000000060085006700000000009500000000000000a1dc653933b1847ecc22b4135ba186449c30b7ca4effff30c23aabfec0ea4c7809c5fff6eff152a9e5d328df427389ed783de7b3ec85c9638ce05019fbb96351df642618722f12fc39a7f79b81995f9ac3ae81fcac6696a1bf20e02432fd49c3ae7fd22cd390f108d6fae362b109e2686e5b37263542b7b220035fceebbcf1ec9a2ab5d2292fb461546422b7eb82698ce929d862da1dab82ec22ae819986b333e5cb223436c2d586f425fca48020a1fde30306e5896781cc662229205aafd8eb805aa32f7784052504157449d58f321cb068eb1e950e6aafa32e417888b8ddf8d85a50e61b8f6168b0e1ca5dc67cccd865e0636737ca65f2a642331e8369a90fd9f626f87978b6947008787b545d773b584e466c54b00ebbd069d4287327458245b0b067af32ae20b62b1b9ccd"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x64deb09e3732d498}, 0x64)
prctl$PR_GET_SECCOMP(0x15)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
r1 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x242002, 0x42)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000380)=@gcm_256={{0x303}, "5e7feb65590822e6", "27daf2b0c5279cad5711ef4b88b96343cdf02c51f1325ca54c151447a31cca1e", "f09d5bf6", "331ff99a95b28d55"}, 0x38)
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="50800000", @ANYRES16, @ANYBLOB="3d17000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0200064836ed170cf417f900580001f1ffffff000a0006000180c200000000000c009900"], 0x6}}, 0x0)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5c000000eceee62915dcd0ec6b880f0ad86284a742e7579851e7dad59a6cd04cc8de4db7b88b60665a90c5d30cbee83d6cb38eb48ae63c44913a956cd28b000000007e2d5c695a60a97473538213b7ee39f6b3669de35c5a640cd7020b0b2faeac0b6b2a0c18ae53702c3b973d145c9b96925b73d41543fb6e15c2b0635c900b4330004ee23691ab8a0128816aa3ea55bacdcb903acf36dd78bf1e195b22c830d5e6b3e6591269115ce7d7", @ANYBLOB="000225bd7000fbdbdf251f00000007002100616100"], 0x2}}, 0x0)
recvmmsg(r2, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
r5 = fcntl$dupfd(0xffffffffffffffff, 0x203, r2)
getdents(r5, &(0x7f00000004c0)=""/71, 0x47)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x4, 0xfffffffffffffc38, 0x7e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
sched_setattr(0x0, &(0x7f00000002c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r6, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4)
writev(r6, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9623b", 0x8b}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a94", 0x8d}, {&(0x7f0000001340)="f15c93cb35c215fe339d1e9060c5b23e77cb58a87329a00288504db389cc6e395885fa906ac30eeae99fa388c31b5717e641e1586a90961b5f99b26c939d944f6cb1cf6817b7e51402a8459f9db642e97d3c05db56250a665d3ff188eb47e5b036d508aa5a5796fb8806b6a41487e0bfc3df087c18269bd7d2f477104c5d5db497ceaf3e1b11a5d63a2b7035dc69fa701f3b46fe701880800a7d38dccd4b3e8014aa15c96968359533ce2c5ffdd5f0d3297018bd7c025150940cdead92eb1e6bc6ba45eecf067b32425b6000b2f376ef9172426ae7fa97e5a84ef4dc540bbf5dd458ffcb75724135bd32fa04db6d6a75aedda7ab6e8501fc94e209dc3b2525ae24c954255d3247ca9c1b9525ce68179a52a87333aa2b0a8c1baa6ba6160c6d2018e67bac5402d0d89c5f798b8d1a87b0dc3306f546c61724530d9f4b6f0ee68677c7b261de5afa02d708a8ec979791de8f4831cc354ba453bc253e2435207f25494a594d4e5be39902358d362cb318ad965b7e7480a5ca5b6fe74e101c400c77392ee4419ad788f494230487811046f21f0f9665dfbaa9e94ed305a02e3fa47039e67dde19f89c8f1741aad752cdfe458ddf54e8fc10ff79b5", 0x1b9}], 0x3)
sendto$inet(r6, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600f53f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)
write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0)

05:08:38 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:38 executing program 4:
r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/member\x00', 0x2, 0x0)
write(r0, &(0x7f0000001180)="9b49c9c825a34fa6b3bcebec711ab07a097e25156ca7d202b8745f8f353d9a17250f5c752d8b928f544c71785cae0f29d3df042deb1e34a0e2", 0x39)

[ 1091.058508] 0 pages HighMem/MovableOnly
[ 1091.062540] 335854 pages reserved
[ 1091.066101] 0 pages cma reserved
05:08:38 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x1000000000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x36488, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
recvmmsg(r2, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)

05:08:38 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:38 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1091.151124] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:38 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:39 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:39 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
prctl$PR_GET_SECCOMP(0x15)
prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
r1 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x242002, 0x42)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000380)=@gcm_256={{}, "5e7feb65590822e6", "27daf2b0c5279cad5711ef4b88b96343cdf02c51f1325ca54c151447a31cca1e", "f09d5bf6", "331ff99a95b28d55"}, 0x38)
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net\x00')
write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000002c0)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4)
writev(r4, &(0x7f0000000780)=[{&(0x7f0000000100)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9623b", 0x8b}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a94", 0x8d}, {&(0x7f0000001340)="f15c93cb35c215fe339d1e9060c5b23e77cb58a87329a00288504db389cc6e395885fa906ac30eeae99fa388c31b5717e641e1586a90961b5f99b26c939d944f6cb1cf6817b7e51402a8459f9db642e97d3c05db56250a665d3ff188eb47e5b036d508aa5a5796fb8806b6a41487e0bfc3df087c18269bd7d2f477104c5d5db497ceaf3e1b11a5d63a2b7035dc69fa701f3b46fe701880800a7d38dccd4b3e8014aa15c96968359533ce2c5ffdd5f0d3297018bd7c025150940cdead92eb1e6bc6ba45eecf067b32425b6000b2f376ef9172426ae7fa97e5a84ef4dc540bbf5dd458ffcb75724135bd32fa04db6d6a75aedda7ab6e8501fc94e209dc3b2525ae24c954255d3247ca9c1b9525ce68179a52a87333aa2b0a8c1baa6ba6160c6d2018e67bac5402d0d89c5f798b8d1a87b0dc3306f546c61724530d9f4b6f0ee68677c7b261de5afa02d708a8ec979791de8f4831cc354ba453bc253e2435207f25494a594d4e5be39902358d362cb318ad965b7e7480a5ca5b6fe74e101c400c77392ee4419ad788f494230487811046f21f0f9665dfbaa9e94ed305a02e3fa47039e67dde19f89c8f1741aad752cdfe458ddf54e8fc10ff79b5", 0x1b9}], 0x3)
sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600f53f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)
write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0)

[ 1091.509116] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1091.734324] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1091.757646] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1091.772660] CPU: 1 PID: 10162 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1091.780727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1091.790437] Call Trace:
[ 1091.793037]  dump_stack+0x142/0x197
[ 1091.796681]  warn_alloc.cold+0x96/0x1af
[ 1091.800673]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1091.805537]  ? wait_for_completion+0x420/0x420
[ 1091.810148]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1091.815032]  ? warn_alloc+0xf0/0xf0
[ 1091.818843]  ? __might_sleep+0x93/0xb0
[ 1091.822726]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1091.828504]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1091.833648]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1091.838663]  alloc_pages_current+0xec/0x1e0
[ 1091.843073]  kvm_mmu_create+0xdf/0x1e0
[ 1091.846959]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1091.851274]  kvm_vcpu_init+0x272/0x360
[ 1091.855168]  vmx_create_vcpu+0xfc/0x2aa0
[ 1091.859359]  ? mutex_trylock+0x1c0/0x1c0
[ 1091.863444]  ? handle_rdmsr+0x6e0/0x6e0
[ 1091.867425]  ? wait_for_completion+0x420/0x420
[ 1091.872018]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1091.876353]  kvm_vm_ioctl+0x501/0x1600
[ 1091.880243]  ? __lock_acquire+0x5f7/0x4620
[ 1091.884468]  ? mark_held_locks+0xb1/0x100
[ 1091.888610]  ? kvm_vcpu_release+0xa0/0xa0
[ 1091.892770]  ? trace_hardirqs_on+0x10/0x10
[ 1091.896999]  ? retint_kernel+0x2d/0x2d
[ 1091.900885]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1091.906041]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1091.910881]  ? check_preemption_disabled+0x3c/0x250
[ 1091.915925]  ? retint_kernel+0x2d/0x2d
[ 1091.919863]  ? do_vfs_ioctl+0xd29/0x1060
[ 1091.923920]  ? kvm_vcpu_release+0xa0/0xa0
[ 1091.928089]  do_vfs_ioctl+0x7ae/0x1060
[ 1091.931986]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1091.936738]  ? lock_downgrade+0x740/0x740
[ 1091.940887]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1091.945293]  ? __fget+0x237/0x370
[ 1091.948753]  ? security_file_ioctl+0x89/0xb0
[ 1091.953152]  SyS_ioctl+0x8f/0xc0
[ 1091.956514]  ? do_vfs_ioctl+0x1060/0x1060
[ 1091.960878]  do_syscall_64+0x1e8/0x640
[ 1091.964762]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1091.969607]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1091.975009] RIP: 0033:0x45c429
[ 1091.978256] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1091.985970] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1091.993243] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1092.000511] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1092.007799] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1092.015190] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1092.024504] Mem-Info:
[ 1092.026957] active_anon:837569 inactive_anon:4834 isolated_anon:0
[ 1092.026957]  active_file:14304 inactive_file:6713 isolated_file:0
[ 1092.026957]  unevictable:0 dirty:356 writeback:0 unstable:0
[ 1092.026957]  slab_reclaimable:17718 slab_unreclaimable:149042
[ 1092.026957]  mapped:59416 shmem:255 pagetables:16850 bounce:0
[ 1092.026957]  free:475913 free_pcp:370 free_cma:0
[ 1092.062622] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1092.091366] Node 1 active_anon:1429624kB inactive_anon:18552kB active_file:55360kB inactive_file:23676kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1328kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1092.119558] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1092.146297] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1092.152016] Node 0 DMA32 free:31280kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:256kB local_pcp:116kB free_cma:0kB
[ 1092.181989] lowmem_reserve[]: 0 0 0 0 0
[ 1092.185977] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1092.211605] lowmem_reserve[]: 0 0 0 0 0
[ 1092.215645] Node 1 Normal free:1862076kB min:53504kB low:66880kB high:80256kB active_anon:1429624kB inactive_anon:18552kB active_file:55360kB inactive_file:23676kB unevictable:0kB writepending:1328kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13824kB pagetables:27808kB bounce:0kB free_pcp:1280kB local_pcp:572kB free_cma:0kB
[ 1092.247052] lowmem_reserve[]: 0 0 0 0 0
[ 1092.251093] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1092.265769] Node 0 DMA32: 818*4kB (UME) 483*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31264kB
[ 1092.281843] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1092.292801] Node 1 Normal: 263*4kB (UME) 398*8kB (UME) 407*16kB (UM) 310*32kB (UME) 78*64kB (UME) 13*128kB (UM) 11*256kB (UME) 4*512kB (UM) 5*1024kB (ME) 5*2048kB (ME) 443*4096kB (M) = 1862076kB
[ 1092.310403] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1092.319341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1092.327974] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:08:40 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:40 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x1000000000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x36488, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
recvmmsg(r2, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)

05:08:40 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:40 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098f2ffff020000000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd000000000074"], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:40 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1092.337094] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1092.345850] 21263 total pagecache pages
[ 1092.350089] 0 pages in swap cache
[ 1092.353658] Swap cache stats: add 0, delete 0, find 0/0
[ 1092.359019] Free swap  = 0kB
[ 1092.362081] Total swap = 0kB
[ 1092.365380] 1965979 pages RAM
[ 1092.368474] 0 pages HighMem/MovableOnly
[ 1092.372855] 335854 pages reserved
[ 1092.376309] 0 pages cma reserved
05:08:40 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:40 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1092.404062] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:40 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:40 executing program 0:
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x5}, 0x8}, 0x1c)
write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[]], 0x8)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r4 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$team(0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
socket$nl_route(0x10, 0x3, 0x0)
gettid()
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
open(0x0, 0x0, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
dup2(r3, r4)

05:08:40 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1092.536203] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:40 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:40 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

[ 1092.627295] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1092.667215] audit: type=1804 audit(1582348120.333:104): pid=10218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2746/bus" dev="sda1" ino=16795 res=1
[ 1092.799081] audit: type=1804 audit(1582348120.463:105): pid=10228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2746/bus" dev="sda1" ino=16795 res=1
[ 1092.906643] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1092.919345] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1092.927082] CPU: 1 PID: 10209 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1092.934974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.944450] Call Trace:
[ 1092.947133]  dump_stack+0x142/0x197
[ 1092.950881]  warn_alloc.cold+0x96/0x1af
[ 1092.954865]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1092.959713]  ? wait_for_completion+0x420/0x420
[ 1092.964436]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1092.969327]  ? warn_alloc+0xf0/0xf0
[ 1092.972963]  ? __might_sleep+0x93/0xb0
[ 1092.976862]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1092.981556]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.986758]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1092.991808]  alloc_pages_current+0xec/0x1e0
[ 1092.996179]  kvm_mmu_create+0xdf/0x1e0
[ 1093.000189]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1093.004510]  kvm_vcpu_init+0x272/0x360
[ 1093.008407]  vmx_create_vcpu+0xfc/0x2aa0
[ 1093.012462]  ? mutex_trylock+0x1c0/0x1c0
[ 1093.016518]  ? handle_rdmsr+0x6e0/0x6e0
[ 1093.020498]  ? wait_for_completion+0x420/0x420
[ 1093.025088]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1093.029435]  kvm_vm_ioctl+0x501/0x1600
[ 1093.033440]  ? __lock_acquire+0x5f7/0x4620
[ 1093.037683]  ? kvm_vcpu_release+0xa0/0xa0
[ 1093.042014]  ? trace_hardirqs_on+0x10/0x10
[ 1093.046252]  ? trace_hardirqs_on+0x10/0x10
[ 1093.050986]  ? __might_fault+0x110/0x1d0
[ 1093.055052]  ? save_trace+0x290/0x290
[ 1093.058904]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1093.063913]  ? __fget+0x210/0x370
[ 1093.067364]  ? retint_kernel+0x2d/0x2d
[ 1093.071256]  ? kvm_vcpu_release+0xa0/0xa0
[ 1093.075395]  do_vfs_ioctl+0x7ae/0x1060
[ 1093.079270]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1093.084102]  ? check_preemption_disabled+0x3c/0x250
[ 1093.089113]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1093.093521]  ? security_file_ioctl+0x89/0xb0
[ 1093.097948]  SyS_ioctl+0x8f/0xc0
[ 1093.101362]  ? do_vfs_ioctl+0x1060/0x1060
[ 1093.105506]  do_syscall_64+0x1e8/0x640
[ 1093.109387]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1093.114233]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1093.119471] RIP: 0033:0x45c429
[ 1093.122738] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1093.130973] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1093.138232] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1093.145501] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1093.152814] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1093.160088] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1093.169275] Mem-Info:
[ 1093.173707] active_anon:837543 inactive_anon:4834 isolated_anon:0
[ 1093.173707]  active_file:14324 inactive_file:6710 isolated_file:0
[ 1093.173707]  unevictable:0 dirty:382 writeback:0 unstable:0
[ 1093.173707]  slab_reclaimable:17720 slab_unreclaimable:148988
[ 1093.173707]  mapped:59407 shmem:255 pagetables:16827 bounce:0
[ 1093.173707]  free:476085 free_pcp:376 free_cma:0
[ 1093.208333] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1093.236850] Node 1 active_anon:1429492kB inactive_anon:18552kB active_file:55440kB inactive_file:23716kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1412kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1093.266938] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1093.294338] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1093.299572] Node 0 DMA32 free:31264kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:272kB local_pcp:148kB free_cma:0kB
[ 1093.329888] lowmem_reserve[]: 0 0 0 0 0
[ 1093.334149] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1093.359599] lowmem_reserve[]: 0 0 0 0 0
[ 1093.363624] Node 1 Normal free:1862692kB min:53504kB low:66880kB high:80256kB active_anon:1429492kB inactive_anon:18552kB active_file:55440kB inactive_file:23716kB unevictable:0kB writepending:1416kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1224kB local_pcp:544kB free_cma:0kB
[ 1093.394459] lowmem_reserve[]: 0 0 0 0 0
[ 1093.398493] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1093.412960] Node 0 DMA32: 818*4kB (UME) 483*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31264kB
[ 1093.428467] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1093.439261] Node 1 Normal: 249*4kB (UME) 282*8kB (UME) 447*16kB (UM) 326*32kB (UM) 80*64kB (UM) 14*128kB (UME) 12*256kB (UME) 4*512kB (UM) 5*1024kB (ME) 5*2048kB (ME) 443*4096kB (M) = 1862756kB
[ 1093.456781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1093.467039] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1093.476144] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1093.485257] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1093.493931] 21295 total pagecache pages
[ 1093.497924] 0 pages in swap cache
[ 1093.501420] Swap cache stats: add 0, delete 0, find 0/0
[ 1093.506868] Free swap  = 0kB
[ 1093.509905] Total swap = 0kB
[ 1093.513013] 1965979 pages RAM
[ 1093.516200] 0 pages HighMem/MovableOnly
[ 1093.520369] 335854 pages reserved
[ 1093.523820] 0 pages cma reserved
05:08:41 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:41 executing program 4:
r0 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/relabel\x00', 0x2, 0x0)
write$selinux_access(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="0fd9b6f129a5853fb0a3cff8e88cdc71fbe2ab37ac964372ec5398c315d8c5b1651b6016f70c0877a928ab06417a81bea7a55755cb2861883c4811ed7998d104705a01919dc862f837913b242bc6931985dc47d9b3159374d6ca9c4f4302f5ff1f83dbe3c11e165d677d85d5291149af0a9b"], 0x72)

05:08:41 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:41 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:41 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

05:08:41 executing program 0:
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/4, 0x2)

05:08:41 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
prctl$PR_GET_SECCOMP(0x15)
prlimit64(0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, 0x0}, 0x0)
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080), 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYBLOB, @ANYBLOB="000225bd7000fbdbdf251f00000007002100616100"], 0x2}}, 0x0)
recvmmsg(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0)

05:08:41 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:41 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast1={0xff, 0x5}}, 0x1c)
socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast1={0xff, 0x5}, 0x8}, 0x1c)
write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES64, @ANYRESOCT]], 0x8)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$team(0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
open(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0)
socket(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
socket$nl_route(0x10, 0x3, 0x0)
gettid()
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
open(0x0, 0x0, 0x0)
dup2(r1, r2)

05:08:41 executing program 5:
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1093.644220] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:41 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:41 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

[ 1093.801627] audit: type=1804 audit(1582348121.473:106): pid=10268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2748/bus" dev="sda1" ino=17843 res=1
[ 1093.865330] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1093.931347] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1093.934321] audit: type=1804 audit(1582348121.473:107): pid=10268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2748/bus" dev="sda1" ino=17843 res=1
[ 1093.970241] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1093.997200] CPU: 0 PID: 10259 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1094.005211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1094.005988] audit: type=1804 audit(1582348121.653:108): pid=10268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2748/bus" dev="sda1" ino=17843 res=1
[ 1094.014574] Call Trace:
[ 1094.014596]  dump_stack+0x142/0x197
[ 1094.014610]  warn_alloc.cold+0x96/0x1af
[ 1094.014619]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1094.014636]  ? wait_for_completion+0x420/0x420
[ 1094.014650]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1094.014659]  ? check_preemption_disabled+0x3c/0x250
[ 1094.014681]  ? warn_alloc+0xf0/0xf0
[ 1094.014701]  ? __might_sleep+0x93/0xb0
[ 1094.014713]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1094.014729]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1094.043431] audit: type=1804 audit(1582348121.653:109): pid=10276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir097749476/syzkaller.YHb2Nz/2748/bus" dev="sda1" ino=17843 res=1
[ 1094.044787]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1094.121562]  alloc_pages_current+0xec/0x1e0
[ 1094.125910]  kvm_mmu_create+0xdf/0x1e0
[ 1094.129813]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1094.134179]  kvm_vcpu_init+0x272/0x360
[ 1094.138107]  vmx_create_vcpu+0xfc/0x2aa0
[ 1094.142196]  ? check_preemption_disabled+0x3c/0x250
[ 1094.147235]  ? retint_kernel+0x2d/0x2d
[ 1094.151143]  ? handle_rdmsr+0x6e0/0x6e0
[ 1094.155254]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1094.159637]  kvm_vm_ioctl+0x501/0x1600
[ 1094.163688]  ? __lock_acquire+0x5f7/0x4620
[ 1094.167923]  ? do_futex+0x21d/0x19e0
[ 1094.171756]  ? kvm_vcpu_release+0xa0/0xa0
[ 1094.175900]  ? trace_hardirqs_on+0x10/0x10
[ 1094.180236]  ? retint_kernel+0x2d/0x2d
[ 1094.184142]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1094.189272]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1094.194120]  ? check_preemption_disabled+0x3c/0x250
[ 1094.199274]  ? retint_kernel+0x2d/0x2d
[ 1094.203301]  ? do_vfs_ioctl+0x74f/0x1060
[ 1094.207504]  ? kvm_vcpu_release+0xa0/0xa0
[ 1094.211641]  do_vfs_ioctl+0x7ae/0x1060
[ 1094.215542]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1094.220415]  ? lock_downgrade+0x740/0x740
[ 1094.224932]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1094.229567]  ? __fget+0x237/0x370
[ 1094.233059]  ? security_file_ioctl+0x89/0xb0
[ 1094.237473]  SyS_ioctl+0x8f/0xc0
[ 1094.240826]  ? do_vfs_ioctl+0x1060/0x1060
[ 1094.244968]  do_syscall_64+0x1e8/0x640
[ 1094.248871]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1094.253716]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1094.259002] RIP: 0033:0x45c429
[ 1094.262189] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1094.271461] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1094.278741] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1094.286529] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1094.293849] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1094.301187] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1094.311765] Mem-Info:
[ 1094.314305] active_anon:841656 inactive_anon:4834 isolated_anon:0
[ 1094.314305]  active_file:14324 inactive_file:6720 isolated_file:0
[ 1094.314305]  unevictable:0 dirty:400 writeback:0 unstable:0
[ 1094.314305]  slab_reclaimable:17729 slab_unreclaimable:149204
[ 1094.314305]  mapped:59407 shmem:255 pagetables:16860 bounce:0
[ 1094.314305]  free:471731 free_pcp:150 free_cma:0
[ 1094.366280] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1094.395265] Node 1 active_anon:1445956kB inactive_anon:18552kB active_file:55440kB inactive_file:23752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1496kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1094.423462] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1094.451260] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1094.457011] Node 0 DMA32 free:31408kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB
[ 1094.487190] lowmem_reserve[]: 0 0 0 0 0
[ 1094.491942] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1094.517704] lowmem_reserve[]: 0 0 0 0 0
[ 1094.521776] Node 1 Normal free:1845040kB min:53504kB low:66880kB high:80256kB active_anon:1445956kB inactive_anon:18552kB active_file:55440kB inactive_file:23752kB unevictable:0kB writepending:1500kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13856kB pagetables:27824kB bounce:0kB free_pcp:1176kB local_pcp:456kB free_cma:0kB
[ 1094.552728] lowmem_reserve[]: 0 0 0 0 0
[ 1094.556721] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1094.571207] Node 0 DMA32: 854*4kB (UME) 483*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31408kB
[ 1094.586653] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1094.597590] Node 1 Normal: 112*4kB (UE) 47*8kB (UE) 439*16kB (UE) 310*32kB (UM) 63*64kB (U) 4*128kB (UE) 4*256kB (UME) 2*512kB (UM) 2*1024kB (ME) 2*2048kB (ME) 443*4096kB (M) = 1845032kB
[ 1094.614767] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1094.623806] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1094.632559] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1094.641502] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1094.650159] 21304 total pagecache pages
[ 1094.654715] 0 pages in swap cache
[ 1094.658307] Swap cache stats: add 0, delete 0, find 0/0
[ 1094.668798] Free swap  = 0kB
[ 1094.672057] Total swap = 0kB
[ 1094.675088] 1965979 pages RAM
[ 1094.678283] 0 pages HighMem/MovableOnly
05:08:42 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:08:42 executing program 5:
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:42 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:42 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:42 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
socket$packet(0x11, 0x4000000000000a, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup2(r4, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0xfffffffffffffe98)

[ 1094.682324] 335854 pages reserved
[ 1094.685780] 0 pages cma reserved
05:08:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000180)={0x1e, 0x0, [{0xd, 0x9, 0x80000000, 0x0, 0x8000}, {0x1, 0x0, 0x0, 0x9, 0x2}]})

05:08:42 executing program 5:
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1094.754224] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:42 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:42 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:42 executing program 5:
r0 = memfd_create(0x0, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1094.899114] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1094.936423] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:08:42 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:42 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
socket$packet(0x11, 0x4000000000000a, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup2(r4, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0xfffffffffffffe98)

[ 1095.004562] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1095.025777] CPU: 0 PID: 10312 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1095.033720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1095.043468] Call Trace:
[ 1095.046071]  dump_stack+0x142/0x197
[ 1095.049813]  warn_alloc.cold+0x96/0x1af
[ 1095.053807]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1095.059226]  ? wait_for_completion+0x420/0x420
[ 1095.063907]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1095.068780]  ? warn_alloc+0xf0/0xf0
[ 1095.072444]  ? __might_sleep+0x93/0xb0
[ 1095.076530]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1095.081219]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.082890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1095.086284]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1095.086309]  alloc_pages_current+0xec/0x1e0
[ 1095.086325]  kvm_mmu_create+0xdf/0x1e0
[ 1095.086341]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1095.112747]  kvm_vcpu_init+0x272/0x360
[ 1095.116662]  vmx_create_vcpu+0xfc/0x2aa0
[ 1095.121375]  ? mutex_trylock+0x1c0/0x1c0
[ 1095.125576]  ? handle_rdmsr+0x6e0/0x6e0
[ 1095.129573]  ? wait_for_completion+0x420/0x420
[ 1095.134258]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1095.139349]  kvm_vm_ioctl+0x501/0x1600
[ 1095.143269]  ? __lock_acquire+0x5f7/0x4620
[ 1095.147529]  ? get_unused_fd_flags+0xd0/0xd0
05:08:42 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1095.151955]  ? kvm_vcpu_release+0xa0/0xa0
[ 1095.156149]  ? trace_hardirqs_on+0x10/0x10
[ 1095.160579]  ? trace_hardirqs_on+0x10/0x10
[ 1095.164826]  ? __might_fault+0x110/0x1d0
[ 1095.169001]  ? save_trace+0x290/0x290
[ 1095.172829]  ? __might_fault+0x110/0x1d0
[ 1095.176918]  ? __fget+0x210/0x370
[ 1095.180749]  ? find_held_lock+0x35/0x130
[ 1095.184828]  ? __fget+0x210/0x370
[ 1095.188330]  ? kvm_vcpu_release+0xa0/0xa0
[ 1095.192833]  do_vfs_ioctl+0x7ae/0x1060
[ 1095.196920]  ? selinux_file_mprotect+0x5d0/0x5d0
05:08:42 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1095.202825]  ? lock_downgrade+0x740/0x740
[ 1095.206999]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1095.211594]  ? __fget+0x237/0x370
[ 1095.215076]  ? security_file_ioctl+0x89/0xb0
[ 1095.219524]  SyS_ioctl+0x8f/0xc0
[ 1095.223066]  ? do_vfs_ioctl+0x1060/0x1060
[ 1095.227346]  do_syscall_64+0x1e8/0x640
[ 1095.231469]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1095.236530]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1095.242028] RIP: 0033:0x45c429
[ 1095.245661] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
05:08:42 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:42 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:42 executing program 5:
r0 = memfd_create(0x0, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1095.253385] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1095.260785] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1095.268151] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1095.275633] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1095.283049] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1095.403279] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1095.429256] Mem-Info:
[ 1095.446075] active_anon:837595 inactive_anon:4835 isolated_anon:0
[ 1095.446075]  active_file:14325 inactive_file:6738 isolated_file:0
[ 1095.446075]  unevictable:0 dirty:417 writeback:0 unstable:0
[ 1095.446075]  slab_reclaimable:17676 slab_unreclaimable:149192
[ 1095.446075]  mapped:59423 shmem:255 pagetables:16879 bounce:0
[ 1095.446075]  free:475689 free_pcp:376 free_cma:0
[ 1095.500883] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1095.538973] Node 1 active_anon:1429700kB inactive_anon:18556kB active_file:55444kB inactive_file:23884kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27056kB dirty:1552kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1095.568164] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1095.568346] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1095.584886] syz-executor.2 cpuset=
[ 1095.606386] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1095.606411] Node 0 DMA32 free:31524kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1095.606435] lowmem_reserve[]: 0 0 0 0 0
[ 1095.606455] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1095.606474] lowmem_reserve[]: 0 0 0 0 0
[ 1095.606495] Node 1 Normal free:1862356kB min:53504kB low:66880kB high:80256kB active_anon:1429644kB inactive_anon:18560kB active_file:55440kB inactive_file:23812kB unevictable:0kB writepending:1576kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27780kB bounce:0kB free_pcp:452kB local_pcp:164kB free_cma:0kB
[ 1095.606516] lowmem_reserve[]: 0 0 0 0 0
[ 1095.606537] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1095.606614] Node 0 DMA32: 887*4kB (UME) 484*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31548kB
[ 1095.606687] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1095.606736] Node 1 Normal: 424*4kB (UME) 164*8kB (UME) 433*16kB (UME) 335*32kB (UM) 87*64kB (UM) 21*128kB (UME) 18*256kB (UME) 12*512kB (UM) 2*1024kB (ME) 3*2048kB (ME) 443*4096kB (M) = 1862384kB
[ 1095.606824] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1095.606831] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1095.606838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1095.606844] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1095.606848] 21288 total pagecache pages
[ 1095.606858] 0 pages in swap cache
[ 1095.614654] syz2
[ 1095.615767] Swap cache stats: add 0, delete 0, find 0/0
[ 1095.646116]  mems_allowed=0-1
[ 1095.656303] Free swap  = 0kB
[ 1095.678925] CPU: 1 PID: 10336 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1095.709929] Total swap = 0kB
[ 1095.713516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1095.713522] Call Trace:
[ 1095.713540]  dump_stack+0x142/0x197
[ 1095.713554]  warn_alloc.cold+0x96/0x1af
[ 1095.713564]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1095.713583]  ? wait_for_completion+0x420/0x420
[ 1095.713599]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1095.713608]  ? check_preemption_disabled+0x3c/0x250
[ 1095.713627]  ? warn_alloc+0xf0/0xf0
[ 1095.713646]  ? __might_sleep+0x93/0xb0
[ 1095.713655]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1095.713666]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.713678]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1095.729040] 1965979 pages RAM
[ 1095.743418]  alloc_pages_current+0xec/0x1e0
[ 1095.743436]  kvm_mmu_create+0xdf/0x1e0
[ 1095.743448]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1095.743461]  kvm_vcpu_init+0x272/0x360
[ 1095.743471]  vmx_create_vcpu+0xfc/0x2aa0
[ 1095.743481]  ? mutex_trylock+0x1c0/0x1c0
[ 1095.743496]  ? handle_rdmsr+0x6e0/0x6e0
[ 1095.743506]  ? wait_for_completion+0x420/0x420
[ 1095.743518]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1095.743528]  kvm_vm_ioctl+0x501/0x1600
[ 1095.743538]  ? __lock_acquire+0x5f7/0x4620
[ 1095.743551]  ? kvm_vcpu_release+0xa0/0xa0
[ 1095.754543] 0 pages HighMem/MovableOnly
[ 1095.771985]  ? trace_hardirqs_on+0x10/0x10
[ 1095.771998]  ? retint_kernel+0x2d/0x2d
[ 1095.772009]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1095.772026]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1095.772039]  ? check_preemption_disabled+0x3c/0x250
[ 1095.772046]  ? retint_kernel+0x2d/0x2d
[ 1095.772055]  ? kvm_vcpu_release+0xa0/0xa0
[ 1095.772070]  ? do_vfs_ioctl+0x74f/0x1060
[ 1095.772084]  ? kvm_vcpu_release+0xa0/0xa0
[ 1095.772093]  do_vfs_ioctl+0x7ae/0x1060
[ 1095.772110]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1095.772118]  ? lock_downgrade+0x740/0x740
[ 1095.772128]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1095.772142]  ? __fget+0x237/0x370
[ 1095.781822] 335854 pages reserved
[ 1095.789590]  ? security_file_ioctl+0x89/0xb0
[ 1095.789605]  SyS_ioctl+0x8f/0xc0
[ 1095.789616]  ? do_vfs_ioctl+0x1060/0x1060
[ 1095.789629]  do_syscall_64+0x1e8/0x640
[ 1095.789638]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1095.789652]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1095.789663] RIP: 0033:0x45c429
05:08:43 executing program 4:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe)
ioctl$KVM_ENABLE_CAP(r3, 0x4068aea3, &(0x7f0000000040)={0x0, 0x0, [0xfffffffffffffffb, 0x3, 0x3f, 0x100000001]})

05:08:43 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:43 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
socket$packet(0x11, 0x4000000000000a, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup2(r4, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0xfffffffffffffe98)

05:08:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:43 executing program 5:
r0 = memfd_create(0x0, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:43 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1095.798691] 0 pages cma reserved
[ 1095.807079] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1095.807091] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1095.807096] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1095.807101] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1095.807107] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1095.807113] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:08:43 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1096.170805] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:43 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:43 executing program 1:
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:43 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1096.325831] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:08:44 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
socket$packet(0x11, 0x4000000000000a, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000980)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup2(r4, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x240, 0x0, 0xfffffffffffffe98)

[ 1096.379613] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1096.411115] CPU: 1 PID: 10365 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1096.419042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1096.428568] Call Trace:
[ 1096.431171]  dump_stack+0x142/0x197
[ 1096.434814]  warn_alloc.cold+0x96/0x1af
[ 1096.438802]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1096.443791]  ? wait_for_completion+0x420/0x420
[ 1096.448481]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1096.453634]  ? warn_alloc+0xf0/0xf0
[ 1096.457458]  ? __might_sleep+0x93/0xb0
[ 1096.461450]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1096.466250]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1096.471285]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1096.476335]  alloc_pages_current+0xec/0x1e0
[ 1096.480682]  kvm_mmu_create+0xdf/0x1e0
[ 1096.484590]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1096.488950]  kvm_vcpu_init+0x272/0x360
[ 1096.492870]  vmx_create_vcpu+0xfc/0x2aa0
[ 1096.496944]  ? mutex_trylock+0x1c0/0x1c0
[ 1096.501027]  ? handle_rdmsr+0x6e0/0x6e0
[ 1096.505030]  ? wait_for_completion+0x420/0x420
[ 1096.509633]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1096.514017]  kvm_vm_ioctl+0x501/0x1600
[ 1096.517929]  ? __lock_acquire+0x5f7/0x4620
[ 1096.522178]  ? get_unused_fd_flags+0xd0/0xd0
[ 1096.526607]  ? kvm_vcpu_release+0xa0/0xa0
[ 1096.530769]  ? trace_hardirqs_on+0x10/0x10
[ 1096.535143]  ? trace_hardirqs_on+0x10/0x10
[ 1096.539403]  ? __might_fault+0x110/0x1d0
[ 1096.543479]  ? save_trace+0x290/0x290
[ 1096.547296]  ? __might_fault+0x110/0x1d0
[ 1096.551385]  ? __fget+0x210/0x370
[ 1096.554962]  ? find_held_lock+0x35/0x130
[ 1096.559038]  ? __fget+0x210/0x370
[ 1096.562601]  ? kvm_vcpu_release+0xa0/0xa0
[ 1096.566847]  do_vfs_ioctl+0x7ae/0x1060
[ 1096.570747]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1096.575522]  ? lock_downgrade+0x740/0x740
[ 1096.579801]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1096.584233]  ? __fget+0x237/0x370
[ 1096.587719]  ? security_file_ioctl+0x89/0xb0
[ 1096.592179]  SyS_ioctl+0x8f/0xc0
[ 1096.595668]  ? do_vfs_ioctl+0x1060/0x1060
[ 1096.599945]  do_syscall_64+0x1e8/0x640
[ 1096.603852]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1096.603970] syz-executor.2: 
[ 1096.608718]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1096.608729] RIP: 0033:0x45c429
[ 1096.608734] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1096.608743] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1096.608749] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1096.608754] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1096.608760] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1096.608766] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1096.652870] warn_alloc_show_mem: 1 callbacks suppressed
[ 1096.652875] Mem-Info:
[ 1096.686677] active_anon:837638 inactive_anon:4834 isolated_anon:0
[ 1096.686677]  active_file:14304 inactive_file:6746 isolated_file:0
[ 1096.686677]  unevictable:0 dirty:438 writeback:0 unstable:0
[ 1096.686677]  slab_reclaimable:17680 slab_unreclaimable:149054
[ 1096.686677]  mapped:59432 shmem:255 pagetables:16911 bounce:0
[ 1096.686677]  free:475836 free_pcp:317 free_cma:0
[ 1096.689217] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1096.729360] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1096.737794] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1096.778080] Node 1 active_anon:1429872kB inactive_anon:18552kB active_file:55360kB inactive_file:23916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:1636kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1096.782655] CPU: 0 PID: 10359 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1096.808885] Node 0 
[ 1096.816789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1096.816794] Call Trace:
[ 1096.816815]  dump_stack+0x142/0x197
[ 1096.816829]  warn_alloc.cold+0x96/0x1af
[ 1096.816838]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1096.816856]  ? wait_for_completion+0x420/0x420
[ 1096.816870]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1096.816891]  ? warn_alloc+0xf0/0xf0
[ 1096.816909]  ? __might_sleep+0x93/0xb0
[ 1096.819790] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1096.828626]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1096.828640]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1096.828651]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1096.828670]  alloc_pages_current+0xec/0x1e0
[ 1096.828685]  kvm_mmu_create+0xdf/0x1e0
[ 1096.831351] lowmem_reserve[]:
[ 1096.834907]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1096.834923]  kvm_vcpu_init+0x272/0x360
[ 1096.834937]  vmx_create_vcpu+0xfc/0x2aa0
[ 1096.838951]  0
[ 1096.843863]  ? mutex_trylock+0x1c0/0x1c0
[ 1096.843884]  ? handle_rdmsr+0x6e0/0x6e0
[ 1096.843894]  ? wait_for_completion+0x420/0x420
[ 1096.843909]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1096.843921]  kvm_vm_ioctl+0x501/0x1600
[ 1096.843935]  ? __lock_acquire+0x5f7/0x4620
[ 1096.849165]  2569
[ 1096.853499]  ? find_held_lock+0x35/0x130
[ 1096.853516]  ? kvm_vcpu_release+0xa0/0xa0
[ 1096.853525]  ? trace_hardirqs_on+0x10/0x10
[ 1096.853538]  ? trace_hardirqs_on+0x10/0x10
[ 1096.853550]  ? __might_fault+0x110/0x1d0
[ 1096.853561]  ? save_trace+0x290/0x290
[ 1096.857234]  2569
[ 1096.861068]  ? __might_fault+0x110/0x1d0
[ 1096.861080]  ? __fget+0x210/0x370
[ 1096.861091]  ? retint_kernel+0x2d/0x2d
[ 1096.861106]  ? kvm_vcpu_release+0xa0/0xa0
[ 1096.861116]  do_vfs_ioctl+0x7ae/0x1060
[ 1096.861133]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1096.887601]  2569
[ 1096.894118]  ? check_preemption_disabled+0x3c/0x250
[ 1096.894132]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1096.894152]  ? security_file_ioctl+0x89/0xb0
[ 1096.894163]  SyS_ioctl+0x8f/0xc0
[ 1096.899255]  2569
[ 1096.904229]  ? do_vfs_ioctl+0x1060/0x1060
[ 1096.904243]  do_syscall_64+0x1e8/0x640
[ 1096.904252]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1096.904269]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1096.904277] RIP: 0033:0x45c429
[ 1096.904281] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1096.912622] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1096.912629] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1096.912634] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1096.912639] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1096.912644] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1097.096615] Node 0 DMA32 free:31484kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1097.127037] lowmem_reserve[]: 0 0 0 0 0
[ 1097.131233] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1097.158733] lowmem_reserve[]: 0 0 0 0 0
[ 1097.163019] Node 1 Normal free:1862180kB min:53504kB low:66880kB high:80256kB active_anon:1429604kB inactive_anon:18552kB active_file:55440kB inactive_file:23848kB unevictable:0kB writepending:1716kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27792kB bounce:0kB free_pcp:1088kB local_pcp:480kB free_cma:0kB
[ 1097.193943] lowmem_reserve[]: 0 0 0 0 0
[ 1097.198685] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1097.213434] Node 0 DMA32: 887*4kB (UME) 476*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31484kB
[ 1097.229755] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1097.247361] Node 1 Normal: 220*4kB (UM) 222*8kB (UME) 461*16kB (UME) 338*32kB (UM) 88*64kB (UM) 18*128kB (ME) 17*256kB (UME) 10*512kB (UM) 3*1024kB (ME) 3*2048kB (ME) 443*4096kB (M) = 1862000kB
[ 1097.265652] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1097.276276] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1097.284991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1097.294132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1097.303230] 21327 total pagecache pages
[ 1097.307210] 0 pages in swap cache
[ 1097.311206] Swap cache stats: add 0, delete 0, find 0/0
05:08:45 executing program 4:
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(0x0, 0x0)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe)

05:08:45 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:45 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:45 executing program 0:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe)
ioctl$KVM_ENABLE_CAP(r3, 0x4068aea3, &(0x7f0000000040)={0x0, 0x0, [0xfffffffffffffffb, 0x3, 0x3f, 0x100000001]})

05:08:45 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:45 executing program 1:
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1097.316591] Free swap  = 0kB
[ 1097.319620] Total swap = 0kB
[ 1097.322722] 1965979 pages RAM
[ 1097.325919] 0 pages HighMem/MovableOnly
[ 1097.329998] 335854 pages reserved
[ 1097.333599] 0 pages cma reserved
05:08:45 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:45 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x10, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1097.438019] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1097.475369] nla_parse: 3 callbacks suppressed
05:08:45 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:45 executing program 1:
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1097.475376] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1097.498515] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1097.534971] CPU: 1 PID: 10408 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1097.542937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1097.552421] Call Trace:
[ 1097.555025]  dump_stack+0x142/0x197
[ 1097.558672]  warn_alloc.cold+0x96/0x1af
[ 1097.562700]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1097.567564]  ? wait_for_completion+0x420/0x420
[ 1097.572172]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1097.577059]  ? warn_alloc+0xf0/0xf0
[ 1097.580799]  ? __might_sleep+0x93/0xb0
[ 1097.585579]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1097.590507]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1097.595567]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1097.600811]  alloc_pages_current+0xec/0x1e0
[ 1097.605405]  kvm_mmu_create+0xdf/0x1e0
[ 1097.609399]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1097.614355]  kvm_vcpu_init+0x272/0x360
[ 1097.615291] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1097.618449]  vmx_create_vcpu+0xfc/0x2aa0
[ 1097.618463]  ? mutex_trylock+0x1c0/0x1c0
[ 1097.618481]  ? handle_rdmsr+0x6e0/0x6e0
[ 1097.618491]  ? wait_for_completion+0x420/0x420
[ 1097.618505]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1097.618518]  kvm_vm_ioctl+0x501/0x1600
[ 1097.652263]  ? __lock_acquire+0x5f7/0x4620
[ 1097.656773]  ? get_unused_fd_flags+0xd0/0xd0
[ 1097.661305]  ? kvm_vcpu_release+0xa0/0xa0
[ 1097.665477]  ? trace_hardirqs_on+0x10/0x10
[ 1097.669740]  ? trace_hardirqs_on+0x10/0x10
[ 1097.673998]  ? __might_fault+0x110/0x1d0
[ 1097.678069]  ? save_trace+0x290/0x290
[ 1097.681893]  ? __might_fault+0x110/0x1d0
[ 1097.686059]  ? __fget+0x210/0x370
[ 1097.689524]  ? find_held_lock+0x35/0x130
[ 1097.693597]  ? __fget+0x210/0x370
[ 1097.697070]  ? kvm_vcpu_release+0xa0/0xa0
[ 1097.701317]  do_vfs_ioctl+0x7ae/0x1060
[ 1097.705218]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1097.710102]  ? lock_downgrade+0x740/0x740
[ 1097.714264]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1097.718723]  ? __fget+0x237/0x370
[ 1097.722201]  ? security_file_ioctl+0x89/0xb0
[ 1097.726923]  SyS_ioctl+0x8f/0xc0
[ 1097.730308]  ? do_vfs_ioctl+0x1060/0x1060
05:08:45 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1097.734470]  do_syscall_64+0x1e8/0x640
[ 1097.738374]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1097.743348]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1097.748551] RIP: 0033:0x45c429
[ 1097.751748] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1097.753488] syz-executor.2: 
[ 1097.759459] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1097.759465] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1097.759470] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
05:08:45 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x10, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1097.759475] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1097.759480] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1097.774265] warn_alloc_show_mem: 1 callbacks suppressed
[ 1097.774269] Mem-Info:
[ 1097.797585] page allocation failure: order:0
[ 1097.828561] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1097.830604] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1097.856898] active_anon:837643 inactive_anon:4834 isolated_anon:0
[ 1097.856898]  active_file:14326 inactive_file:6732 isolated_file:0
05:08:45 executing program 4:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_getanyicast={0x14, 0x3e, 0x101}, 0x14}}, 0x0)

05:08:45 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:45 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x10, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1097.856898]  unevictable:0 dirty:459 writeback:0 unstable:0
[ 1097.856898]  slab_reclaimable:17688 slab_unreclaimable:149490
[ 1097.856898]  mapped:59432 shmem:255 pagetables:16937 bounce:0
[ 1097.856898]  free:475259 free_pcp:347 free_cma:0
[ 1097.895699] (null)
[ 1097.908794] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1097.927121] CPU: 0 PID: 10403 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1097.935062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1097.937970] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1097.944440] Call Trace:
[ 1097.944462]  dump_stack+0x142/0x197
[ 1097.944476]  warn_alloc.cold+0x96/0x1af
[ 1097.944486]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1097.944503]  ? wait_for_completion+0x420/0x420
[ 1097.944516]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1097.944538]  ? warn_alloc+0xf0/0xf0
[ 1097.981398]  ? __might_sleep+0x93/0xb0
[ 1097.985587]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1097.988186] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1097.990269]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1097.990281]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1097.990295]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1097.990310]  alloc_pages_current+0xec/0x1e0
[ 1098.018648] Node 1 active_anon:1429892kB inactive_anon:18552kB active_file:55448kB inactive_file:23860kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27192kB dirty:1720kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1098.023646]  kvm_mmu_create+0xdf/0x1e0
[ 1098.023661]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1098.023674]  kvm_vcpu_init+0x272/0x360
[ 1098.023686]  vmx_create_vcpu+0xfc/0x2aa0
[ 1098.023697]  ? check_preemption_disabled+0x3c/0x250
[ 1098.023709]  ? retint_kernel+0x2d/0x2d
[ 1098.029371] Node 0 
[ 1098.033488]  ? handle_rdmsr+0x6e0/0x6e0
[ 1098.033506]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1098.033519]  kvm_vm_ioctl+0x501/0x1600
[ 1098.033530]  ? __lock_acquire+0x5f7/0x4620
[ 1098.033537]  ? mark_held_locks+0xb1/0x100
[ 1098.033550]  ? kvm_vcpu_release+0xa0/0xa0
[ 1098.037950] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1098.065959]  ? retint_kernel+0x2d/0x2d
[ 1098.065974]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1098.065985]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1098.065997]  ? check_preemption_disabled+0x3c/0x250
[ 1098.066005]  ? retint_kernel+0x2d/0x2d
[ 1098.066021]  ? selinux_file_ioctl+0x19a/0x560
[ 1098.066035]  ? selinux_file_ioctl+0x1b7/0x560
[ 1098.070516] lowmem_reserve[]:
[ 1098.074293]  ? kvm_vcpu_release+0xa0/0xa0
[ 1098.074306]  do_vfs_ioctl+0x7ae/0x1060
[ 1098.074322]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1098.078434]  0
[ 1098.082426]  ? lock_downgrade+0x740/0x740
[ 1098.082440]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1098.082452]  ? __fget+0x237/0x370
[ 1098.082468]  ? security_file_ioctl+0x89/0xb0
[ 1098.082481]  SyS_ioctl+0x8f/0xc0
[ 1098.087831]  2569
[ 1098.092079]  ? do_vfs_ioctl+0x1060/0x1060
[ 1098.092093]  do_syscall_64+0x1e8/0x640
[ 1098.092102]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1098.092117]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1098.092125] RIP: 0033:0x45c429
[ 1098.092133] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246
[ 1098.094417]  2569
[ 1098.098327]  ORIG_RAX: 0000000000000010
[ 1098.098333] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1098.098339] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1098.098344] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1098.098349] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1098.098357] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1098.103287]  2569 2569
[ 1098.292699] Node 0 DMA32 free:31360kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:132kB local_pcp:8kB free_cma:0kB
[ 1098.322690] lowmem_reserve[]: 0 0 0 0 0
[ 1098.326701] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1098.352765] lowmem_reserve[]: 0 0 0 0 0
[ 1098.356779] Node 1 Normal free:1860848kB min:53504kB low:66880kB high:80256kB active_anon:1429608kB inactive_anon:18552kB active_file:55440kB inactive_file:23892kB unevictable:0kB writepending:1796kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13792kB pagetables:27796kB bounce:0kB free_pcp:1252kB local_pcp:572kB free_cma:0kB
[ 1098.388039] lowmem_reserve[]: 0 0 0 0 0
[ 1098.392115] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1098.409464] Node 0 DMA32: 856*4kB (UME) 479*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31384kB
[ 1098.425800] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1098.436690] Node 1 Normal: 201*4kB (UME) 62*8kB (UME) 541*16kB (UME) 348*32kB (UM) 89*64kB (UM) 21*128kB (UME) 17*256kB (UME) 10*512kB (UM) 4*1024kB (UME) 4*2048kB (UME) 442*4096kB (M) = 1861668kB
[ 1098.455970] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1098.464923] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:08:46 executing program 0:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe)
ioctl$KVM_ENABLE_CAP(r3, 0x4068aea3, &(0x7f0000000040)={0x0, 0x0, [0xfffffffffffffffb, 0x3, 0x3f, 0x100000001]})

05:08:46 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:46 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:46 executing program 4:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_getanyicast={0x14, 0x3e, 0x101}, 0x14}}, 0x0)

05:08:46 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:46 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1098.473693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1098.482629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1098.491327] 21338 total pagecache pages
[ 1098.495317] 0 pages in swap cache
[ 1098.499012] Swap cache stats: add 0, delete 0, find 0/0
[ 1098.508832] Free swap  = 0kB
[ 1098.512528] Total swap = 0kB
[ 1098.515673] 1965979 pages RAM
[ 1098.518873] 0 pages HighMem/MovableOnly
[ 1098.523078] 335854 pages reserved
[ 1098.526526] 0 pages cma reserved
05:08:46 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1098.569846] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:46 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:46 executing program 4:
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

05:08:46 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1098.703605] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1098.728211] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1098.746843] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1098.775710] CPU: 1 PID: 10462 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1098.783815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1098.793191] Call Trace:
[ 1098.795791]  dump_stack+0x142/0x197
[ 1098.799437]  warn_alloc.cold+0x96/0x1af
[ 1098.803440]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1098.808424]  ? wait_for_completion+0x420/0x420
[ 1098.813058]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1098.818089]  ? warn_alloc+0xf0/0xf0
[ 1098.821737]  ? __might_sleep+0x93/0xb0
[ 1098.825630]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1098.830396]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.835430]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1098.840472]  alloc_pages_current+0xec/0x1e0
[ 1098.845099]  kvm_mmu_create+0xdf/0x1e0
[ 1098.848997]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1098.853324]  kvm_vcpu_init+0x272/0x360
[ 1098.857212]  vmx_create_vcpu+0xfc/0x2aa0
[ 1098.861291]  ? mutex_trylock+0x1c0/0x1c0
[ 1098.865373]  ? handle_rdmsr+0x6e0/0x6e0
[ 1098.869362]  ? wait_for_completion+0x420/0x420
[ 1098.874140]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1098.878499]  kvm_vm_ioctl+0x501/0x1600
[ 1098.882415]  ? __lock_acquire+0x5f7/0x4620
[ 1098.886648]  ? get_unused_fd_flags+0xd0/0xd0
[ 1098.891181]  ? kvm_vcpu_release+0xa0/0xa0
[ 1098.895345]  ? trace_hardirqs_on+0x10/0x10
[ 1098.899603]  ? trace_hardirqs_on+0x10/0x10
[ 1098.903889]  ? __might_fault+0x110/0x1d0
[ 1098.908000]  ? save_trace+0x290/0x290
[ 1098.911810]  ? __might_fault+0x110/0x1d0
[ 1098.915878]  ? __fget+0x210/0x370
[ 1098.919357]  ? find_held_lock+0x35/0x130
[ 1098.923430]  ? __fget+0x210/0x370
[ 1098.926886]  ? kvm_vcpu_release+0xa0/0xa0
[ 1098.931050]  do_vfs_ioctl+0x7ae/0x1060
[ 1098.934967]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1098.939751]  ? lock_downgrade+0x740/0x740
[ 1098.943917]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1098.948337]  ? __fget+0x237/0x370
[ 1098.951828]  ? security_file_ioctl+0x89/0xb0
[ 1098.956239]  SyS_ioctl+0x8f/0xc0
[ 1098.959615]  ? do_vfs_ioctl+0x1060/0x1060
[ 1098.963793]  do_syscall_64+0x1e8/0x640
[ 1098.968828]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:08:46 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1098.973692]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1098.978912] RIP: 0033:0x45c429
[ 1098.982128] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1098.989948] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1098.997227] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1099.004511] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1099.011789] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1099.019330] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:08:46 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, 0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1099.145727] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1099.146113] warn_alloc_show_mem: 1 callbacks suppressed
[ 1099.146117] Mem-Info:
[ 1099.168182] active_anon:838701 inactive_anon:4833 isolated_anon:0
[ 1099.168182]  active_file:14324 inactive_file:6751 isolated_file:0
[ 1099.168182]  unevictable:0 dirty:256 writeback:0 unstable:0
[ 1099.168182]  slab_reclaimable:17700 slab_unreclaimable:149043
[ 1099.168182]  mapped:59410 shmem:254 pagetables:16951 bounce:0
[ 1099.168182]  free:474732 free_pcp:246 free_cma:0
[ 1099.223601] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1099.253100] Node 1 active_anon:1441824kB inactive_anon:18548kB active_file:55440kB inactive_file:23908kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26904kB dirty:908kB writeback:0kB shmem:28kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1099.283252] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1099.326320] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1099.331635] Node 0 DMA32 free:31384kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:56kB local_pcp:16kB free_cma:0kB
[ 1099.362128] lowmem_reserve[]: 0 0 0 0 0
[ 1099.366446] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1099.418238] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1099.432298] lowmem_reserve[]: 0 0 0 0 0
[ 1099.436491] Node 1 Normal free:1860828kB min:53504kB low:66880kB high:80256kB active_anon:1429724kB inactive_anon:18548kB active_file:55440kB inactive_file:23908kB unevictable:0kB writepending:832kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27744kB bounce:0kB free_pcp:1368kB local_pcp:668kB free_cma:0kB
[ 1099.468157] lowmem_reserve[]: 0 0 0 0 0
[ 1099.471302] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1099.472805] Node 0 
[ 1099.477723] CPU: 0 PID: 10456 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1099.477761] DMA: 
[ 1099.480031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1099.480035] Call Trace:
[ 1099.480054]  dump_stack+0x142/0x197
[ 1099.480067]  warn_alloc.cold+0x96/0x1af
[ 1099.480077]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1099.480094]  ? wait_for_completion+0x420/0x420
[ 1099.480109]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1099.488525] 12*4kB 
[ 1099.490083]  ? warn_alloc+0xf0/0xf0
[ 1099.490103]  ? __might_sleep+0x93/0xb0
[ 1099.490117]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1099.499645] (UM) 
[ 1099.502182]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1099.502195]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1099.502215]  alloc_pages_current+0xec/0x1e0
[ 1099.502234]  kvm_mmu_create+0xdf/0x1e0
[ 1099.502248]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1099.507273] 6*8kB 
[ 1099.509854]  kvm_vcpu_init+0x272/0x360
[ 1099.509871]  vmx_create_vcpu+0xfc/0x2aa0
[ 1099.514973] (UM) 
[ 1099.519432]  ? check_preemption_disabled+0x3c/0x250
[ 1099.519448]  ? handle_rdmsr+0x6e0/0x6e0
[ 1099.519470]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1099.524725] 1*16kB 
[ 1099.526833]  kvm_vm_ioctl+0x501/0x1600
[ 1099.526846]  ? __lock_acquire+0x5f7/0x4620
[ 1099.526856]  ? do_futex+0x12b/0x19e0
[ 1099.526872]  ? kvm_vcpu_release+0xa0/0xa0
[ 1099.530637] (U) 
[ 1099.534421]  ? retint_kernel+0x2d/0x2d
[ 1099.534435]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1099.534447]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1099.534460]  ? check_preemption_disabled+0x3c/0x250
[ 1099.534470]  ? retint_kernel+0x2d/0x2d
[ 1099.539269] 1*32kB 
[ 1099.541249]  ? selinux_file_ioctl+0x83/0x560
[ 1099.541259]  ? selinux_file_ioctl+0x42b/0x560
[ 1099.541273]  ? kvm_vcpu_release+0xa0/0xa0
[ 1099.541286]  do_vfs_ioctl+0x7ae/0x1060
[ 1099.541296]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1099.541308]  ? lock_downgrade+0x740/0x740
[ 1099.549125] (U) 
[ 1099.551665]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1099.551679]  ? __fget+0x237/0x370
[ 1099.551697]  ? security_file_ioctl+0x89/0xb0
[ 1099.551712]  SyS_ioctl+0x8f/0xc0
[ 1099.556100] 2*64kB 
[ 1099.559907]  ? do_vfs_ioctl+0x1060/0x1060
[ 1099.559921]  do_syscall_64+0x1e8/0x640
[ 1099.559934]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1099.564796] (UM) 
[ 1099.566724]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1099.566735] RIP: 0033:0x45c429
[ 1099.571000] 1*128kB 
[ 1099.575057] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1099.575069] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1099.575074] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1099.575079] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1099.575084] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1099.575089] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1099.755234] (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1099.764392] Node 0 DMA32: 856*4kB (UME) 482*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31408kB
[ 1099.779948] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1099.791218] Node 1 Normal: 314*4kB (UME) 133*8kB (UME) 493*16kB (UME) 358*32kB (UM) 91*64kB (UM) 22*128kB (UME) 17*256kB (UME) 11*512kB (UM) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1860960kB
[ 1099.809683] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1099.818797] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1099.827587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1099.836503] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1099.845245] 21349 total pagecache pages
[ 1099.849238] 0 pages in swap cache
[ 1099.852851] Swap cache stats: add 0, delete 0, find 0/0
[ 1099.858258] Free swap  = 0kB
[ 1099.861416] Total swap = 0kB
[ 1099.864710] 1965979 pages RAM
05:08:47 executing program 0:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_getanyicast={0x14, 0x3e, 0x101}, 0x14}}, 0x0)

05:08:47 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:47 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:47 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:47 executing program 4:
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
sendto$inet6(r0, &(0x7f0000000180)="0503000006003e0000000d00c52cf7c25975e605b02f86ddeb2b2ff0dac8897c6b118777faffffff306609000000c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3fe257c3314", 0x202, 0x0, 0x0, 0x0)

05:08:47 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1099.867950] 0 pages HighMem/MovableOnly
[ 1099.872004] 335854 pages reserved
[ 1099.875461] 0 pages cma reserved
05:08:47 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1099.919943] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:47 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:47 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:47 executing program 0:
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
open$dir(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_getanyicast={0x14, 0x3e, 0x101}, 0x14}}, 0x0)

[ 1100.113052] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:47 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:47 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:47 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, 0x0, 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1100.199989] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1100.236196] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1100.259721] CPU: 0 PID: 10506 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1100.267738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1100.277211] Call Trace:
[ 1100.280108]  dump_stack+0x142/0x197
[ 1100.283754]  warn_alloc.cold+0x96/0x1af
[ 1100.287878]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1100.292785]  ? wait_for_completion+0x420/0x420
[ 1100.297401]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1100.302282]  ? warn_alloc+0xf0/0xf0
[ 1100.305941]  ? __might_sleep+0x93/0xb0
05:08:47 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, 0x0, 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:48 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, 0x0, 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1100.310087]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1100.317916]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1100.323050]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1100.328087]  alloc_pages_current+0xec/0x1e0
[ 1100.332422]  kvm_mmu_create+0xdf/0x1e0
[ 1100.336329]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1100.340940]  kvm_vcpu_init+0x272/0x360
[ 1100.344843]  vmx_create_vcpu+0xfc/0x2aa0
[ 1100.349015]  ? handle_rdmsr+0x6e0/0x6e0
[ 1100.353012]  ? wait_for_completion+0x420/0x420
05:08:48 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[], 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

[ 1100.357641]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1100.361982]  kvm_vm_ioctl+0x501/0x1600
[ 1100.365894]  ? __lock_acquire+0x5f7/0x4620
[ 1100.370145]  ? mark_held_locks+0xb1/0x100
[ 1100.374669]  ? kvm_vcpu_release+0xa0/0xa0
[ 1100.378891]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1100.383977]  ? trace_hardirqs_on+0x10/0x10
[ 1100.388329]  ? __might_fault+0x110/0x1d0
[ 1100.392506]  ? save_trace+0x290/0x290
[ 1100.396350]  ? __might_fault+0x110/0x1d0
[ 1100.400528]  ? __fget+0x210/0x370
[ 1100.406827]  ? retint_kernel+0x2d/0x2d
[ 1100.410752]  ? kvm_vcpu_release+0xa0/0xa0
[ 1100.414926]  do_vfs_ioctl+0x7ae/0x1060
[ 1100.418965]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1100.423766]  ? check_preemption_disabled+0x3c/0x250
[ 1100.428848]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1100.433272]  ? security_file_ioctl+0x89/0xb0
[ 1100.437712]  SyS_ioctl+0x8f/0xc0
[ 1100.441086]  ? do_vfs_ioctl+0x1060/0x1060
[ 1100.445258]  do_syscall_64+0x1e8/0x640
[ 1100.449247]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1100.454696]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1100.461546] RIP: 0033:0x45c429
[ 1100.465288] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1100.473306] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1100.481761] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1100.489114] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1100.496653] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1100.504215] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1100.513671] warn_alloc_show_mem: 1 callbacks suppressed
[ 1100.513687] Mem-Info:
[ 1100.522927] active_anon:837638 inactive_anon:4834 isolated_anon:0
[ 1100.522927]  active_file:14324 inactive_file:6765 isolated_file:0
[ 1100.522927]  unevictable:0 dirty:253 writeback:0 unstable:0
[ 1100.522927]  slab_reclaimable:17671 slab_unreclaimable:149454
[ 1100.522927]  mapped:59415 shmem:255 pagetables:16919 bounce:0
[ 1100.522927]  free:475149 free_pcp:281 free_cma:0
[ 1100.558555] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1100.589318] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1100.598266] Node 1 active_anon:1429872kB inactive_anon:18552kB active_file:55440kB inactive_file:23964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26924kB dirty:912kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1100.629852] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1100.657740] lowmem_reserve[]: 0 2569 2569 2569 2569
05:08:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}]}})

[ 1100.671507] Node 0 DMA32 free:31284kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:168kB local_pcp:52kB free_cma:0kB
[ 1100.705295] lowmem_reserve[]: 0 0 0 0 0
[ 1100.709751] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1100.745157] lowmem_reserve[]: 0 0 0 0 0
[ 1100.749831] Node 1 Normal free:1861304kB min:53504kB low:66880kB high:80256kB active_anon:1429668kB inactive_anon:18552kB active_file:55440kB inactive_file:23984kB unevictable:0kB writepending:920kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27652kB bounce:0kB free_pcp:1092kB local_pcp:488kB free_cma:0kB
[ 1100.772846] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1100.785871] lowmem_reserve[]: 0 0 0 0 0
[ 1100.795264] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1100.799163] Node 0 
[ 1100.804699] CPU: 1 PID: 10550 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1100.804706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1100.804711] Call Trace:
[ 1100.804727]  dump_stack+0x142/0x197
[ 1100.804742]  warn_alloc.cold+0x96/0x1af
[ 1100.804752]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1100.804772]  ? wait_for_completion+0x420/0x420
[ 1100.804788]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1100.804809]  ? warn_alloc+0xf0/0xf0
[ 1100.811263] DMA: 
[ 1100.815113]  ? __might_sleep+0x93/0xb0
[ 1100.815130]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1100.815144]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1100.815156]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1100.815176]  alloc_pages_current+0xec/0x1e0
[ 1100.827615] 12*4kB 
[ 1100.830772]  kvm_mmu_create+0xdf/0x1e0
[ 1100.830787]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1100.830800]  kvm_vcpu_init+0x272/0x360
[ 1100.830812]  vmx_create_vcpu+0xfc/0x2aa0
[ 1100.830823]  ? mutex_trylock+0x1c0/0x1c0
[ 1100.830839]  ? handle_rdmsr+0x6e0/0x6e0
[ 1100.830849]  ? wait_for_completion+0x420/0x420
[ 1100.830862]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1100.830873]  kvm_vm_ioctl+0x501/0x1600
[ 1100.830884]  ? __lock_acquire+0x5f7/0x4620
[ 1100.830895]  ? get_unused_fd_flags+0xd0/0xd0
[ 1100.830908]  ? kvm_vcpu_release+0xa0/0xa0
[ 1100.830917]  ? trace_hardirqs_on+0x10/0x10
[ 1100.830933]  ? trace_hardirqs_on+0x10/0x10
[ 1100.830954]  ? __might_fault+0x110/0x1d0
[ 1100.836359] (UM) 
[ 1100.839830]  ? save_trace+0x290/0x290
[ 1100.839843]  ? __might_fault+0x110/0x1d0
[ 1100.839855]  ? __fget+0x210/0x370
[ 1100.839864]  ? find_held_lock+0x35/0x130
[ 1100.839873]  ? __fget+0x210/0x370
[ 1100.839911]  ? kvm_vcpu_release+0xa0/0xa0
[ 1100.839925]  do_vfs_ioctl+0x7ae/0x1060
[ 1100.847571] 6*8kB 
[ 1100.849477]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1100.849490]  ? lock_downgrade+0x740/0x740
[ 1100.849502]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1100.849514]  ? __fget+0x237/0x370
[ 1100.849531]  ? security_file_ioctl+0x89/0xb0
[ 1100.854771] (UM) 
[ 1100.855233]  SyS_ioctl+0x8f/0xc0
[ 1100.855245]  ? do_vfs_ioctl+0x1060/0x1060
[ 1100.859245] 1*16kB 
[ 1100.863782]  do_syscall_64+0x1e8/0x640
[ 1100.863792]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1100.863808]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1100.863816] RIP: 0033:0x45c429
[ 1100.863822] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1100.863837] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1100.863842] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1100.863847] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1100.863852] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1100.863858] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1101.092109] (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1101.104259] Node 0 DMA32: 825*4kB (UME) 482*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31284kB
[ 1101.120234] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1101.132233] Node 1 Normal: 347*4kB (UME) 125*8kB (UME) 517*16kB (UME) 347*32kB (UM) 95*64kB (UM) 23*128kB (UME) 17*256kB (ME) 11*512kB (UM) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1861444kB
[ 1101.150564] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1101.159420] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1101.168074] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:08:48 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:48 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[], 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:48 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:48 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:48 executing program 0:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe)
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, 0x0)

05:08:48 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8)
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
sendfile(r3, r4, 0x0, 0x100000080000000)

[ 1101.176998] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1101.186340] 21359 total pagecache pages
[ 1101.190406] 0 pages in swap cache
[ 1101.193860] Swap cache stats: add 0, delete 0, find 0/0
[ 1101.199213] Free swap  = 0kB
[ 1101.202316] Total swap = 0kB
[ 1101.208032] 1965979 pages RAM
[ 1101.211301] 0 pages HighMem/MovableOnly
[ 1101.215378] 335854 pages reserved
[ 1101.218814] 0 pages cma reserved
05:08:48 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:49 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[], 0x0)
capset(&(0x7f0000000ffc)={0x20080522}, 0x0)

05:08:49 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:49 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:49 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(0x0, 0x0)

05:08:49 executing program 0:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe)
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, 0x0)

[ 1101.669641] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1101.681808] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1101.687367] CPU: 1 PID: 10572 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1101.695386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1101.704747] Call Trace:
[ 1101.707461]  dump_stack+0x142/0x197
[ 1101.711256]  warn_alloc.cold+0x96/0x1af
[ 1101.715250]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1101.720106]  ? wait_for_completion+0x420/0x420
[ 1101.724683]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1101.729533]  ? warn_alloc+0xf0/0xf0
[ 1101.733170]  ? __might_sleep+0x93/0xb0
[ 1101.737174]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1101.741834]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1101.746837]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1101.751856]  alloc_pages_current+0xec/0x1e0
[ 1101.756167]  kvm_mmu_create+0xdf/0x1e0
[ 1101.760047]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1101.764401]  kvm_vcpu_init+0x272/0x360
[ 1101.768298]  vmx_create_vcpu+0xfc/0x2aa0
[ 1101.772352]  ? check_preemption_disabled+0x3c/0x250
[ 1101.777386]  ? retint_kernel+0x2d/0x2d
[ 1101.781266]  ? handle_rdmsr+0x6e0/0x6e0
[ 1101.785242]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1101.789679]  kvm_vm_ioctl+0x501/0x1600
[ 1101.793561]  ? __lock_acquire+0x5f7/0x4620
[ 1101.797827]  ? kvm_vcpu_release+0xa0/0xa0
[ 1101.801977]  ? trace_hardirqs_on+0x10/0x10
[ 1101.806209]  ? retint_kernel+0x2d/0x2d
[ 1101.810098]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1101.815116]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1101.819880]  ? check_preemption_disabled+0x3c/0x250
[ 1101.824946]  ? retint_kernel+0x2d/0x2d
[ 1101.828857]  ? do_vfs_ioctl+0x74f/0x1060
[ 1101.833086]  ? kvm_vcpu_release+0xa0/0xa0
[ 1101.837339]  do_vfs_ioctl+0x7ae/0x1060
[ 1101.841428]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1101.846183]  ? lock_downgrade+0x740/0x740
[ 1101.850336]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1101.854794]  ? __fget+0x237/0x370
[ 1101.858311]  ? security_file_ioctl+0x89/0xb0
[ 1101.862711]  SyS_ioctl+0x8f/0xc0
[ 1101.866071]  ? do_vfs_ioctl+0x1060/0x1060
[ 1101.870257]  do_syscall_64+0x1e8/0x640
[ 1101.874140]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1101.878981]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1101.884244] RIP: 0033:0x45c429
[ 1101.887435] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1101.895201] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1101.902579] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1101.909915] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1101.917182] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1101.924575] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1101.935184] warn_alloc_show_mem: 1 callbacks suppressed
[ 1101.935227] Mem-Info:
[ 1101.945956] active_anon:837570 inactive_anon:4834 isolated_anon:0
[ 1101.945956]  active_file:14324 inactive_file:6798 isolated_file:0
[ 1101.945956]  unevictable:0 dirty:263 writeback:0 unstable:0
[ 1101.945956]  slab_reclaimable:17660 slab_unreclaimable:149295
[ 1101.945956]  mapped:59432 shmem:255 pagetables:16827 bounce:0
[ 1101.945956]  free:475814 free_pcp:373 free_cma:0
[ 1101.980745] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1102.009633] Node 1 active_anon:1429600kB inactive_anon:18552kB active_file:55440kB inactive_file:24096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:936kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1102.037908] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1102.065380] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1102.070636] Node 0 DMA32 free:31160kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:212kB local_pcp:120kB free_cma:0kB
[ 1102.101725] lowmem_reserve[]: 0 0 0 0 0
[ 1102.106045] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1102.131844] lowmem_reserve[]: 0 0 0 0 0
[ 1102.136495] Node 1 Normal free:1861656kB min:53504kB low:66880kB high:80256kB active_anon:1429492kB inactive_anon:18552kB active_file:55440kB inactive_file:24004kB unevictable:0kB writepending:968kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27692kB bounce:0kB free_pcp:1272kB local_pcp:624kB free_cma:0kB
[ 1102.167393] lowmem_reserve[]: 0 0 0 0 0
[ 1102.171455] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1102.187069] Node 0 DMA32: 794*4kB (UME) 482*8kB (UMH) 364*16kB (UM) 328*32kB (UMH) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31160kB
[ 1102.203100] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1102.213876] Node 1 Normal: 354*4kB (UME) 138*8kB (UME) 508*16kB (UME) 352*32kB (UM) 91*64kB (UM) 20*128kB (UME) 18*256kB (UME) 12*512kB (M) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1861720kB
[ 1102.233086] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1102.242025] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1102.250921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1102.259875] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:08:50 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:50 executing program 4:
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x35}, [@call={0x85, 0x0, 0x0, 0x8}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)

05:08:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:50 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:50 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(0x0, 0x0)

05:08:50 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1102.269439] 21367 total pagecache pages
[ 1102.273479] 0 pages in swap cache
[ 1102.276924] Swap cache stats: add 0, delete 0, find 0/0
[ 1102.282355] Free swap  = 0kB
[ 1102.285374] Total swap = 0kB
[ 1102.288374] 1965979 pages RAM
[ 1102.291567] 0 pages HighMem/MovableOnly
[ 1102.295531] 335854 pages reserved
[ 1102.298967] 0 pages cma reserved
05:08:50 executing program 4:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe)

05:08:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1102.398155] audit: type=1400 audit(1582348130.063:110): avc:  denied  { map } for  pid=10602 comm="syz-executor.0" path=2F6D656D66643AC0C1FAD33EE0BAD3B10BB737511EDDA39FD4E76004FC6D4A8A10C1E96E1A029A4EA123202864656C6574656429 dev="hugetlbfs" ino=282084 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1
05:08:50 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(0x0, 0x0)

05:08:50 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1102.510884] nla_parse: 4 callbacks suppressed
[ 1102.510890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1102.527776] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:08:50 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

[ 1102.571531] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1102.591491] CPU: 1 PID: 10613 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1102.599571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1102.609052] Call Trace:
[ 1102.611658]  dump_stack+0x142/0x197
[ 1102.615301]  warn_alloc.cold+0x96/0x1af
[ 1102.619418]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1102.624491]  ? wait_for_completion+0x420/0x420
[ 1102.629092]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1102.633960]  ? warn_alloc+0xf0/0xf0
[ 1102.637648]  ? __might_sleep+0x93/0xb0
[ 1102.641644]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1102.646339]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1102.651387]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1102.656520]  alloc_pages_current+0xec/0x1e0
[ 1102.660868]  kvm_mmu_create+0xdf/0x1e0
[ 1102.664773]  kvm_arch_vcpu_init+0x29c/0x8e0
05:08:50 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:50 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:50 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1102.669110]  kvm_vcpu_init+0x272/0x360
[ 1102.673015]  vmx_create_vcpu+0xfc/0x2aa0
[ 1102.677091]  ? mutex_trylock+0x1c0/0x1c0
[ 1102.681174]  ? handle_rdmsr+0x6e0/0x6e0
[ 1102.685163]  ? wait_for_completion+0x420/0x420
[ 1102.689764]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1102.694102]  kvm_vm_ioctl+0x501/0x1600
[ 1102.698023]  ? __lock_acquire+0x5f7/0x4620
[ 1102.702264]  ? get_unused_fd_flags+0xd0/0xd0
[ 1102.706691]  ? kvm_vcpu_release+0xa0/0xa0
[ 1102.710980]  ? trace_hardirqs_on+0x10/0x10
[ 1102.715232]  ? trace_hardirqs_on+0x10/0x10
05:08:50 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1102.719616]  ? __might_fault+0x110/0x1d0
[ 1102.723693]  ? save_trace+0x290/0x290
[ 1102.727531]  ? __might_fault+0x110/0x1d0
[ 1102.731611]  ? __fget+0x210/0x370
[ 1102.735077]  ? find_held_lock+0x35/0x130
[ 1102.739158]  ? __fget+0x210/0x370
[ 1102.742628]  ? kvm_vcpu_release+0xa0/0xa0
[ 1102.746794]  do_vfs_ioctl+0x7ae/0x1060
[ 1102.750697]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1102.755471]  ? lock_downgrade+0x740/0x740
[ 1102.759969]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1102.764393]  ? __fget+0x237/0x370
[ 1102.767860]  ? security_file_ioctl+0x89/0xb0
05:08:50 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1102.772284]  SyS_ioctl+0x8f/0xc0
[ 1102.775657]  ? do_vfs_ioctl+0x1060/0x1060
[ 1102.779815]  do_syscall_64+0x1e8/0x640
[ 1102.783712]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1102.788724]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1102.793930] RIP: 0033:0x45c429
[ 1102.797138] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1102.805011] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1102.812416] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
05:08:50 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1102.819698] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1102.826972] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1102.834251] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:08:50 executing program 4:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}, {0x0, 0x9}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe)

05:08:50 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc), 0x0)

05:08:50 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

[ 1102.900369] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:50 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:50 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc), 0x0)

05:08:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:50 executing program 0:
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1103.055681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1103.094681] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1103.133913] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1103.154110] CPU: 1 PID: 10656 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1103.162039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1103.171400] Call Trace:
[ 1103.174005]  dump_stack+0x142/0x197
[ 1103.178325]  warn_alloc.cold+0x96/0x1af
05:08:50 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:50 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:50 executing program 0:
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1103.181755] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1103.182313]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1103.195803]  ? wait_for_completion+0x420/0x420
[ 1103.200414]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1103.205285]  ? warn_alloc+0xf0/0xf0
[ 1103.208937]  ? __might_sleep+0x93/0xb0
[ 1103.212838]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1103.217679]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1103.222711]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1103.227753]  alloc_pages_current+0xec/0x1e0
[ 1103.232096]  kvm_mmu_create+0xdf/0x1e0
[ 1103.236013]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1103.240469]  kvm_vcpu_init+0x272/0x360
[ 1103.244411]  vmx_create_vcpu+0xfc/0x2aa0
[ 1103.248492]  ? mutex_trylock+0x1c0/0x1c0
[ 1103.252668]  ? handle_rdmsr+0x6e0/0x6e0
[ 1103.256660]  ? wait_for_completion+0x420/0x420
[ 1103.261265]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1103.265608]  kvm_vm_ioctl+0x501/0x1600
[ 1103.269511]  ? __lock_acquire+0x5f7/0x4620
[ 1103.273762]  ? get_unused_fd_flags+0xd0/0xd0
[ 1103.278187]  ? kvm_vcpu_release+0xa0/0xa0
[ 1103.282461]  ? trace_hardirqs_on+0x10/0x10
[ 1103.286279] syz-executor.2: page allocation failure: order:0
[ 1103.286704]  ? trace_hardirqs_on+0x10/0x10
[ 1103.286709] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1103.292612]  ? __might_fault+0x110/0x1d0
[ 1103.292626]  ? save_trace+0x290/0x290
[ 1103.292634]  ? __might_fault+0x110/0x1d0
[ 1103.292646]  ? __fget+0x210/0x370
[ 1103.292655]  ? find_held_lock+0x35/0x130
[ 1103.292668]  ? __fget+0x210/0x370
[ 1103.292683]  ? kvm_vcpu_release+0xa0/0xa0
[ 1103.297136] syz-executor.2 cpuset=
05:08:51 executing program 0:
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1103.303327]  do_vfs_ioctl+0x7ae/0x1060
[ 1103.303342]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1103.303351]  ? lock_downgrade+0x740/0x740
[ 1103.303360]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1103.303373]  ? __fget+0x237/0x370
[ 1103.303390]  ? security_file_ioctl+0x89/0xb0
[ 1103.303403]  SyS_ioctl+0x8f/0xc0
[ 1103.303412]  ? do_vfs_ioctl+0x1060/0x1060
[ 1103.303423]  do_syscall_64+0x1e8/0x640
[ 1103.303433]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1103.303448]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1103.303459] RIP: 0033:0x45c429
[ 1103.308562] syz2
[ 1103.311344] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246
[ 1103.315686]  mems_allowed=0-1
[ 1103.318861]  ORIG_RAX: 0000000000000010
[ 1103.318868] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1103.318873] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1103.318878] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1103.318883] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1103.318889] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1103.365856] warn_alloc_show_mem: 1 callbacks suppressed
[ 1103.365860] Mem-Info:
[ 1103.418735] CPU: 0 PID: 10674 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1103.429736] active_anon:837651 inactive_anon:4832 isolated_anon:0
[ 1103.429736]  active_file:14324 inactive_file:6779 isolated_file:0
[ 1103.429736]  unevictable:0 dirty:279 writeback:0 unstable:0
[ 1103.429736]  slab_reclaimable:17633 slab_unreclaimable:149375
[ 1103.429736]  mapped:59407 shmem:255 pagetables:16915 bounce:0
[ 1103.429736]  free:475385 free_pcp:272 free_cma:0
[ 1103.432368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1103.432373] Call Trace:
[ 1103.432391]  dump_stack+0x142/0x197
[ 1103.432404]  warn_alloc.cold+0x96/0x1af
[ 1103.432414]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1103.432431]  ? wait_for_completion+0x420/0x420
[ 1103.432445]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1103.432466]  ? warn_alloc+0xf0/0xf0
[ 1103.439952] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1103.445542]  ? __might_sleep+0x93/0xb0
[ 1103.445555]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1103.445567]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1103.445577]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1103.445601]  alloc_pages_current+0xec/0x1e0
[ 1103.445615]  kvm_mmu_create+0xdf/0x1e0
[ 1103.445627]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1103.445639]  kvm_vcpu_init+0x272/0x360
[ 1103.445651]  vmx_create_vcpu+0xfc/0x2aa0
[ 1103.445661]  ? mutex_trylock+0x1c0/0x1c0
[ 1103.445677]  ? handle_rdmsr+0x6e0/0x6e0
[ 1103.449192] Node 1 active_anon:1429924kB inactive_anon:18544kB active_file:55440kB inactive_file:24048kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1000kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1103.456021]  ? wait_for_completion+0x420/0x420
[ 1103.456042]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1103.456056]  kvm_vm_ioctl+0x501/0x1600
[ 1103.456066]  ? __lock_acquire+0x5f7/0x4620
[ 1103.456073]  ? find_held_lock+0x35/0x130
[ 1103.456084]  ? kvm_vcpu_release+0xa0/0xa0
[ 1103.456093]  ? trace_hardirqs_on+0x10/0x10
[ 1103.456105]  ? trace_hardirqs_on+0x10/0x10
[ 1103.456115]  ? __might_fault+0x110/0x1d0
[ 1103.456124]  ? save_trace+0x290/0x290
[ 1103.456147]  ? __might_fault+0x110/0x1d0
[ 1103.491411] Node 0 
[ 1103.499788]  ? __fget+0x210/0x370
[ 1103.499802]  ? find_held_lock+0x35/0x130
[ 1103.499810]  ? __fget+0x210/0x370
[ 1103.499828]  ? kvm_vcpu_release+0xa0/0xa0
[ 1103.503089] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1103.506046]  do_vfs_ioctl+0x7ae/0x1060
[ 1103.506060]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1103.506073]  ? lock_downgrade+0x740/0x740
[ 1103.514697] lowmem_reserve[]:
[ 1103.514884]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1103.526315]  0
[ 1103.527937]  ? __fget+0x237/0x370
[ 1103.527961]  ? security_file_ioctl+0x89/0xb0
[ 1103.557391]  2569
[ 1103.560883]  SyS_ioctl+0x8f/0xc0
[ 1103.560895]  ? do_vfs_ioctl+0x1060/0x1060
[ 1103.560907]  do_syscall_64+0x1e8/0x640
[ 1103.560915]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1103.560931]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1103.560939] RIP: 0033:0x45c429
[ 1103.560944] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1103.560953] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1103.560958] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1103.560963] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1103.560968] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1103.560974] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1103.829399]  2569 2569 2569
[ 1103.836607] Node 0 DMA32 free:31136kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:164kB local_pcp:28kB free_cma:0kB
[ 1103.874668] lowmem_reserve[]: 0 0 0 0 0
[ 1103.879380] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1103.904959] lowmem_reserve[]: 0 0 0 0 0
[ 1103.909126] Node 1 Normal free:1860108kB min:53504kB low:66880kB high:80256kB active_anon:1429692kB inactive_anon:18552kB active_file:55448kB inactive_file:24080kB unevictable:0kB writepending:1032kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13824kB pagetables:27792kB bounce:0kB free_pcp:1260kB local_pcp:740kB free_cma:0kB
[ 1103.940214] lowmem_reserve[]: 0 0 0 0 0
[ 1103.944470] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1103.959726] Node 0 DMA32: 794*4kB (UME) 484*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31160kB
[ 1103.975600] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1103.988198] Node 1 Normal: 264*4kB (UME) 252*8kB (UME) 433*16kB (UME) 363*32kB (UM) 93*64kB (UM) 17*128kB (UME) 21*256kB (UME) 12*512kB (M) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1861936kB
[ 1104.014123] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1104.023088] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:08:51 executing program 4:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {}, {0x0, 0x80}, {0x0, 0x9}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r3 = open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe)

05:08:51 executing program 5:
r0 = memfd_create(&(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r0, 0x0)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x1)
capset(&(0x7f0000000ffc), 0x0)

05:08:51 executing program 0:
r0 = memfd_create(0x0, 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:51 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:51 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:51 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1104.031886] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1104.040851] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1104.049861] 21384 total pagecache pages
[ 1104.053961] 0 pages in swap cache
[ 1104.057809] Swap cache stats: add 0, delete 0, find 0/0
[ 1104.063466] Free swap  = 0kB
[ 1104.066488] Total swap = 0kB
[ 1104.069668] 1965979 pages RAM
[ 1104.073094] 0 pages HighMem/MovableOnly
[ 1104.077093] 335854 pages reserved
[ 1104.081354] 0 pages cma reserved
05:08:51 executing program 0:
r0 = memfd_create(0x0, 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4010aefd, &(0x7f00000003c0)={0x2, 0x0, @ioapic})

05:08:51 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x2}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1104.140754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:51 executing program 0:
r0 = memfd_create(0x0, 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:51 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1104.256527] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1104.295476] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:08:52 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1104.325104] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1104.343821] CPU: 1 PID: 10699 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1104.351788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1104.361156] Call Trace:
[ 1104.363764]  dump_stack+0x142/0x197
[ 1104.367538]  warn_alloc.cold+0x96/0x1af
[ 1104.371533]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1104.376406]  ? wait_for_completion+0x420/0x420
[ 1104.381138]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1104.382246] syz-executor.2: 
[ 1104.386116]  ? warn_alloc+0xf0/0xf0
[ 1104.386146]  ? __might_sleep+0x93/0xb0
[ 1104.389302] page allocation failure: order:0
[ 1104.392830]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1104.392845]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1104.392854]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1104.392875]  alloc_pages_current+0xec/0x1e0
[ 1104.392891]  kvm_mmu_create+0xdf/0x1e0
[ 1104.392905]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1104.396997] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1104.401326]  kvm_vcpu_init+0x272/0x360
[ 1104.401340]  vmx_create_vcpu+0xfc/0x2aa0
[ 1104.401351]  ? mutex_trylock+0x1c0/0x1c0
[ 1104.401367]  ? handle_rdmsr+0x6e0/0x6e0
[ 1104.401376]  ? wait_for_completion+0x420/0x420
[ 1104.401391]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1104.401402]  kvm_vm_ioctl+0x501/0x1600
[ 1104.406157] (null)
[ 1104.411096]  ? __lock_acquire+0x5f7/0x4620
[ 1104.411107]  ? get_unused_fd_flags+0xd0/0xd0
[ 1104.411122]  ? kvm_vcpu_release+0xa0/0xa0
[ 1104.411130]  ? trace_hardirqs_on+0x10/0x10
[ 1104.411144]  ? trace_hardirqs_on+0x10/0x10
[ 1104.411156]  ? __might_fault+0x110/0x1d0
[ 1104.411169]  ? save_trace+0x290/0x290
[ 1104.423671] syz-executor.2 cpuset=
[ 1104.424501]  ? __might_fault+0x110/0x1d0
[ 1104.424515]  ? __fget+0x210/0x370
[ 1104.424529]  ? find_held_lock+0x35/0x130
[ 1104.429374] syz2
[ 1104.434733]  ? __fget+0x210/0x370
[ 1104.438915]  mems_allowed=0-1
[ 1104.442897]  ? kvm_vcpu_release+0xa0/0xa0
[ 1104.442910]  do_vfs_ioctl+0x7ae/0x1060
[ 1104.442925]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1104.532855]  ? lock_downgrade+0x740/0x740
[ 1104.537012]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1104.541535]  ? __fget+0x237/0x370
[ 1104.544990]  ? security_file_ioctl+0x89/0xb0
[ 1104.549407]  SyS_ioctl+0x8f/0xc0
[ 1104.552967]  ? do_vfs_ioctl+0x1060/0x1060
[ 1104.557127]  do_syscall_64+0x1e8/0x640
[ 1104.561020]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1104.565928]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1104.571132] RIP: 0033:0x45c429
[ 1104.574345] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1104.582063] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1104.589337] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1104.596607] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1104.603885] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1104.611157] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1104.618567] CPU: 0 PID: 10693 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1104.626466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1104.635832] Call Trace:
[ 1104.641925]  dump_stack+0x142/0x197
[ 1104.645858]  warn_alloc.cold+0x96/0x1af
[ 1104.649962]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1104.652085] warn_alloc_show_mem: 1 callbacks suppressed
[ 1104.652089] Mem-Info:
[ 1104.654824]  ? wait_for_completion+0x420/0x420
[ 1104.654844]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1104.654867]  ? warn_alloc+0xf0/0xf0
[ 1104.675746]  ? __might_sleep+0x93/0xb0
[ 1104.676189] active_anon:837613 inactive_anon:4834 isolated_anon:0
[ 1104.676189]  active_file:14324 inactive_file:6789 isolated_file:0
[ 1104.676189]  unevictable:0 dirty:289 writeback:0 unstable:0
[ 1104.676189]  slab_reclaimable:17646 slab_unreclaimable:149748
[ 1104.676189]  mapped:59407 shmem:255 pagetables:16911 bounce:0
[ 1104.676189]  free:475190 free_pcp:222 free_cma:0
[ 1104.679819]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1104.679833]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1104.679843]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1104.679870]  alloc_pages_current+0xec/0x1e0
[ 1104.719081] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1104.723614]  kvm_mmu_create+0xdf/0x1e0
[ 1104.723629]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1104.723641]  kvm_vcpu_init+0x272/0x360
[ 1104.723652]  vmx_create_vcpu+0xfc/0x2aa0
[ 1104.723663]  ? mutex_trylock+0x1c0/0x1c0
[ 1104.723680]  ? handle_rdmsr+0x6e0/0x6e0
[ 1104.723688]  ? wait_for_completion+0x420/0x420
[ 1104.723700]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1104.723711]  kvm_vm_ioctl+0x501/0x1600
[ 1104.729679] Node 1 active_anon:1429772kB inactive_anon:18552kB active_file:55440kB inactive_file:24088kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1040kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1104.733105]  ? __lock_acquire+0x5f7/0x4620
[ 1104.733113]  ? find_held_lock+0x35/0x130
[ 1104.733128]  ? kvm_vcpu_release+0xa0/0xa0
[ 1104.733137]  ? trace_hardirqs_on+0x10/0x10
[ 1104.733150]  ? trace_hardirqs_on+0x10/0x10
[ 1104.733161]  ? __might_fault+0x110/0x1d0
[ 1104.733170]  ? save_trace+0x290/0x290
[ 1104.733181]  ? __might_fault+0x110/0x1d0
[ 1104.733192]  ? __fget+0x210/0x370
[ 1104.733200]  ? find_held_lock+0x35/0x130
[ 1104.733209]  ? __fget+0x210/0x370
[ 1104.733221]  ? kvm_vcpu_release+0xa0/0xa0
[ 1104.733232]  do_vfs_ioctl+0x7ae/0x1060
[ 1104.733244]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1104.733252]  ? lock_downgrade+0x740/0x740
[ 1104.733263]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1104.733275]  ? __fget+0x237/0x370
[ 1104.733290]  ? security_file_ioctl+0x89/0xb0
[ 1104.733300]  SyS_ioctl+0x8f/0xc0
[ 1104.733313]  ? do_vfs_ioctl+0x1060/0x1060
[ 1104.766514] Node 0 
[ 1104.769979]  do_syscall_64+0x1e8/0x640
[ 1104.769992]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1104.770009]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1104.774709] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1104.778052] RIP: 0033:0x45c429
[ 1104.778059] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1104.778069] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1104.778074] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1104.778078] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1104.778084] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1104.778090] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1105.002116] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1105.007198] Node 0 DMA32 free:31216kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:104kB local_pcp:68kB free_cma:0kB
[ 1105.039348] lowmem_reserve[]: 0 0 0 0 0
[ 1105.043936] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1105.070144] lowmem_reserve[]: 0 0 0 0 0
[ 1105.074172] Node 1 Normal free:1859156kB min:53504kB low:66880kB high:80256kB active_anon:1429576kB inactive_anon:18556kB active_file:55440kB inactive_file:24088kB unevictable:0kB writepending:1048kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27864kB bounce:0kB free_pcp:1068kB local_pcp:328kB free_cma:0kB
[ 1105.105043] lowmem_reserve[]: 0 0 0 0 0
[ 1105.109071] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1105.123647] Node 0 DMA32: 794*4kB (UME) 491*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31216kB
[ 1105.147838] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1105.159852] Node 1 Normal: 276*4kB (UME) 104*8kB (UME) 390*16kB (UME) 362*32kB (UM) 94*64kB (UM) 16*128kB (ME) 18*256kB (UME) 12*512kB (M) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1859248kB
[ 1105.178593] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1105.187790] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1105.196752] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1105.205710] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1105.214488] 21394 total pagecache pages
[ 1105.218502] 0 pages in swap cache
[ 1105.222006] Swap cache stats: add 0, delete 0, find 0/0
05:08:52 executing program 4:

05:08:52 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x9}, {0x0, 0x10000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9c}, {}, {}, {}, 0xa0000029, 0x0, 0x0, 0x0, 0x0, 0x4100})

05:08:52 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:52 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:08:52 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1105.227392] Free swap  = 0kB
[ 1105.230514] Total swap = 0kB
[ 1105.233561] 1965979 pages RAM
[ 1105.236650] 0 pages HighMem/MovableOnly
[ 1105.240802] 335854 pages reserved
[ 1105.244391] 0 pages cma reserved
[ 1105.283765] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:53 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:53 executing program 4:

[ 1105.329434] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1105.342248] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1105.376718] CPU: 1 PID: 10737 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1105.384775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1105.394141] Call Trace:
[ 1105.396901]  dump_stack+0x142/0x197
[ 1105.400549]  warn_alloc.cold+0x96/0x1af
[ 1105.404538]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1105.409438]  ? wait_for_completion+0x420/0x420
[ 1105.414044]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1105.418922]  ? warn_alloc+0xf0/0xf0
[ 1105.422760]  ? __might_sleep+0x93/0xb0
[ 1105.426755]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1105.431442]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1105.434624] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1105.436495]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1105.436518]  alloc_pages_current+0xec/0x1e0
[ 1105.436533]  kvm_mmu_create+0xdf/0x1e0
[ 1105.458624]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1105.462961]  kvm_vcpu_init+0x272/0x360
[ 1105.466874]  vmx_create_vcpu+0xfc/0x2aa0
[ 1105.470948]  ? mutex_trylock+0x1c0/0x1c0
[ 1105.475035]  ? handle_rdmsr+0x6e0/0x6e0
[ 1105.479551]  ? wait_for_completion+0x420/0x420
[ 1105.484159]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1105.488512]  kvm_vm_ioctl+0x501/0x1600
[ 1105.492420]  ? __lock_acquire+0x5f7/0x4620
[ 1105.494850] syz-executor.2: 
[ 1105.497271]  ? get_unused_fd_flags+0xd0/0xd0
[ 1105.497280] page allocation failure: order:0
[ 1105.500305]  ? kvm_vcpu_release+0xa0/0xa0
[ 1105.500318]  ? trace_hardirqs_on+0x10/0x10
[ 1105.500330]  ? trace_hardirqs_on+0x10/0x10
[ 1105.500341]  ? __might_fault+0x110/0x1d0
[ 1105.500350]  ? save_trace+0x290/0x290
[ 1105.500358]  ? __might_fault+0x110/0x1d0
[ 1105.500372]  ? __fget+0x210/0x370
[ 1105.504904] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1105.509305]  ? find_held_lock+0x35/0x130
[ 1105.509318]  ? __fget+0x210/0x370
[ 1105.509331]  ? kvm_vcpu_release+0xa0/0xa0
[ 1105.509341]  do_vfs_ioctl+0x7ae/0x1060
[ 1105.509358]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1105.513621] (null)
[ 1105.517853]  ? lock_downgrade+0x740/0x740
[ 1105.517867]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1105.517880]  ? __fget+0x237/0x370
[ 1105.517896]  ? security_file_ioctl+0x89/0xb0
[ 1105.522214] syz-executor.2 cpuset=
[ 1105.526209]  SyS_ioctl+0x8f/0xc0
[ 1105.526221]  ? do_vfs_ioctl+0x1060/0x1060
[ 1105.526235]  do_syscall_64+0x1e8/0x640
[ 1105.530129] syz2
[ 1105.534107]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1105.537671]  mems_allowed=0-1
[ 1105.543438]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1105.543448] RIP: 0033:0x45c429
[ 1105.543453] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1105.624374] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1105.631734] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1105.640568] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1105.647833] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1105.655235] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1105.662544] CPU: 0 PID: 10735 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1105.670533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1105.680024] Call Trace:
[ 1105.682652]  dump_stack+0x142/0x197
[ 1105.686303]  warn_alloc.cold+0x96/0x1af
[ 1105.690294]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1105.695162]  ? wait_for_completion+0x420/0x420
[ 1105.699763]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1105.700246] warn_alloc_show_mem: 1 callbacks suppressed
[ 1105.700249] Mem-Info:
[ 1105.704636]  ? warn_alloc+0xf0/0xf0
[ 1105.704659]  ? __might_sleep+0x93/0xb0
[ 1105.704671]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1105.714076] active_anon:837613 inactive_anon:4834 isolated_anon:0
[ 1105.714076]  active_file:14324 inactive_file:6808 isolated_file:0
[ 1105.714076]  unevictable:0 dirty:304 writeback:0 unstable:0
[ 1105.714076]  slab_reclaimable:17623 slab_unreclaimable:149322
[ 1105.714076]  mapped:59407 shmem:255 pagetables:16911 bounce:0
[ 1105.714076]  free:475556 free_pcp:269 free_cma:0
[ 1105.716158]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1105.716171]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1105.716193]  alloc_pages_current+0xec/0x1e0
[ 1105.716208]  kvm_mmu_create+0xdf/0x1e0
05:08:53 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:53 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x10, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:53 executing program 4:

[ 1105.721054] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1105.724875]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1105.724891]  kvm_vcpu_init+0x272/0x360
[ 1105.724902]  vmx_create_vcpu+0xfc/0x2aa0
[ 1105.724929]  ? mutex_trylock+0x1c0/0x1c0
[ 1105.766045] Node 1 active_anon:1429772kB inactive_anon:18552kB active_file:55440kB inactive_file:24136kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1096kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1105.769015]  ? handle_rdmsr+0x6e0/0x6e0
[ 1105.769031]  ? wait_for_completion+0x420/0x420
[ 1105.769046]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1105.769060]  kvm_vm_ioctl+0x501/0x1600
[ 1105.774230] Node 0 
[ 1105.777265]  ? __lock_acquire+0x5f7/0x4620
05:08:53 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x10, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:53 executing program 4:

[ 1105.777274]  ? find_held_lock+0x35/0x130
[ 1105.777290]  ? kvm_vcpu_release+0xa0/0xa0
[ 1105.777301]  ? trace_hardirqs_on+0x10/0x10
[ 1105.810886] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1105.813915]  ? trace_hardirqs_on+0x10/0x10
[ 1105.813930]  ? __might_fault+0x110/0x1d0
[ 1105.813941]  ? save_trace+0x290/0x290
[ 1105.813951]  ? __might_fault+0x110/0x1d0
[ 1105.813967]  ? __fget+0x210/0x370
[ 1105.818133] lowmem_reserve[]:
[ 1105.822446]  ? find_held_lock+0x35/0x130
[ 1105.822458]  ? __fget+0x210/0x370
[ 1105.822473]  ? kvm_vcpu_release+0xa0/0xa0
[ 1105.822483]  do_vfs_ioctl+0x7ae/0x1060
[ 1105.822495]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1105.822502]  ? lock_downgrade+0x740/0x740
[ 1105.822513]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1105.822523]  ? __fget+0x237/0x370
[ 1105.822538]  ? security_file_ioctl+0x89/0xb0
[ 1105.822548]  SyS_ioctl+0x8f/0xc0
[ 1105.822557]  ? do_vfs_ioctl+0x1060/0x1060
[ 1105.822570]  do_syscall_64+0x1e8/0x640
[ 1105.822580]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1105.822596]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1105.822604] RIP: 0033:0x45c429
[ 1105.822609] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1105.822619] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1105.822624] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1105.822629] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1105.822634] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1105.822639] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1105.909893] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1105.916482]  0 2569 2569 2569 2569
[ 1106.061012] Node 0 DMA32 free:31216kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:120kB local_pcp:84kB free_cma:0kB
[ 1106.093805] lowmem_reserve[]: 0 0 0 0 0
[ 1106.097835] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1106.138297] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1106.143535] lowmem_reserve[]: 0 0 0 0 0
[ 1106.149734] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1106.162128] Node 1 Normal free:1860556kB min:53504kB low:66880kB high:80256kB active_anon:1429492kB inactive_anon:18544kB active_file:55444kB inactive_file:24172kB unevictable:0kB writepending:1136kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13760kB pagetables:27848kB bounce:0kB free_pcp:1260kB local_pcp:668kB free_cma:0kB
[ 1106.163250] CPU: 1 PID: 10767 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1106.194086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1106.194092] Call Trace:
[ 1106.194113]  dump_stack+0x142/0x197
[ 1106.194127]  warn_alloc.cold+0x96/0x1af
[ 1106.194136]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1106.194153]  ? wait_for_completion+0x420/0x420
[ 1106.194166]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1106.194189]  ? warn_alloc+0xf0/0xf0
[ 1106.194207]  ? __might_sleep+0x93/0xb0
[ 1106.194219]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1106.194231]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1106.194241]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1106.194260]  alloc_pages_current+0xec/0x1e0
[ 1106.194275]  kvm_mmu_create+0xdf/0x1e0
[ 1106.194290]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1106.194303]  kvm_vcpu_init+0x272/0x360
[ 1106.194316]  vmx_create_vcpu+0xfc/0x2aa0
[ 1106.194325]  ? mutex_trylock+0x1c0/0x1c0
[ 1106.194341]  ? handle_rdmsr+0x6e0/0x6e0
[ 1106.194350]  ? wait_for_completion+0x420/0x420
[ 1106.194362]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1106.194373]  kvm_vm_ioctl+0x501/0x1600
[ 1106.194383]  ? __lock_acquire+0x5f7/0x4620
[ 1106.194395]  ? kvm_vcpu_release+0xa0/0xa0
[ 1106.194406]  ? trace_hardirqs_on+0x10/0x10
[ 1106.221808] lowmem_reserve[]:
[ 1106.221974]  ? trace_hardirqs_on+0x10/0x10
[ 1106.227035]  0
[ 1106.231726]  ? __might_fault+0x110/0x1d0
[ 1106.231740]  ? save_trace+0x290/0x290
[ 1106.231748]  ? __might_fault+0x110/0x1d0
[ 1106.231759]  ? __fget+0x210/0x370
[ 1106.231769]  ? find_held_lock+0x35/0x130
[ 1106.231777]  ? __fget+0x210/0x370
[ 1106.231789]  ? kvm_vcpu_release+0xa0/0xa0
[ 1106.231803]  do_vfs_ioctl+0x7ae/0x1060
[ 1106.236703]  0
[ 1106.240279]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1106.240290]  ? lock_downgrade+0x740/0x740
[ 1106.240302]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1106.240314]  ? __fget+0x237/0x370
[ 1106.240330]  ? security_file_ioctl+0x89/0xb0
[ 1106.240346]  SyS_ioctl+0x8f/0xc0
[ 1106.244709]  0
[ 1106.248901]  ? do_vfs_ioctl+0x1060/0x1060
[ 1106.248915]  do_syscall_64+0x1e8/0x640
[ 1106.248924]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1106.248939]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1106.248950] RIP: 0033:0x45c429
[ 1106.254038]  0
[ 1106.258965] RSP: 002b:00007f7d63f2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1106.258977] RAX: ffffffffffffffda RBX: 00007f7d63f2c6d4 RCX: 000000000045c429
[ 1106.258982] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1106.258987] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000
[ 1106.258991] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1106.258997] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076c06c
[ 1106.452207]  0
[ 1106.452216] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1106.452290] Node 0 DMA32: 794*4kB (UME) 494*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31240kB
[ 1106.484407] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1106.495497] Node 1 Normal: 338*4kB (UM) 150*8kB (UME) 411*16kB (UME) 363*32kB (UM) 98*64kB (UM) 17*128kB (UME) 19*256kB (UME) 12*512kB (M) 4*1024kB (UME) 3*2048kB (UME) 442*4096kB (M) = 1860872kB
[ 1106.513868] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1106.522852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1106.531595] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:08:54 executing program 5:

05:08:54 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:54 executing program 4:

05:08:54 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x10, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:54 executing program 2:
getpid()
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:54 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1106.540520] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1106.549105] 21410 total pagecache pages
[ 1106.553401] 0 pages in swap cache
[ 1106.556967] Swap cache stats: add 0, delete 0, find 0/0
[ 1106.562542] Free swap  = 0kB
[ 1106.565654] Total swap = 0kB
[ 1106.568911] 1965979 pages RAM
[ 1106.572108] 0 pages HighMem/MovableOnly
[ 1106.576084] 335854 pages reserved
[ 1106.579541] 0 pages cma reserved
05:08:54 executing program 5:

05:08:54 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

[ 1106.627065] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:54 executing program 4:

05:08:54 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:54 executing program 2:
getpid()
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:54 executing program 5:

05:08:54 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:54 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:54 executing program 4:

05:08:54 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:54 executing program 5:

05:08:54 executing program 4:

05:08:54 executing program 5:

05:08:54 executing program 2:
getpid()
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:54 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:54 executing program 0:
memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0)

05:08:54 executing program 4:

05:08:54 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:54 executing program 5:

05:08:54 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:54 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

05:08:54 executing program 4:

05:08:54 executing program 5:

05:08:55 executing program 2:
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:55 executing program 4:

05:08:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:55 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:55 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

05:08:55 executing program 5:

05:08:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:55 executing program 4:

05:08:55 executing program 5:

05:08:55 executing program 0:
r0 = memfd_create(&(0x7f00000000c0)='\xc0\xc1\xfa\xd3>\xe0\xba\xd3\xb1\v\xb77Q\x1e\xdd\xa3\x9f\xd4\xe7`\x04\xfcmJ\x8a\x10\xc1\xe9n\x1a\x02\x9aN\xa1#', 0x4)
mmap(&(0x7f0000200000/0x400000)=nil, 0x519000, 0x0, 0x2012, r0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

05:08:55 executing program 4:

05:08:55 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1107.596948] nla_parse: 5 callbacks suppressed
[ 1107.596955] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:55 executing program 2:
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:55 executing program 5:

05:08:55 executing program 0:

05:08:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
creat(0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:55 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="0f8304b77235455963caeb85a7e95558d0e958c8f206eef1d80c7edf87aa4a"], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:08:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x6}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x380, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000080)={0xf000, 0x116000})
symlinkat(0x0, r2, &(0x7f00000000c0)='./file0\x00')
ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000000)=0x2)
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000180)={0x9, @sdr={0x584e4f53, 0x1}})

[ 1107.853800] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:08:55 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a3000500", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:55 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:55 executing program 4:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

[ 1108.025299] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:08:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {0x6}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
socket$inet_udplite(0x2, 0x2, 0x88)

[ 1108.079627] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1108.089669] CPU: 0 PID: 10890 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1108.097601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1108.107075] Call Trace:
[ 1108.109343] syz-executor.2: page allocation failure: order:0
[ 1108.109763]  dump_stack+0x142/0x197
[ 1108.109778]  warn_alloc.cold+0x96/0x1af
[ 1108.118060] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1108.119394]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1108.119416]  ? wait_for_completion+0x420/0x420
[ 1108.119433]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1108.126678] (null)
[ 1108.129315]  ? warn_alloc+0xf0/0xf0
[ 1108.129338]  ? __might_sleep+0x93/0xb0
[ 1108.136047] syz-executor.2 cpuset=
[ 1108.138904]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1108.138918]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1108.138929]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1108.138949]  alloc_pages_current+0xec/0x1e0
[ 1108.144015] syz2
[ 1108.145953]  kvm_mmu_create+0xdf/0x1e0
[ 1108.149766]  mems_allowed=0-1
[ 1108.153536]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1108.153551]  kvm_vcpu_init+0x272/0x360
[ 1108.153564]  vmx_create_vcpu+0xfc/0x2aa0
[ 1108.153576]  ? mutex_trylock+0x1c0/0x1c0
[ 1108.153593]  ? handle_rdmsr+0x6e0/0x6e0
[ 1108.153601]  ? wait_for_completion+0x420/0x420
[ 1108.153614]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1108.153625]  kvm_vm_ioctl+0x501/0x1600
[ 1108.153635]  ? __lock_acquire+0x5f7/0x4620
[ 1108.153646]  ? get_unused_fd_flags+0xd0/0xd0
[ 1108.153658]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.153666]  ? trace_hardirqs_on+0x10/0x10
[ 1108.153680]  ? trace_hardirqs_on+0x10/0x10
[ 1108.239793]  ? __might_fault+0x110/0x1d0
[ 1108.244025]  ? save_trace+0x290/0x290
[ 1108.247830]  ? __might_fault+0x110/0x1d0
[ 1108.251976]  ? __fget+0x210/0x370
[ 1108.255508]  ? find_held_lock+0x35/0x130
[ 1108.259575]  ? __fget+0x210/0x370
[ 1108.263027]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.267170]  do_vfs_ioctl+0x7ae/0x1060
[ 1108.271064]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1108.275840]  ? lock_downgrade+0x740/0x740
[ 1108.279994]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1108.283163] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1108.284416]  ? __fget+0x237/0x370
[ 1108.284437]  ? security_file_ioctl+0x89/0xb0
[ 1108.284451]  SyS_ioctl+0x8f/0xc0
[ 1108.284459]  ? do_vfs_ioctl+0x1060/0x1060
[ 1108.284474]  do_syscall_64+0x1e8/0x640
[ 1108.312747]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1108.317593]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1108.322781] RIP: 0033:0x45c429
[ 1108.325964] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1108.333669] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1108.340956] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1108.348240] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1108.355541] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1108.362820] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1108.377984] CPU: 1 PID: 10900 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1108.385907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1108.395782] warn_alloc_show_mem: 2 callbacks suppressed
[ 1108.395786] Mem-Info:
[ 1108.395979] Call Trace:
[ 1108.401499] active_anon:837639 inactive_anon:4833 isolated_anon:0
[ 1108.401499]  active_file:14326 inactive_file:6825 isolated_file:0
[ 1108.401499]  unevictable:0 dirty:321 writeback:0 unstable:0
[ 1108.401499]  slab_reclaimable:17612 slab_unreclaimable:149957
[ 1108.401499]  mapped:59409 shmem:255 pagetables:16930 bounce:0
[ 1108.401499]  free:474880 free_pcp:250 free_cma:0
[ 1108.403777]  dump_stack+0x142/0x197
[ 1108.403793]  warn_alloc.cold+0x96/0x1af
[ 1108.403803]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1108.403822]  ? wait_for_completion+0x420/0x420
[ 1108.406578] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1108.440520]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1108.440545]  ? warn_alloc+0xf0/0xf0
[ 1108.440564]  ? __might_sleep+0x93/0xb0
[ 1108.440574]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1108.440585]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1108.440609]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1108.440628]  alloc_pages_current+0xec/0x1e0
[ 1108.445008] Node 1 active_anon:1429876kB inactive_anon:18548kB active_file:55448kB inactive_file:24204kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26900kB dirty:1164kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1108.448454]  kvm_mmu_create+0xdf/0x1e0
[ 1108.448469]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1108.448483]  kvm_vcpu_init+0x272/0x360
[ 1108.448494]  vmx_create_vcpu+0xfc/0x2aa0
[ 1108.448504]  ? mutex_trylock+0x1c0/0x1c0
[ 1108.448520]  ? handle_rdmsr+0x6e0/0x6e0
[ 1108.453563] Node 0 
[ 1108.458024]  ? wait_for_completion+0x420/0x420
[ 1108.458041]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1108.458054]  kvm_vm_ioctl+0x501/0x1600
[ 1108.458068]  ? __lock_acquire+0x5f7/0x4620
[ 1108.487173] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1108.491466]  ? find_held_lock+0x35/0x130
[ 1108.491484]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.491493]  ? trace_hardirqs_on+0x10/0x10
[ 1108.491505]  ? trace_hardirqs_on+0x10/0x10
[ 1108.491518]  ? __might_fault+0x110/0x1d0
[ 1108.491527]  ? save_trace+0x290/0x290
[ 1108.491536]  ? __might_fault+0x110/0x1d0
[ 1108.491547]  ? __fget+0x210/0x370
[ 1108.491558]  ? find_held_lock+0x35/0x130
[ 1108.495275] lowmem_reserve[]:
[ 1108.499230]  ? __fget+0x210/0x370
[ 1108.499245]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.499256]  do_vfs_ioctl+0x7ae/0x1060
[ 1108.499269]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1108.499282]  ? lock_downgrade+0x740/0x740
[ 1108.504607]  0
[ 1108.508966]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1108.508980]  ? __fget+0x237/0x370
[ 1108.508997]  ? security_file_ioctl+0x89/0xb0
[ 1108.509008]  SyS_ioctl+0x8f/0xc0
[ 1108.514156]  2569
[ 1108.518375]  ? do_vfs_ioctl+0x1060/0x1060
[ 1108.518390]  do_syscall_64+0x1e8/0x640
[ 1108.518400]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1108.518415]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1108.518423] RIP: 0033:0x45c429
[ 1108.518439] RSP: 002b:00007f8362ecac78 EFLAGS: 00000246
[ 1108.546982]  2569
[ 1108.550309]  ORIG_RAX: 0000000000000010
[ 1108.550316] RAX: ffffffffffffffda RBX: 00007f8362ecb6d4 RCX: 000000000045c429
[ 1108.550321] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1108.550327] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1108.550332] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1108.550338] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1108.589848] syz-executor.4: 
[ 1108.618364]  2569
[ 1108.639036] page allocation failure: order:0
[ 1108.640841]  2569
[ 1108.647529] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1108.664460] (null)
[ 1108.671297] Node 0 
[ 1108.676732] syz-executor.4 cpuset=
[ 1108.693761] DMA32 free:31352kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:156kB local_pcp:52kB free_cma:0kB
[ 1108.703215] syz4
[ 1108.718695] lowmem_reserve[]:
[ 1108.725526]  mems_allowed=0-1
[ 1108.727451]  0
[ 1108.734549] CPU: 1 PID: 10910 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1108.744821]  0
[ 1108.747545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1108.747552] Call Trace:
[ 1108.747572]  dump_stack+0x142/0x197
[ 1108.747587]  warn_alloc.cold+0x96/0x1af
[ 1108.747596]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1108.747614]  ? wait_for_completion+0x420/0x420
[ 1108.755019]  0
[ 1108.762274]  __alloc_pages_slowpath+0x23c6/0x2930
05:08:56 executing program 2:
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:56 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {}, {0x0, 0x8}, {}, {}, {}, {0xfc}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:56 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1108.762301]  ? warn_alloc+0xf0/0xf0
[ 1108.762319]  ? __might_sleep+0x93/0xb0
[ 1108.762330]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1108.762342]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1108.762356]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1108.769723]  0
[ 1108.772742]  alloc_pages_current+0xec/0x1e0
[ 1108.772759]  kvm_mmu_create+0xdf/0x1e0
[ 1108.774899]  0
[ 1108.779502]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1108.779517]  kvm_vcpu_init+0x272/0x360
[ 1108.779529]  vmx_create_vcpu+0xfc/0x2aa0
[ 1108.779538]  ? mutex_trylock+0x1c0/0x1c0
[ 1108.779555]  ? handle_rdmsr+0x6e0/0x6e0
[ 1108.787785]  ? wait_for_completion+0x420/0x420
[ 1108.787803]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1108.787816]  kvm_vm_ioctl+0x501/0x1600
[ 1108.787831]  ? __lock_acquire+0x5f7/0x4620
[ 1108.790656] Node 0 
[ 1108.792204]  ? find_held_lock+0x35/0x130
[ 1108.792220]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.792233]  ? trace_hardirqs_on+0x10/0x10
[ 1108.797197] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1108.824802]  ? trace_hardirqs_on+0x10/0x10
[ 1108.824816]  ? __might_fault+0x110/0x1d0
[ 1108.824825]  ? save_trace+0x290/0x290
[ 1108.824833]  ? __might_fault+0x110/0x1d0
[ 1108.824845]  ? __fget+0x210/0x370
[ 1108.824854]  ? find_held_lock+0x35/0x130
[ 1108.824863]  ? __fget+0x210/0x370
[ 1108.824875]  ? kvm_vcpu_release+0xa0/0xa0
[ 1108.824888]  do_vfs_ioctl+0x7ae/0x1060
[ 1108.826959] lowmem_reserve[]:
[ 1108.829997]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1108.830008]  ? lock_downgrade+0x740/0x740
[ 1108.830019]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1108.830031]  ? __fget+0x237/0x370
[ 1108.830048]  ? security_file_ioctl+0x89/0xb0
[ 1108.830059]  SyS_ioctl+0x8f/0xc0
[ 1108.830068]  ? do_vfs_ioctl+0x1060/0x1060
[ 1108.830082]  do_syscall_64+0x1e8/0x640
[ 1108.833260]  0
[ 1108.834994]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1108.835014]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1108.835022] RIP: 0033:0x45c429
[ 1108.835031] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246
[ 1108.843718]  0
[ 1108.845363]  ORIG_RAX: 0000000000000010
[ 1108.845369] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1108.845375] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1108.845380] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1108.845387] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1108.845392] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1108.875620] syz-executor.4: 
[ 1108.882004]  0
[ 1108.892468] page allocation failure: order:0
[ 1108.909185]  0
[ 1108.944231] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1108.963860]  0
[ 1108.985523] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1109.019620] (null)
[ 1109.027938] Node 1 
[ 1109.034000] syz-executor.5: 
05:08:56 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000))
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:56 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1109.036644] Normal free:1855628kB min:53504kB low:66880kB high:80256kB active_anon:1429976kB inactive_anon:18548kB active_file:55448kB inactive_file:24204kB unevictable:0kB writepending:1164kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14144kB pagetables:28104kB bounce:0kB free_pcp:752kB local_pcp:204kB free_cma:0kB
[ 1109.041961] syz-executor.4 cpuset=
[ 1109.054474] lowmem_reserve[]:
[ 1109.064822] page allocation failure: order:0
[ 1109.072446]  0
[ 1109.095865] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1109.116876] syz-executor.2: 
[ 1109.126864] syz4
[ 1109.170800]  0
[ 1109.203694] (null)
[ 1109.223431] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1109.234503] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1109.248938] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1109.256341] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1109.266647] CPU: 1 PID: 10939 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1109.274577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1109.280402]  0
[ 1109.284553] Call Trace:
[ 1109.284580]  dump_stack+0x142/0x197
[ 1109.284596]  warn_alloc.cold+0x96/0x1af
[ 1109.284607]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1109.284626]  ? wait_for_completion+0x420/0x420
[ 1109.284642]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1109.284663]  ? warn_alloc+0xf0/0xf0
[ 1109.292002]  0
[ 1109.292758]  ? __might_sleep+0x93/0xb0
[ 1109.302482]  0
[ 1109.306242]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1109.306258]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1109.306270]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1109.306293]  alloc_pages_current+0xec/0x1e0
[ 1109.306309]  kvm_mmu_create+0xdf/0x1e0
[ 1109.322400]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1109.322417]  kvm_vcpu_init+0x272/0x360
[ 1109.322431]  vmx_create_vcpu+0xfc/0x2aa0
[ 1109.322442]  ? mutex_trylock+0x1c0/0x1c0
[ 1109.322458]  ? handle_rdmsr+0x6e0/0x6e0
[ 1109.328454] Node 0 
[ 1109.332244]  ? wait_for_completion+0x420/0x420
[ 1109.332263]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1109.332279]  kvm_vm_ioctl+0x501/0x1600
[ 1109.332289]  ? __lock_acquire+0x5f7/0x4620
[ 1109.332299]  ? get_unused_fd_flags+0xd0/0xd0
[ 1109.332316]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.342198] DMA: 
[ 1109.345737]  ? trace_hardirqs_on+0x10/0x10
[ 1109.345755]  ? trace_hardirqs_on+0x10/0x10
[ 1109.345768]  ? __might_fault+0x110/0x1d0
[ 1109.345780]  ? save_trace+0x290/0x290
[ 1109.345789]  ? __might_fault+0x110/0x1d0
[ 1109.345802]  ? __fget+0x210/0x370
[ 1109.359325] 12*4kB 
[ 1109.362105]  ? find_held_lock+0x35/0x130
[ 1109.362117]  ? __fget+0x210/0x370
[ 1109.362132]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.362144]  do_vfs_ioctl+0x7ae/0x1060
[ 1109.362158]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1109.362167]  ? lock_downgrade+0x740/0x740
[ 1109.362178]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1109.362189]  ? __fget+0x237/0x370
[ 1109.370634] (UM) 
[ 1109.373017]  ? security_file_ioctl+0x89/0xb0
[ 1109.373034]  SyS_ioctl+0x8f/0xc0
[ 1109.373045]  ? do_vfs_ioctl+0x1060/0x1060
[ 1109.373059]  do_syscall_64+0x1e8/0x640
[ 1109.373069]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1109.373089]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1109.379809] 6*8kB 
[ 1109.381290] RIP: 0033:0x45c429
[ 1109.381296] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.381306] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1109.381311] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1109.381316] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1109.381321] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1109.381326] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1109.390484]  mems_allowed=0-1
[ 1109.406866] CPU: 0 PID: 10942 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1109.483913] warn_alloc_show_mem: 2 callbacks suppressed
[ 1109.483917] Mem-Info:
[ 1109.485162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1109.485167] Call Trace:
[ 1109.485187]  dump_stack+0x142/0x197
[ 1109.490547] active_anon:837662 inactive_anon:4834 isolated_anon:0
[ 1109.490547]  active_file:14326 inactive_file:6846 isolated_file:0
[ 1109.490547]  unevictable:0 dirty:324 writeback:0 unstable:0
[ 1109.490547]  slab_reclaimable:17635 slab_unreclaimable:150413
[ 1109.490547]  mapped:59409 shmem:255 pagetables:16921 bounce:0
[ 1109.490547]  free:474358 free_pcp:293 free_cma:0
[ 1109.497115]  warn_alloc.cold+0x96/0x1af
[ 1109.497127]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1109.528144] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1109.533562]  ? wait_for_completion+0x420/0x420
[ 1109.533579]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1109.533605]  ? warn_alloc+0xf0/0xf0
[ 1109.543266] Node 1 active_anon:1429968kB inactive_anon:18552kB active_file:55448kB inactive_file:24260kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26900kB dirty:1176kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1109.544669]  ? __might_sleep+0x93/0xb0
[ 1109.544683]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1109.556648] Node 0 
[ 1109.561783]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1109.561794]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1109.561815]  alloc_pages_current+0xec/0x1e0
[ 1109.561830]  kvm_mmu_create+0xdf/0x1e0
[ 1109.561842]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1109.561855]  kvm_vcpu_init+0x272/0x360
[ 1109.561867]  vmx_create_vcpu+0xfc/0x2aa0
[ 1109.569902] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1109.602324]  ? mutex_trylock+0x1c0/0x1c0
[ 1109.602346]  ? handle_rdmsr+0x6e0/0x6e0
[ 1109.602355]  ? wait_for_completion+0x420/0x420
[ 1109.602374]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1109.602386]  kvm_vm_ioctl+0x501/0x1600
[ 1109.602396]  ? __lock_acquire+0x5f7/0x4620
[ 1109.602405]  ? get_unused_fd_flags+0xd0/0xd0
[ 1109.602424]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.602433]  ? trace_hardirqs_on+0x10/0x10
[ 1109.602448]  ? trace_hardirqs_on+0x10/0x10
[ 1109.602459]  ? __might_fault+0x110/0x1d0
[ 1109.602469]  ? save_trace+0x290/0x290
[ 1109.602479]  ? __might_fault+0x110/0x1d0
[ 1109.602488]  ? __fget+0x210/0x370
[ 1109.602497]  ? find_held_lock+0x35/0x130
[ 1109.602505]  ? __fget+0x210/0x370
[ 1109.602515]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.602525]  do_vfs_ioctl+0x7ae/0x1060
[ 1109.602547]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1109.617466] (UM) 
[ 1109.639889]  ? lock_downgrade+0x740/0x740
[ 1109.639905]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1109.639916]  ? __fget+0x237/0x370
[ 1109.639932]  ? security_file_ioctl+0x89/0xb0
[ 1109.639943]  SyS_ioctl+0x8f/0xc0
[ 1109.639952]  ? do_vfs_ioctl+0x1060/0x1060
[ 1109.639964]  do_syscall_64+0x1e8/0x640
[ 1109.639973]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1109.639990]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1109.639998] RIP: 0033:0x45c429
[ 1109.640003] RSP: 002b:00007f8362ecac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.640013] RAX: ffffffffffffffda RBX: 00007f8362ecb6d4 RCX: 000000000045c429
[ 1109.640019] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1109.640025] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1109.640030] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1109.640035] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1109.696984] lowmem_reserve[]:
[ 1109.698532] CPU: 1 PID: 10910 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1109.702390]  0
[ 1109.706464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1109.706469] Call Trace:
[ 1109.706487]  dump_stack+0x142/0x197
[ 1109.706503]  warn_alloc.cold+0x96/0x1af
[ 1109.706513]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1109.706531]  ? wait_for_completion+0x420/0x420
[ 1109.710548]  2569
[ 1109.714730]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1109.714757]  ? warn_alloc+0xf0/0xf0
[ 1109.714776]  ? __might_sleep+0x93/0xb0
[ 1109.714788]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1109.718810]  2569
[ 1109.722728]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1109.722741]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1109.722765]  alloc_pages_current+0xec/0x1e0
[ 1109.722779]  kvm_mmu_create+0xdf/0x1e0
[ 1109.722793]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1109.722808]  kvm_vcpu_init+0x272/0x360
[ 1109.749559]  2569
[ 1109.753025]  vmx_create_vcpu+0xfc/0x2aa0
[ 1109.753038]  ? mutex_trylock+0x1c0/0x1c0
[ 1109.753057]  ? handle_rdmsr+0x6e0/0x6e0
[ 1109.753068]  ? wait_for_completion+0x420/0x420
[ 1109.753084]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1109.753098]  kvm_vm_ioctl+0x501/0x1600
[ 1109.757187]  2569
[ 1109.761624]  ? __lock_acquire+0x5f7/0x4620
[ 1109.761635]  ? get_unused_fd_flags+0xd0/0xd0
[ 1109.761649]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.761659]  ? trace_hardirqs_on+0x10/0x10
[ 1109.761676]  ? trace_hardirqs_on+0x10/0x10
[ 1109.761688]  ? __might_fault+0x110/0x1d0
[ 1109.761698]  ? save_trace+0x290/0x290
[ 1109.761708]  ? __might_fault+0x110/0x1d0
[ 1109.761717]  ? __fget+0x210/0x370
[ 1109.761729]  ? find_held_lock+0x35/0x130
[ 1109.769916]  ? __fget+0x210/0x370
[ 1109.769931]  ? kvm_vcpu_release+0xa0/0xa0
[ 1109.769942]  do_vfs_ioctl+0x7ae/0x1060
[ 1109.769956]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1109.769964]  ? lock_downgrade+0x740/0x740
[ 1109.769974]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1109.769988]  ? __fget+0x237/0x370
[ 1109.774371] Node 0 
[ 1109.778627]  ? security_file_ioctl+0x89/0xb0
[ 1109.778642]  SyS_ioctl+0x8f/0xc0
[ 1109.778652]  ? do_vfs_ioctl+0x1060/0x1060
[ 1109.778665]  do_syscall_64+0x1e8/0x640
[ 1109.778674]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1109.778691]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1109.787081] DMA32 free:31352kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:172kB local_pcp:52kB free_cma:0kB
[ 1109.791276] RIP: 0033:0x45c429
[ 1109.791281] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.791292] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1109.791298] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1109.791304] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1109.791311] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1109.791317] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1109.791683] 1*16kB 
[ 1109.795923] lowmem_reserve[]:
[ 1109.799202] (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1109.799258] Node 0 DMA32: 794*4kB (UME) 508*8kB (UMH) 
[ 1109.817287]  0
[ 1109.834298] 365*16kB 
[ 1109.859598]  0
[ 1109.929549] (UMH) 
[ 1109.953205]  0
[ 1109.977403] 327*32kB 
[ 1109.978295]  0
[ 1109.985318] (UM) 
[ 1109.985553]  0
[ 1109.992143] 86*64kB 
[ 1109.998774] (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31352kB
[ 1109.998812] Node 0 Normal: 0*4kB 
[ 1110.003480] Node 0 
[ 1110.011898] 0*8kB 
[ 1110.013719] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1110.017435] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB 
[ 1110.021736] lowmem_reserve[]: 0 0 0 0 0
[ 1110.021761] Node 1 Normal free:1857164kB min:53504kB low:66880kB high:80256kB active_anon:1429768kB inactive_anon:18552kB active_file:55448kB inactive_file:24260kB unevictable:0kB writepending:1176kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13728kB pagetables:27772kB bounce:0kB free_pcp:1352kB local_pcp:676kB free_cma:0kB
05:08:58 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x105084)

05:08:58 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a300050000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x3}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:58 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000))
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}})
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:58 executing program 2:
getpid()
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1110.021787] lowmem_reserve[]:
[ 1110.031524] = 0kB
[ 1110.034712]  0
[ 1110.036786] Node 1 
[ 1110.041085]  0 0 0
[ 1110.048343] Normal: 
[ 1110.049704]  0
[ 1110.055343] 257*4kB 
[ 1110.062636] (UME) 
[ 1110.069408] Node 0 
[ 1110.072321] 288*8kB 
[ 1110.073974] DMA: 
[ 1110.078032] (UME) 389*16kB 
[ 1110.081655] 12*4kB 
[ 1110.086464] (UME) 
[ 1110.089640] (UM) 
[ 1110.094469] 377*32kB (UME) 105*64kB (UM) 15*128kB (ME) 17*256kB (ME) 12*512kB (M) 4*1024kB (UME) 
[ 1110.104332] 6*8kB 
[ 1110.106777] 3*2048kB 
[ 1110.109004] (UM) 
[ 1110.116277] (UME) 
[ 1110.117344] 1*16kB 
[ 1110.121584] 441*4096kB 
[ 1110.126609] (U) 
[ 1110.130332] (M) 
[ 1110.138364] 1*32kB 
[ 1110.172533] = 1857332kB
[ 1110.175947] (U) 
[ 1110.183639] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.194724] 2*64kB 
[ 1110.198263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.205548] (UM) 
[ 1110.217525] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.218380] 1*128kB 
[ 1110.229124] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.238414] (U) 
[ 1110.238913] 21441 total pagecache pages
[ 1110.240837] 1*256kB 
[ 1110.247922] 0 pages in swap cache
[ 1110.248794] (U) 
[ 1110.254877] Swap cache stats: add 0, delete 0, find 0/0
[ 1110.255786] 3*512kB 
[ 1110.263690] Free swap  = 0kB
[ 1110.267172] (UM) 
[ 1110.269414] Total swap = 0kB
[ 1110.269422] 1965979 pages RAM
[ 1110.276167] 0*1024kB 
05:08:58 executing program 0:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:58 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

05:08:58 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$SEG6(0x0)
mkdir(&(0x7f0000001240)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
umount2(&(0x7f0000000240)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[ 1110.300530] 0 pages HighMem/MovableOnly
[ 1110.304896] 0*2048kB 
[ 1110.308920] 335854 pages reserved
[ 1110.346278] 2*4096kB 
[ 1110.347083] 0 pages cma reserved
[ 1110.348788] (M) 
[ 1110.458291] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1110.472724] = 10384kB
[ 1110.557655] Node 0 DMA32: 794*4kB (UME) 512*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31384kB
[ 1110.585746] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1110.634580] Node 1 Normal: 168*4kB (UME) 255*8kB (UME) 393*16kB (UME) 364*32kB (UM) 109*64kB (UM) 15*128kB (ME) 17*256kB (ME) 13*512kB (UM) 4*1024kB (UME) 2*2048kB (ME) 441*4096kB (M) = 1855080kB
[ 1110.636586] syz-executor.2: 
[ 1110.668085] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1110.684020] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.692463] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1110.693757] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.713206] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.718264] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1110.728099] CPU: 1 PID: 10975 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1110.735758] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.736142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1110.747774] 21441 total pagecache pages
[ 1110.754225] Call Trace:
[ 1110.754246]  dump_stack+0x142/0x197
[ 1110.754259]  warn_alloc.cold+0x96/0x1af
[ 1110.754268]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1110.754286]  ? wait_for_completion+0x420/0x420
[ 1110.754304]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1110.758500] 0 pages in swap cache
[ 1110.760892]  ? warn_alloc+0xf0/0xf0
[ 1110.760914]  ? __might_sleep+0x93/0xb0
[ 1110.764608] Swap cache stats: add 0, delete 0, find 0/0
[ 1110.768752]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1110.768766]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1110.768777]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1110.768798]  alloc_pages_current+0xec/0x1e0
[ 1110.774897] Free swap  = 0kB
[ 1110.778962]  kvm_mmu_create+0xdf/0x1e0
[ 1110.778980]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1110.778993]  kvm_vcpu_init+0x272/0x360
[ 1110.779010]  vmx_create_vcpu+0xfc/0x2aa0
[ 1110.784083] Total swap = 0kB
[ 1110.787760]  ? mutex_trylock+0x1c0/0x1c0
[ 1110.787781]  ? handle_rdmsr+0x6e0/0x6e0
[ 1110.787791]  ? wait_for_completion+0x420/0x420
[ 1110.787804]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1110.787817]  kvm_vm_ioctl+0x501/0x1600
[ 1110.791903] 1965979 pages RAM
[ 1110.795618]  ? __lock_acquire+0x5f7/0x4620
[ 1110.795630]  ? get_unused_fd_flags+0xd0/0xd0
[ 1110.795644]  ? kvm_vcpu_release+0xa0/0xa0
[ 1110.795656]  ? trace_hardirqs_on+0x10/0x10
[ 1110.801167] 0 pages HighMem/MovableOnly
[ 1110.805787]  ? trace_hardirqs_on+0x10/0x10
[ 1110.805800]  ? __might_fault+0x110/0x1d0
[ 1110.805811]  ? save_trace+0x290/0x290
[ 1110.811204] 335854 pages reserved
[ 1110.816073]  ? __might_fault+0x110/0x1d0
[ 1110.816088]  ? __fget+0x210/0x370
[ 1110.816100]  ? find_held_lock+0x35/0x130
[ 1110.816111]  ? __fget+0x210/0x370
[ 1110.820554] 0 pages cma reserved
[ 1110.823474]  ? kvm_vcpu_release+0xa0/0xa0
[ 1110.823487]  do_vfs_ioctl+0x7ae/0x1060
[ 1110.823499]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1110.823512]  ? lock_downgrade+0x740/0x740
[ 1110.941964]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1110.946411]  ? __fget+0x237/0x370
[ 1110.949857]  ? security_file_ioctl+0x89/0xb0
[ 1110.954268]  SyS_ioctl+0x8f/0xc0
[ 1110.957744]  ? do_vfs_ioctl+0x1060/0x1060
[ 1110.961933]  do_syscall_64+0x1e8/0x640
[ 1110.965897]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1110.970806]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1110.975982] RIP: 0033:0x45c429
05:08:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0xae44, &(0x7f00000003c0)={0x0, 0x0, @ioapic})

05:08:58 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000))
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:08:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000180)={0x3, 0x0, [{}, {0xa}, {0x1}]})

05:08:58 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

[ 1110.979160] RSP: 002b:00007f8362ecac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1110.986982] RAX: ffffffffffffffda RBX: 00007f8362ecb6d4 RCX: 000000000045c429
[ 1110.994754] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1111.002116] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1111.009451] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1111.016837] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1111.040992] warn_alloc_show_mem: 2 callbacks suppressed
[ 1111.040996] Mem-Info:
[ 1111.054672] active_anon:837571 inactive_anon:4834 isolated_anon:0
[ 1111.054672]  active_file:14326 inactive_file:6863 isolated_file:0
[ 1111.054672]  unevictable:0 dirty:347 writeback:0 unstable:0
[ 1111.054672]  slab_reclaimable:17692 slab_unreclaimable:150459
[ 1111.054672]  mapped:59407 shmem:255 pagetables:16913 bounce:0
[ 1111.054672]  free:474305 free_pcp:359 free_cma:0
05:08:58 executing program 4:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1111.067493] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1111.117356] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1111.147991] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1111.164080] CPU: 1 PID: 10997 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1111.172102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1111.181485] Call Trace:
[ 1111.184102]  dump_stack+0x142/0x197
[ 1111.187758]  warn_alloc.cold+0x96/0x1af
[ 1111.191890]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1111.196757]  ? wait_for_completion+0x420/0x420
[ 1111.201505]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1111.206378]  ? warn_alloc+0xf0/0xf0
[ 1111.210032]  ? __might_sleep+0x93/0xb0
[ 1111.213967]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1111.218677]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1111.223710]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1111.228757]  alloc_pages_current+0xec/0x1e0
[ 1111.233099]  kvm_mmu_create+0xdf/0x1e0
[ 1111.237004]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1111.241345]  kvm_vcpu_init+0x272/0x360
[ 1111.245252]  vmx_create_vcpu+0xfc/0x2aa0
[ 1111.249474]  ? mutex_trylock+0x1c0/0x1c0
[ 1111.253557]  ? handle_rdmsr+0x6e0/0x6e0
[ 1111.257545]  ? wait_for_completion+0x420/0x420
[ 1111.262162]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1111.263603] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1111.266513]  kvm_vm_ioctl+0x501/0x1600
[ 1111.266526]  ? __lock_acquire+0x5f7/0x4620
[ 1111.266538]  ? get_unused_fd_flags+0xd0/0xd0
[ 1111.266552]  ? kvm_vcpu_release+0xa0/0xa0
[ 1111.266562]  ? trace_hardirqs_on+0x10/0x10
[ 1111.266581]  ? trace_hardirqs_on+0x10/0x10
[ 1111.300870]  ? __might_fault+0x110/0x1d0
[ 1111.304960]  ? save_trace+0x290/0x290
[ 1111.308782]  ? __might_fault+0x110/0x1d0
[ 1111.312868]  ? __fget+0x210/0x370
[ 1111.316340]  ? find_held_lock+0x35/0x130
[ 1111.320418]  ? __fget+0x210/0x370
[ 1111.323897]  ? kvm_vcpu_release+0xa0/0xa0
[ 1111.327736] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1111.328069]  do_vfs_ioctl+0x7ae/0x1060
[ 1111.328084]  ? selinux_file_mprotect+0x5d0/0x5d0
05:08:58 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

05:08:58 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:58 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1111.328096]  ? lock_downgrade+0x740/0x740
[ 1111.328106]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1111.328119]  ? __fget+0x237/0x370
[ 1111.357530]  ? security_file_ioctl+0x89/0xb0
[ 1111.361987]  SyS_ioctl+0x8f/0xc0
[ 1111.367450]  ? do_vfs_ioctl+0x1060/0x1060
[ 1111.371620]  do_syscall_64+0x1e8/0x640
[ 1111.375544]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1111.380537]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1111.385737] RIP: 0033:0x45c429
[ 1111.388942] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1111.396863] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1111.404143] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1111.411448] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1111.418732] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1111.426015] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1111.434859] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1111.463852] Node 1 active_anon:1429928kB inactive_anon:18548kB active_file:55448kB inactive_file:24352kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26976kB dirty:1272kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1111.501093] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1111.540977] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1111.546157] Node 0 DMA32 free:31260kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:260kB local_pcp:132kB free_cma:0kB
[ 1111.577241] lowmem_reserve[]: 0 0 0 0 0
[ 1111.581535] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1111.612742] lowmem_reserve[]: 0 0 0 0 0
[ 1111.616978] Node 1 Normal free:1855236kB min:53504kB low:66880kB high:80256kB active_anon:1429796kB inactive_anon:18548kB active_file:55448kB inactive_file:24372kB unevictable:0kB writepending:1300kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13856kB pagetables:27900kB bounce:0kB free_pcp:1216kB local_pcp:700kB free_cma:0kB
[ 1111.647657] lowmem_reserve[]: 0 0 0 0 0
[ 1111.649383] syz-executor.0: 
[ 1111.651789] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1111.659114] page allocation failure: order:0
[ 1111.669594] Node 0 DMA32: 763*4kB (UME) 512*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31260kB
[ 1111.678870] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1111.690941] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1111.703508] (null)
[ 1111.709335] Node 1 Normal: 264*4kB (UME) 199*8kB (UME) 439*16kB (UME) 369*32kB (UM) 111*64kB (UM) 14*128kB (M) 18*256kB (UME) 13*512kB (UM) 3*1024kB (ME) 2*2048kB (ME) 441*4096kB (M) = 1855144kB
[ 1111.714704] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1111.740528] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1111.744901] CPU: 0 PID: 11005 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1111.751262] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1111.757513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1111.757523] Call Trace:
[ 1111.766456] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1111.775668]  dump_stack+0x142/0x197
[ 1111.775685]  warn_alloc.cold+0x96/0x1af
[ 1111.775693]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1111.775710]  ? wait_for_completion+0x420/0x420
[ 1111.775725]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1111.775746]  ? warn_alloc+0xf0/0xf0
[ 1111.775764]  ? __might_sleep+0x93/0xb0
[ 1111.775776]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1111.779525] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1111.787212]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1111.787225]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1111.787244]  alloc_pages_current+0xec/0x1e0
[ 1111.787258]  kvm_mmu_create+0xdf/0x1e0
[ 1111.787271]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1111.787283]  kvm_vcpu_init+0x272/0x360
[ 1111.787294]  vmx_create_vcpu+0xfc/0x2aa0
[ 1111.787305]  ? mutex_trylock+0x1c0/0x1c0
[ 1111.787320]  ? handle_rdmsr+0x6e0/0x6e0
[ 1111.787332]  ? wait_for_completion+0x420/0x420
[ 1111.797584] 21455 total pagecache pages
[ 1111.799864]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1111.799881]  kvm_vm_ioctl+0x501/0x1600
[ 1111.805034] 0 pages in swap cache
[ 1111.809410]  ? __lock_acquire+0x5f7/0x4620
[ 1111.809426]  ? kvm_vcpu_release+0xa0/0xa0
[ 1111.809434]  ? trace_hardirqs_on+0x10/0x10
[ 1111.809448]  ? trace_hardirqs_on+0x10/0x10
[ 1111.813178] Swap cache stats: add 0, delete 0, find 0/0
[ 1111.816988]  ? __might_fault+0x110/0x1d0
[ 1111.817001]  ? save_trace+0x290/0x290
[ 1111.817010]  ? __might_fault+0x110/0x1d0
[ 1111.817023]  ? __fget+0x210/0x370
[ 1111.822170] Free swap  = 0kB
[ 1111.830285]  ? find_held_lock+0x35/0x130
[ 1111.830298]  ? __fget+0x210/0x370
[ 1111.830311]  ? kvm_vcpu_release+0xa0/0xa0
[ 1111.830321]  do_vfs_ioctl+0x7ae/0x1060
[ 1111.830333]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1111.830341]  ? lock_downgrade+0x740/0x740
[ 1111.830351]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1111.830360]  ? __fget+0x237/0x370
[ 1111.830375]  ? security_file_ioctl+0x89/0xb0
[ 1111.830387]  SyS_ioctl+0x8f/0xc0
[ 1111.836131] Total swap = 0kB
[ 1111.840565]  ? do_vfs_ioctl+0x1060/0x1060
[ 1111.840579]  do_syscall_64+0x1e8/0x640
[ 1111.840587]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1111.840602]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1111.840610] RIP: 0033:0x45c429
[ 1111.840615] RSP: 002b:00007f7837b80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1111.840625] RAX: ffffffffffffffda RBX: 00007f7837b816d4 RCX: 000000000045c429
[ 1111.840630] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1111.840635] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1111.840640] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1111.840645] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
[ 1112.042580] 1965979 pages RAM
[ 1112.045877] 0 pages HighMem/MovableOnly
[ 1112.049904] 335854 pages reserved
[ 1112.053858] 0 pages cma reserved
05:08:59 executing program 2:
getpid()
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:08:59 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:08:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe)
socket$inet_udplite(0x2, 0x2, 0x88)

05:08:59 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:08:59 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0x1c}, 'bridge0\x00'}}, 0x1e)
getpid()
sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0)

05:08:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

[ 1112.184624] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1112.199847] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1112.250000] CPU: 1 PID: 11039 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1112.257937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1112.267472] Call Trace:
[ 1112.270059]  dump_stack+0x142/0x197
[ 1112.273676]  warn_alloc.cold+0x96/0x1af
[ 1112.277656]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1112.282512]  ? wait_for_completion+0x420/0x420
[ 1112.287107]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1112.291992]  ? warn_alloc+0xf0/0xf0
[ 1112.295630]  ? __might_sleep+0x93/0xb0
[ 1112.299524]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1112.304208]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1112.309570]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1112.314723]  alloc_pages_current+0xec/0x1e0
[ 1112.319044]  kvm_mmu_create+0xdf/0x1e0
[ 1112.322937]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1112.327278]  kvm_vcpu_init+0x272/0x360
[ 1112.331162]  vmx_create_vcpu+0xfc/0x2aa0
[ 1112.335230]  ? mutex_trylock+0x1c0/0x1c0
[ 1112.339306]  ? handle_rdmsr+0x6e0/0x6e0
[ 1112.343283]  ? wait_for_completion+0x420/0x420
[ 1112.347885]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1112.352271]  kvm_vm_ioctl+0x501/0x1600
[ 1112.356198]  ? __lock_acquire+0x5f7/0x4620
[ 1112.360430]  ? get_unused_fd_flags+0xd0/0xd0
[ 1112.364874]  ? kvm_vcpu_release+0xa0/0xa0
[ 1112.369042]  ? trace_hardirqs_on+0x10/0x10
[ 1112.373283]  ? trace_hardirqs_on+0x10/0x10
[ 1112.377514]  ? __might_fault+0x110/0x1d0
[ 1112.381587]  ? save_trace+0x290/0x290
[ 1112.385550]  ? __might_fault+0x110/0x1d0
[ 1112.389623]  ? __fget+0x210/0x370
[ 1112.393075]  ? find_held_lock+0x35/0x130
[ 1112.397134]  ? __fget+0x210/0x370
[ 1112.400600]  ? kvm_vcpu_release+0xa0/0xa0
[ 1112.404757]  do_vfs_ioctl+0x7ae/0x1060
[ 1112.408654]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1112.413401]  ? lock_downgrade+0x740/0x740
[ 1112.417574]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1112.421991]  ? __fget+0x237/0x370
[ 1112.425453]  ? security_file_ioctl+0x89/0xb0
[ 1112.429969]  SyS_ioctl+0x8f/0xc0
[ 1112.433459]  ? do_vfs_ioctl+0x1060/0x1060
[ 1112.437608]  do_syscall_64+0x1e8/0x640
[ 1112.441488]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1112.446355]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1112.451546] RIP: 0033:0x45c429
[ 1112.454736] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1112.462563] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1112.469825] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1112.477205] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1112.484467] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1112.491862] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1112.564429] warn_alloc_show_mem: 2 callbacks suppressed
[ 1112.564433] Mem-Info:
[ 1112.588357] active_anon:837672 inactive_anon:4834 isolated_anon:0
[ 1112.588357]  active_file:14326 inactive_file:6871 isolated_file:0
[ 1112.588357]  unevictable:0 dirty:361 writeback:0 unstable:0
[ 1112.588357]  slab_reclaimable:17753 slab_unreclaimable:150329
05:09:00 executing program 5:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

[ 1112.588357]  mapped:59432 shmem:255 pagetables:16975 bounce:0
[ 1112.588357]  free:474292 free_pcp:337 free_cma:0
[ 1112.641778] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1112.674352] nla_parse: 1 callbacks suppressed
[ 1112.674358] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:09:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1112.722384] Node 1 active_anon:1429908kB inactive_anon:18552kB active_file:55448kB inactive_file:24388kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:1324kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1112.763802] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:09:00 executing program 5:
pipe(&(0x7f0000000680))
r0 = getpid()
sched_setscheduler(r0, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
setsockopt$packet_int(r1, 0x107, 0x10000000000f, 0x0, 0x0)
capget(&(0x7f0000000000), 0x0)
getpgid(0x0)
syz_open_dev$sndseq(0x0, 0x0, 0x1)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x14, 0x0, 0xc46dfc707e1df77d}, 0x14}}, 0x0)
fcntl$getownex(r2, 0x10, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_access\x00', 0x0, 0x0, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0xc054)
memfd_create(0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'})
r3 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85512, &(0x7f0000000040)={{0x3, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c]})
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x227d, 0x0)
kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10)
syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
memfd_create(0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000f50f90), 0x0, 0x81003)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)

[ 1112.814071] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:09:00 executing program 2:
getpid()
sched_setscheduler(0x0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1112.906340] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1112.941829] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
05:09:00 executing program 0:
syz_emit_ethernet(0x186, &(0x7f0000000500)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd604df88c01322f00fe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000ff020000000000002000000000000001ff010000000000000000000000000001050830af2f3be3d3c43675f53ac79117c5f71aeb0800d658a0585820ce8ed7d37077917dd752c9e98f534f1b830b4a577bfb953b28cc6b81fe1e04ee34029997b7777d1f1805cefc0942d6525a0ff0896b9d4a8485cfa43fbd6710c1ee87a564b62967d96bd4ce99605e300370c9954528a4e58a13db08ef1b2b522088f59a47c2531dc83199496b18ab7d79efde81627e9717e438f9f9a2682e91a7320136020000000000000079e6228c834e734029e1e307451144d1b24d0df3fa219756197e546d8c5da316c96ffa56556233624faac6971c20c8d71ae0a201039f9130b3312047a9c05d4cf9c76acd01cc9a27621abd524e7431df87e1d5d91cdc1250700547443430b7777b492e09b1475bde7fa14e88330af3eb8acb93729ed39275acec860066e2e4f9c594233086964a8780076ab499b6884347998dc120028e278aabb5ae0b70319ce10db8b02e3d439ce4c020357ce0d08a0255c02e8bb5779bcfd1f1b97d01a582c60da4a66869b3058373e78eb59f9aa46cdb59f79a6c7a6e836fe99afdbc2f22500387ec1708c01b3e688c88d0033c640735e1c97478ce4fdd179b58c04c45f433de8a50b2d5069a7bea7cc7df6b7947904929644ee3d8a1d352e207a66f2908cddc64ab5a8b091d6c9ec2f8823f7460f472b9f5d764a93d94ea80a93ed92f1bfaa594af29365644c79f23fa35aaa718e9c0b470012029b9361cb715c750ccf183ba239440d2eeb19ad6bc99c05f03f5d0f5e1eb6f892cbb7ac3ae81a757ab21e2c1c7f8f9aaf1df802b305ceeeae0d8283843718af8bad8176513e9ec1e7bd9c738b955c7ac97cb0537a76ff0af0011a6e531d6db545b3d1c29c7696c4f0724bc38cd8bc9f5dfc17a251b4c290795b1e363d07974f387e4b023fac73e8af7183521ee35ff8a87a6c1"], 0x0)

[ 1112.964638] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1112.975684] Node 0 DMA32 free:31316kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:228kB local_pcp:84kB free_cma:0kB
[ 1113.072593] lowmem_reserve[]: 0 0 0 0 0
[ 1113.077401] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1113.106328] lowmem_reserve[]: 0 0 0 0 0
[ 1113.111552] Node 1 Normal free:1855928kB min:53504kB low:66880kB high:80256kB active_anon:1429708kB inactive_anon:18552kB active_file:55448kB inactive_file:24388kB unevictable:0kB writepending:1324kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27692kB bounce:0kB free_pcp:1468kB local_pcp:728kB free_cma:0kB
[ 1113.143907] lowmem_reserve[]: 0 0 0 0 0
[ 1113.147940] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1113.162957] Node 0 DMA32: 763*4kB (UME) 526*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31372kB
[ 1113.178571] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1113.189446] Node 1 Normal: 294*4kB (UME) 280*8kB (UME) 524*16kB (UME) 381*32kB (UM) 112*64kB (UM) 16*128kB (UME) 16*256kB (M) 13*512kB (UM) 4*1024kB (UME) 3*2048kB (UME) 440*4096kB (M) = 1856440kB
[ 1113.207644] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1113.216590] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1113.225428] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1113.234513] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1113.243229] 21465 total pagecache pages
[ 1113.247200] 0 pages in swap cache
[ 1113.250727] Swap cache stats: add 0, delete 0, find 0/0
[ 1113.256186] Free swap  = 0kB
[ 1113.259187] Total swap = 0kB
[ 1113.262289] 1965979 pages RAM
[ 1113.265511] 0 pages HighMem/MovableOnly
[ 1113.269585] 335854 pages reserved
05:09:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
open(&(0x7f0000000200)='./bus\x00', 0x20001c1242, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000fffffffe)
socket$inet_udplite(0x2, 0x2, 0x88)

05:09:00 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:00 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(0x0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x200000a5}])

05:09:00 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x1, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x105084)

05:09:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {}, {}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}]}})
open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)

05:09:00 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1113.273100] 0 pages cma reserved
05:09:00 executing program 5:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

[ 1113.344193] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1113.356638] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1113.380520] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1113.386049] CPU: 1 PID: 11096 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1113.393946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1113.403310] Call Trace:
[ 1113.406004]  dump_stack+0x142/0x197
[ 1113.409650]  warn_alloc.cold+0x96/0x1af
[ 1113.413637]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1113.418640]  ? wait_for_completion+0x420/0x420
[ 1113.423248]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1113.428122]  ? warn_alloc+0xf0/0xf0
[ 1113.431871]  ? __might_sleep+0x93/0xb0
[ 1113.435783]  __alloc_pages_nodemask+0x62c/0x7a0
05:09:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1113.440552]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1113.445722]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1113.450768]  alloc_pages_current+0xec/0x1e0
[ 1113.455120]  kvm_mmu_create+0xdf/0x1e0
[ 1113.459374]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1113.463724]  kvm_vcpu_init+0x272/0x360
[ 1113.467714]  vmx_create_vcpu+0xfc/0x2aa0
[ 1113.471792]  ? mutex_trylock+0x1c0/0x1c0
[ 1113.475960]  ? handle_rdmsr+0x6e0/0x6e0
[ 1113.479954]  ? wait_for_completion+0x420/0x420
[ 1113.484559]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1113.488905]  kvm_vm_ioctl+0x501/0x1600
[ 1113.493246]  ? __lock_acquire+0x5f7/0x4620
[ 1113.497498]  ? get_unused_fd_flags+0xd0/0xd0
[ 1113.501928]  ? kvm_vcpu_release+0xa0/0xa0
[ 1113.506091]  ? trace_hardirqs_on+0x10/0x10
[ 1113.510502]  ? trace_hardirqs_on+0x10/0x10
[ 1113.514751]  ? __might_fault+0x110/0x1d0
[ 1113.515810] syz-executor.5: 
[ 1113.518815]  ? save_trace+0x290/0x290
[ 1113.518828]  ? __might_fault+0x110/0x1d0
[ 1113.518842]  ? __fget+0x210/0x370
[ 1113.518851]  ? find_held_lock+0x35/0x130
[ 1113.518860]  ? __fget+0x210/0x370
[ 1113.518874]  ? kvm_vcpu_release+0xa0/0xa0
[ 1113.518887]  do_vfs_ioctl+0x7ae/0x1060
[ 1113.525829] syz-executor.2: 
[ 1113.529782]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1113.529795]  ? lock_downgrade+0x740/0x740
[ 1113.529808]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1113.529820]  ? __fget+0x237/0x370
[ 1113.529837]  ? security_file_ioctl+0x89/0xb0
[ 1113.529856]  SyS_ioctl+0x8f/0xc0
[ 1113.539711] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1113.540852]  ? do_vfs_ioctl+0x1060/0x1060
[ 1113.540868]  do_syscall_64+0x1e8/0x640
05:09:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1113.540877]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1113.540897]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1113.540905] RIP: 0033:0x45c429
[ 1113.540911] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1113.550816] page allocation failure: order:0
[ 1113.552229] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1113.552235] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1113.552242] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1113.552248] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1113.552254] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1113.590202] syz-executor.4: 
[ 1113.614975] page allocation failure: order:0
[ 1113.616891] page allocation failure: order:0
[ 1113.647359] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1113.659342] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1113.679620] (null)
[ 1113.689252] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1113.695785] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1113.705951] CPU: 0 PID: 11097 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1113.709463] syz-executor.4 cpuset=
[ 1113.714030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1113.714036] Call Trace:
[ 1113.714054]  dump_stack+0x142/0x197
[ 1113.714068]  warn_alloc.cold+0x96/0x1af
[ 1113.714077]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1113.714098]  ? wait_for_completion+0x420/0x420
[ 1113.714112]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1113.714133]  ? warn_alloc+0xf0/0xf0
[ 1113.714152]  ? __might_sleep+0x93/0xb0
[ 1113.714162]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1113.714175]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1113.714183]  ? retint_kernel+0x2d/0x2d
[ 1113.714205]  alloc_pages_current+0xec/0x1e0
[ 1113.723726] syz4
[ 1113.727126]  kvm_mmu_create+0xdf/0x1e0
[ 1113.730762]  mems_allowed=0-1
[ 1113.733337]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1113.733354]  kvm_vcpu_init+0x272/0x360
[ 1113.733367]  vmx_create_vcpu+0xfc/0x2aa0
[ 1113.798261]  ? check_preemption_disabled+0x3c/0x250
[ 1113.803277]  ? retint_kernel+0x2d/0x2d
[ 1113.807160]  ? handle_rdmsr+0x6e0/0x6e0
[ 1113.811236]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1113.815645]  kvm_vm_ioctl+0x501/0x1600
[ 1113.816514] Mem-Info:
[ 1113.819748]  ? __lock_acquire+0x5f7/0x4620
[ 1113.819758]  ? mark_held_locks+0xb1/0x100
[ 1113.819774]  ? kvm_vcpu_release+0xa0/0xa0
[ 1113.819785]  ? retint_kernel+0x2d/0x2d
[ 1113.819797]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1113.823503] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1113.826519]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1113.826535]  ? check_preemption_disabled+0x3c/0x250
[ 1113.826549]  ? retint_kernel+0x2d/0x2d
[ 1113.837582] active_anon:837664 inactive_anon:4834 isolated_anon:0
[ 1113.837582]  active_file:14326 inactive_file:6864 isolated_file:0
[ 1113.837582]  unevictable:0 dirty:369 writeback:0 unstable:0
[ 1113.837582]  slab_reclaimable:17777 slab_unreclaimable:150909
[ 1113.837582]  mapped:59407 shmem:255 pagetables:16911 bounce:0
[ 1113.837582]  free:473630 free_pcp:353 free_cma:0
[ 1113.838843]  ? selinux_file_ioctl+0x30a/0x560
[ 1113.838852]  ? selinux_file_ioctl+0x33d/0x560
[ 1113.838866]  ? kvm_vcpu_release+0xa0/0xa0
[ 1113.845156] (null)
[ 1113.849894]  do_vfs_ioctl+0x7ae/0x1060
[ 1113.849909]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1113.849920]  ? lock_downgrade+0x740/0x740
[ 1113.849929]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1113.849942]  ? __fget+0x237/0x370
05:09:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:01 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, 0x0)

[ 1113.860437] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3040kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1113.863611]  ? security_file_ioctl+0x89/0xb0
[ 1113.863629]  SyS_ioctl+0x8f/0xc0
[ 1113.863639]  ? do_vfs_ioctl+0x1060/0x1060
[ 1113.863664]  do_syscall_64+0x1e8/0x640
[ 1113.904336] syz-executor.5 cpuset=
[ 1113.907699]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1113.907719]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1113.907749] RIP: 0033:0x45c429
[ 1113.907757] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246
[ 1113.919879] syz5
[ 1113.922771]  ORIG_RAX: 0000000000000010
[ 1113.922781] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1113.935070]  mems_allowed=0-1
[ 1113.963253] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1113.963260] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1113.963264] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1113.963269] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1114.059455] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1114.059570] CPU: 1 PID: 11104 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1114.075885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1114.085455] Call Trace:
[ 1114.088161]  dump_stack+0x142/0x197
[ 1114.092272]  warn_alloc.cold+0x96/0x1af
05:09:01 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1114.096291]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1114.102112]  ? wait_for_completion+0x420/0x420
[ 1114.106862]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1114.111745]  ? warn_alloc+0xf0/0xf0
[ 1114.115401]  ? __might_sleep+0x93/0xb0
[ 1114.119318]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1114.124010]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1114.129047]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1114.134097]  alloc_pages_current+0xec/0x1e0
[ 1114.138456]  kvm_mmu_create+0xdf/0x1e0
[ 1114.147699]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1114.152050]  kvm_vcpu_init+0x272/0x360
[ 1114.155951]  vmx_create_vcpu+0xfc/0x2aa0
[ 1114.160025]  ? mutex_trylock+0x1c0/0x1c0
[ 1114.164097]  ? handle_rdmsr+0x6e0/0x6e0
[ 1114.168191]  ? wait_for_completion+0x420/0x420
[ 1114.172798]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1114.177248]  kvm_vm_ioctl+0x501/0x1600
[ 1114.181158]  ? __lock_acquire+0x5f7/0x4620
[ 1114.185429]  ? get_unused_fd_flags+0xd0/0xd0
[ 1114.189963]  ? kvm_vcpu_release+0xa0/0xa0
[ 1114.194122]  ? trace_hardirqs_on+0x10/0x10
[ 1114.198397]  ? trace_hardirqs_on+0x10/0x10
[ 1114.202762]  ? __might_fault+0x110/0x1d0
[ 1114.206830]  ? save_trace+0x290/0x290
[ 1114.210650]  ? __might_fault+0x110/0x1d0
[ 1114.214724]  ? __fget+0x210/0x370
[ 1114.218218]  ? find_held_lock+0x35/0x130
[ 1114.222314]  ? __fget+0x210/0x370
[ 1114.225776]  ? kvm_vcpu_release+0xa0/0xa0
[ 1114.229943]  do_vfs_ioctl+0x7ae/0x1060
[ 1114.234113]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1114.238897]  ? lock_downgrade+0x740/0x740
[ 1114.243050]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1114.247834]  ? __fget+0x237/0x370
[ 1114.251288]  ? security_file_ioctl+0x89/0xb0
[ 1114.255688]  SyS_ioctl+0x8f/0xc0
[ 1114.259063]  ? do_vfs_ioctl+0x1060/0x1060
[ 1114.263228]  do_syscall_64+0x1e8/0x640
[ 1114.267112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1114.271955]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1114.277156] RIP: 0033:0x45c429
[ 1114.280340] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1114.288066] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1114.295345] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1114.302645] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1114.309930] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1114.317554] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1114.328058] CPU: 0 PID: 11107 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1114.332705] Node 1 active_anon:1430144kB inactive_anon:18548kB active_file:55448kB inactive_file:24436kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:768kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1114.335973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1114.335978] Call Trace:
[ 1114.335996]  dump_stack+0x142/0x197
[ 1114.336009]  warn_alloc.cold+0x96/0x1af
[ 1114.336021]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1114.364295] Node 0 
[ 1114.373172]  ? wait_for_completion+0x420/0x420
[ 1114.373191]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1114.373212]  ? warn_alloc+0xf0/0xf0
[ 1114.373231]  ? __might_sleep+0x93/0xb0
[ 1114.373242]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1114.373253]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1114.373262]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1114.373287]  alloc_pages_current+0xec/0x1e0
[ 1114.375973] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1114.379522]  kvm_mmu_create+0xdf/0x1e0
[ 1114.379538]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1114.379552]  kvm_vcpu_init+0x272/0x360
[ 1114.379563]  vmx_create_vcpu+0xfc/0x2aa0
[ 1114.379577]  ? mutex_trylock+0x1c0/0x1c0
[ 1114.392403] lowmem_reserve[]:
[ 1114.395343]  ? handle_rdmsr+0x6e0/0x6e0
[ 1114.395357]  ? wait_for_completion+0x420/0x420
[ 1114.395376]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1114.400449]  0
[ 1114.403861]  kvm_vm_ioctl+0x501/0x1600
[ 1114.403875]  ? __lock_acquire+0x5f7/0x4620
[ 1114.403886]  ? get_unused_fd_flags+0xd0/0xd0
[ 1114.403900]  ? kvm_vcpu_release+0xa0/0xa0
[ 1114.408114]  2569
[ 1114.412684]  ? trace_hardirqs_on+0x10/0x10
[ 1114.412705]  ? trace_hardirqs_on+0x10/0x10
[ 1114.412717]  ? __might_fault+0x110/0x1d0
[ 1114.412726]  ? save_trace+0x290/0x290
[ 1114.412736]  ? __might_fault+0x110/0x1d0
[ 1114.412748]  ? __fget+0x210/0x370
[ 1114.412757]  ? find_held_lock+0x35/0x130
[ 1114.412767]  ? __fget+0x210/0x370
[ 1114.412780]  ? kvm_vcpu_release+0xa0/0xa0
[ 1114.412792]  do_vfs_ioctl+0x7ae/0x1060
[ 1114.418169]  2569
[ 1114.422840]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1114.422852]  ? lock_downgrade+0x740/0x740
[ 1114.422864]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1114.422875]  ? __fget+0x237/0x370
[ 1114.422891]  ? security_file_ioctl+0x89/0xb0
[ 1114.422902]  SyS_ioctl+0x8f/0xc0
[ 1114.422910]  ? do_vfs_ioctl+0x1060/0x1060
[ 1114.422922]  do_syscall_64+0x1e8/0x640
[ 1114.422930]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1114.422949]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1114.427498]  2569
[ 1114.453409] RIP: 0033:0x45c429
[ 1114.453416] RSP: 002b:00007f7d63f4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1114.453425] RAX: ffffffffffffffda RBX: 00007f7d63f4d6d4 RCX: 000000000045c429
[ 1114.453429] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1114.453434] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000
[ 1114.453440] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1114.453446] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bfcc
05:09:02 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x0, 0x3, [@dev, @local, @local]})

05:09:02 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:02 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1114.506348] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1114.520852]  2569
[ 1114.574337] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1114.666720] Node 0 DMA32 free:31248kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:76kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:308kB local_pcp:148kB free_cma:0kB
[ 1114.720841] lowmem_reserve[]: 0 0 0 0 0
[ 1114.725512] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1114.759501] lowmem_reserve[]: 0 0 0 0 0
[ 1114.763767] Node 1 Normal free:1853508kB min:53504kB low:66880kB high:80256kB active_anon:1429784kB inactive_anon:18552kB active_file:55448kB inactive_file:24500kB unevictable:0kB writepending:808kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27936kB bounce:0kB free_pcp:916kB local_pcp:488kB free_cma:0kB
[ 1114.795321] lowmem_reserve[]: 0 0 0 0 0
[ 1114.799480] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1114.814807] Node 0 DMA32: 732*4kB (UME) 529*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31272kB
[ 1114.830864] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1114.842407] Node 1 Normal: 142*4kB (UME) 245*8kB (UME) 529*16kB (UM) 373*32kB (UM) 116*64kB (UM) 15*128kB (UM) 17*256kB (UM) 13*512kB (UM) 3*1024kB (ME) 2*2048kB (ME) 440*4096kB (M) = 1852688kB
[ 1114.861062] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.870125] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1114.878958] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.890348] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1114.903668] 21487 total pagecache pages
[ 1114.908326] 0 pages in swap cache
[ 1114.915001] Swap cache stats: add 0, delete 0, find 0/0
05:09:02 executing program 0:
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
r3 = dup(0xffffffffffffffff)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe)
socket$inet_udplite(0x2, 0x2, 0x88)

05:09:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:02 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, 0x0)

05:09:02 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}]}})

[ 1114.934451] Free swap  = 0kB
[ 1114.939349] Total swap = 0kB
[ 1114.945461] 1965979 pages RAM
[ 1114.948689] 0 pages HighMem/MovableOnly
[ 1114.955422] 335854 pages reserved
[ 1114.964324] 0 pages cma reserved
05:09:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:02 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:02 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0)
pipe2(&(0x7f0000000000), 0x0)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, 0x0, 0x0)
r2 = open(0x0, 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0)

05:09:02 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:02 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, 0x0)

[ 1115.192917] syz-executor.0: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1115.214250] syz-executor.0 cpuset=syz0 mems_allowed=0-1
[ 1115.257041] CPU: 0 PID: 11169 Comm: syz-executor.0 Not tainted 4.14.171-syzkaller #0
[ 1115.265063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1115.274689] Call Trace:
[ 1115.277295]  dump_stack+0x142/0x197
[ 1115.280956]  warn_alloc.cold+0x96/0x1af
[ 1115.284946]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1115.289819]  ? wait_for_completion+0x420/0x420
[ 1115.294549]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1115.299431]  ? warn_alloc+0xf0/0xf0
[ 1115.306737]  ? __might_sleep+0x93/0xb0
[ 1115.310644]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1115.315333]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1115.320364]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1115.325407]  alloc_pages_current+0xec/0x1e0
[ 1115.329747]  kvm_mmu_create+0xdf/0x1e0
[ 1115.333751]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1115.338093]  kvm_vcpu_init+0x272/0x360
[ 1115.342000]  vmx_create_vcpu+0xfc/0x2aa0
[ 1115.346103]  ? mutex_trylock+0x1c0/0x1c0
[ 1115.350193]  ? handle_rdmsr+0x6e0/0x6e0
[ 1115.354180]  ? wait_for_completion+0x420/0x420
[ 1115.358781]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1115.363120]  kvm_vm_ioctl+0x501/0x1600
[ 1115.367020]  ? __lock_acquire+0x5f7/0x4620
[ 1115.371281]  ? get_unused_fd_flags+0xd0/0xd0
[ 1115.375744]  ? kvm_vcpu_release+0xa0/0xa0
[ 1115.380605]  ? trace_hardirqs_on+0x10/0x10
[ 1115.384865]  ? trace_hardirqs_on+0x10/0x10
[ 1115.389490]  ? __might_fault+0x110/0x1d0
[ 1115.393727]  ? save_trace+0x290/0x290
[ 1115.397543]  ? __might_fault+0x110/0x1d0
[ 1115.401622]  ? __fget+0x210/0x370
[ 1115.405114]  ? find_held_lock+0x35/0x130
[ 1115.406591] syz-executor.5: 
[ 1115.409298]  ? __fget+0x210/0x370
[ 1115.409313]  ? kvm_vcpu_release+0xa0/0xa0
[ 1115.409326]  do_vfs_ioctl+0x7ae/0x1060
[ 1115.409340]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1115.409351]  ? lock_downgrade+0x740/0x740
[ 1115.409363]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1115.409375]  ? __fget+0x237/0x370
[ 1115.409398]  ? security_file_ioctl+0x89/0xb0
[ 1115.424284] page allocation failure: order:0
[ 1115.428821]  SyS_ioctl+0x8f/0xc0
[ 1115.428833]  ? do_vfs_ioctl+0x1060/0x1060
[ 1115.428845]  do_syscall_64+0x1e8/0x640
[ 1115.428856]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1115.428880]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1115.428889] RIP: 0033:0x45c429
[ 1115.428895] RSP: 002b:00007f7837ba1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1115.482488] RAX: ffffffffffffffda RBX: 00007f7837ba26d4 RCX: 000000000045c429
[ 1115.489770] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1115.497066] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1115.502782] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1115.504735] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1115.504742] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1115.517159] warn_alloc_show_mem: 3 callbacks suppressed
[ 1115.517164] Mem-Info:
[ 1115.535543] active_anon:837691 inactive_anon:4834 isolated_anon:0
[ 1115.535543]  active_file:14326 inactive_file:6892 isolated_file:0
[ 1115.535543]  unevictable:0 dirty:222 writeback:0 unstable:0
[ 1115.535543]  slab_reclaimable:17825 slab_unreclaimable:150837
[ 1115.535543]  mapped:59431 shmem:255 pagetables:16962 bounce:0
[ 1115.535543]  free:473689 free_pcp:337 free_cma:0
[ 1115.556634] (null)
[ 1115.613141] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:80kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1115.625933] syz-executor.5 cpuset=
[ 1115.641991] Node 1 active_anon:1429884kB inactive_anon:18552kB active_file:55448kB inactive_file:24500kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26988kB dirty:808kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1115.667784] syz5
[ 1115.675055] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1115.681706]  mems_allowed=0-1
[ 1115.725966] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1115.731961] Node 0 DMA32 free:31352kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:80kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:316kB local_pcp:172kB free_cma:0kB
[ 1115.738055] CPU: 1 PID: 11144 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1115.762253] lowmem_reserve[]:
[ 1115.769520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1115.769525] Call Trace:
[ 1115.769544]  dump_stack+0x142/0x197
[ 1115.769558]  warn_alloc.cold+0x96/0x1af
[ 1115.769567]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1115.769579]  ? check_preemption_disabled+0x3c/0x250
[ 1115.772781]  0
[ 1115.782150]  ? retint_kernel+0x2d/0x2d
[ 1115.782172]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1115.782196]  ? retint_kernel+0x2d/0x2d
[ 1115.782208]  ? warn_alloc+0xf0/0xf0
[ 1115.782219]  ? check_preemption_disabled+0x3c/0x250
[ 1115.782226]  ? retint_kernel+0x2d/0x2d
[ 1115.782250]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1115.782257]  ? retint_kernel+0x2d/0x2d
[ 1115.782269]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1115.785527]  0
[ 1115.788474]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1115.788491]  ? check_preemption_disabled+0x3c/0x250
[ 1115.788500]  ? retint_kernel+0x2d/0x2d
[ 1115.788514]  alloc_pages_current+0xec/0x1e0
[ 1115.788529]  kvm_mmu_create+0xdf/0x1e0
[ 1115.792651]  0
[ 1115.797358]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1115.797379]  kvm_vcpu_init+0x272/0x360
[ 1115.797391]  vmx_create_vcpu+0xfc/0x2aa0
[ 1115.797403]  ? mutex_trylock+0x1c0/0x1c0
[ 1115.802940]  0
[ 1115.804287]  ? handle_rdmsr+0x6e0/0x6e0
[ 1115.804302]  ? wait_for_completion+0x420/0x420
[ 1115.804317]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1115.804331]  kvm_vm_ioctl+0x501/0x1600
[ 1115.808359]  0
[ 1115.813069]  ? __lock_acquire+0x5f7/0x4620
[ 1115.813079]  ? mark_held_locks+0xb1/0x100
[ 1115.813093]  ? kvm_vcpu_release+0xa0/0xa0
[ 1115.813102]  ? retint_kernel+0x2d/0x2d
[ 1115.813113]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1115.813124]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1115.813140]  ? check_preemption_disabled+0x3c/0x250
[ 1115.820677]  ? retint_kernel+0x2d/0x2d
[ 1115.820696]  ? selinux_file_ioctl+0x19a/0x560
[ 1115.820706]  ? selinux_file_ioctl+0x1ca/0x560
[ 1115.820718]  ? kvm_vcpu_release+0xa0/0xa0
[ 1115.820729]  do_vfs_ioctl+0x7ae/0x1060
[ 1115.820742]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1115.825938] Node 0 
[ 1115.831120]  ? lock_downgrade+0x740/0x740
[ 1115.831136]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1115.831149]  ? __fget+0x237/0x370
[ 1115.831166]  ? security_file_ioctl+0x89/0xb0
[ 1115.831177]  SyS_ioctl+0x8f/0xc0
[ 1115.831186]  ? do_vfs_ioctl+0x1060/0x1060
[ 1115.831200]  do_syscall_64+0x1e8/0x640
[ 1115.831209]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1115.831225]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1115.836491] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1115.839942] RIP: 0033:0x45c429
[ 1115.839948] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1115.839959] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1115.839965] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1115.839971] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1115.839975] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1115.839980] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1116.024727] syz-executor.5: 
[ 1116.044246] lowmem_reserve[]: 0 0 0 0 0
[ 1116.044272] Node 1 Normal free:1852372kB min:53504kB low:66880kB high:80256kB active_anon:1429684kB inactive_anon:18552kB active_file:55448kB inactive_file:24500kB unevictable:0kB writepending:808kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27936kB bounce:0kB free_pcp:1072kB local_pcp:620kB free_cma:0kB
[ 1116.044295] lowmem_reserve[]: 0 0 0 0 0
[ 1116.056006] page allocation failure: order:0
[ 1116.058981] Node 0 DMA: 12*4kB 
[ 1116.074102] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1116.081261] (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1116.081327] Node 0 DMA32: 732*4kB (UME) 554*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 31472kB
[ 1116.081402] Node 0 Normal: 0*4kB 
[ 1116.084865] (null)
[ 1116.088448] 0*8kB 0*16kB 0*32kB 0*64kB 
[ 1116.119695] syz-executor.5 cpuset=
[ 1116.127671] 0*128kB 
[ 1116.131513] syz5
[ 1116.137020] 0*256kB 
[ 1116.153907]  mems_allowed=0-1
[ 1116.165857] 0*512kB 
[ 1116.169462] CPU: 1 PID: 11197 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1116.172903] 0*1024kB 
[ 1116.175623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1116.179281] 0*2048kB 
[ 1116.181491] Call Trace:
[ 1116.181514]  dump_stack+0x142/0x197
[ 1116.181528]  warn_alloc.cold+0x96/0x1af
[ 1116.181567]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1116.183580] 0*4096kB 
[ 1116.185987]  ? wait_for_completion+0x420/0x420
[ 1116.189152] = 0kB
[ 1116.191497]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1116.191522]  ? warn_alloc+0xf0/0xf0
[ 1116.191540]  ? __might_sleep+0x93/0xb0
[ 1116.191550]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1116.191561]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1116.191571]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1116.191590]  alloc_pages_current+0xec/0x1e0
[ 1116.191604]  kvm_mmu_create+0xdf/0x1e0
[ 1116.191620]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1116.199885] Node 1 
[ 1116.202019]  kvm_vcpu_init+0x272/0x360
[ 1116.202038]  vmx_create_vcpu+0xfc/0x2aa0
[ 1116.202052]  ? mutex_trylock+0x1c0/0x1c0
[ 1116.213396] Normal: 
[ 1116.215765]  ? handle_rdmsr+0x6e0/0x6e0
[ 1116.218780] 236*4kB 
[ 1116.221948]  ? wait_for_completion+0x420/0x420
[ 1116.221965]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1116.221981]  kvm_vm_ioctl+0x501/0x1600
[ 1116.221995]  ? __lock_acquire+0x5f7/0x4620
[ 1116.319356]  ? kvm_vcpu_release+0xa0/0xa0
[ 1116.323499]  ? trace_hardirqs_on+0x10/0x10
[ 1116.327755]  ? trace_hardirqs_on+0x10/0x10
[ 1116.331997]  ? __might_fault+0x110/0x1d0
[ 1116.336070]  ? save_trace+0x290/0x290
[ 1116.339865]  ? __might_fault+0x110/0x1d0
[ 1116.343919]  ? __fget+0x210/0x370
[ 1116.347452]  ? find_held_lock+0x35/0x130
[ 1116.351534]  ? __fget+0x210/0x370
[ 1116.354986]  ? kvm_vcpu_release+0xa0/0xa0
[ 1116.359141]  do_vfs_ioctl+0x7ae/0x1060
[ 1116.363038]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1116.368193]  ? lock_downgrade+0x740/0x740
[ 1116.372349]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1116.376769]  ? __fget+0x237/0x370
[ 1116.380319]  ? security_file_ioctl+0x89/0xb0
[ 1116.384748]  SyS_ioctl+0x8f/0xc0
[ 1116.388126]  ? do_vfs_ioctl+0x1060/0x1060
[ 1116.392285]  do_syscall_64+0x1e8/0x640
[ 1116.396375]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1116.401307]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1116.406530] RIP: 0033:0x45c429
[ 1116.409817] RSP: 002b:00007f7d63f2bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1116.417533] RAX: ffffffffffffffda RBX: 00007f7d63f2c6d4 RCX: 000000000045c429
[ 1116.424967] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1116.432241] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000
[ 1116.439528] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1116.446808] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076c06c
[ 1116.459022] (UM) 249*8kB (UM) 543*16kB (UME) 374*32kB (UME) 118*64kB (UME) 14*128kB (M) 18*256kB (UME) 13*512kB (ME) 2*1024kB (M) 2*2048kB (ME) 440*4096kB (M) = 1852584kB
05:09:04 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1116.481901] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1116.491195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1116.499846] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1116.513476] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1116.523016] 21495 total pagecache pages
[ 1116.527069] 0 pages in swap cache
05:09:04 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @dev={[], 0x1c}, 'bridge0\x00'}}, 0x1e)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0)

05:09:04 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, &(0x7f0000000280))

05:09:04 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
uname(&(0x7f0000000000)=""/19)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:09:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1116.531254] Swap cache stats: add 0, delete 0, find 0/0
[ 1116.540530] Free swap  = 0kB
[ 1116.543582] Total swap = 0kB
[ 1116.546622] 1965979 pages RAM
[ 1116.549753] 0 pages HighMem/MovableOnly
[ 1116.559468] 335854 pages reserved
[ 1116.563154] 0 pages cma reserved
05:09:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1116.687066] syz-executor.4: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1116.705351] syz-executor.4 cpuset=syz4 mems_allowed=0-1
[ 1116.718332] CPU: 1 PID: 11216 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
[ 1116.733157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1116.742663] Call Trace:
[ 1116.745265]  dump_stack+0x142/0x197
[ 1116.749347]  warn_alloc.cold+0x96/0x1af
[ 1116.753342]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1116.758222]  ? wait_for_completion+0x420/0x420
[ 1116.762827]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1116.767911]  ? warn_alloc+0xf0/0xf0
[ 1116.771559]  ? __might_sleep+0x93/0xb0
[ 1116.775460]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1116.780519]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1116.785570]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1116.790608]  alloc_pages_current+0xec/0x1e0
[ 1116.795069]  kvm_mmu_create+0xdf/0x1e0
[ 1116.798974]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1116.803310]  kvm_vcpu_init+0x272/0x360
[ 1116.807215]  vmx_create_vcpu+0xfc/0x2aa0
[ 1116.811288]  ? mutex_trylock+0x1c0/0x1c0
[ 1116.815370]  ? handle_rdmsr+0x6e0/0x6e0
[ 1116.819352]  ? wait_for_completion+0x420/0x420
[ 1116.823951]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1116.828425]  kvm_vm_ioctl+0x501/0x1600
[ 1116.832531]  ? __lock_acquire+0x5f7/0x4620
[ 1116.836885]  ? get_unused_fd_flags+0xd0/0xd0
[ 1116.841314]  ? kvm_vcpu_release+0xa0/0xa0
[ 1116.845474]  ? trace_hardirqs_on+0x10/0x10
[ 1116.849860]  ? trace_hardirqs_on+0x10/0x10
[ 1116.854106]  ? __might_fault+0x110/0x1d0
[ 1116.858187]  ? save_trace+0x290/0x290
[ 1116.862098]  ? __might_fault+0x110/0x1d0
[ 1116.866175]  ? __fget+0x210/0x370
[ 1116.870260]  ? find_held_lock+0x35/0x130
[ 1116.874330]  ? __fget+0x210/0x370
[ 1116.877792]  ? kvm_vcpu_release+0xa0/0xa0
[ 1116.882069]  do_vfs_ioctl+0x7ae/0x1060
[ 1116.885970]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1116.891428]  ? lock_downgrade+0x740/0x740
[ 1116.895584]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1116.900126]  ? __fget+0x237/0x370
[ 1116.903747]  ? security_file_ioctl+0x89/0xb0
[ 1116.908178]  SyS_ioctl+0x8f/0xc0
[ 1116.911551]  ? do_vfs_ioctl+0x1060/0x1060
[ 1116.915708]  do_syscall_64+0x1e8/0x640
[ 1116.919624]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1116.924579]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1116.929786] RIP: 0033:0x45c429
05:09:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1116.932996] RSP: 002b:00007f089fab0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1116.940829] RAX: ffffffffffffffda RBX: 00007f089fab16d4 RCX: 000000000045c429
[ 1116.948344] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1116.955632] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1116.962918] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1116.970201] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:09:04 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, &(0x7f0000000280))

05:09:04 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1117.011818] warn_alloc_show_mem: 2 callbacks suppressed
[ 1117.011821] Mem-Info:
[ 1117.020138] active_anon:837626 inactive_anon:4834 isolated_anon:0
[ 1117.020138]  active_file:14326 inactive_file:6902 isolated_file:0
[ 1117.020138]  unevictable:0 dirty:263 writeback:0 unstable:0
[ 1117.020138]  slab_reclaimable:17888 slab_unreclaimable:151783
[ 1117.020138]  mapped:59407 shmem:255 pagetables:16928 bounce:0
[ 1117.020138]  free:472793 free_pcp:333 free_cma:0
05:09:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1117.159891] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1117.206291] Node 1 active_anon:1429864kB inactive_anon:18556kB active_file:55448kB inactive_file:24576kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26948kB dirty:980kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1117.269142] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1117.298267] lowmem_reserve[]: 0 2569 2569 2569 2569
05:09:05 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:05 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:05 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1117.305028] Node 0 DMA32 free:32256kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:372kB local_pcp:184kB free_cma:0kB
[ 1117.371689] lowmem_reserve[]: 0 0 0 0 0
[ 1117.375897] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1117.426199] lowmem_reserve[]: 0 0 0 0 0
05:09:05 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1117.449342] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1117.463301] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1117.466559] Node 1 
[ 1117.469630] CPU: 1 PID: 11249 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1117.479886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1117.489906] Call Trace:
[ 1117.492510]  dump_stack+0x142/0x197
[ 1117.492650] Normal free:1847708kB min:53504kB low:66880kB high:80256kB active_anon:1429864kB inactive_anon:18556kB active_file:55448kB inactive_file:24576kB unevictable:0kB writepending:980kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13952kB pagetables:28000kB bounce:0kB free_pcp:1032kB local_pcp:384kB free_cma:0kB
[ 1117.496150]  warn_alloc.cold+0x96/0x1af
[ 1117.496162]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1117.496183]  ? wait_for_completion+0x420/0x420
[ 1117.539413]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1117.544541]  ? warn_alloc+0xf0/0xf0
[ 1117.548216]  ? __might_sleep+0x93/0xb0
[ 1117.550052] lowmem_reserve[]:
[ 1117.552250]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1117.552267]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1117.552279]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1117.552300]  alloc_pages_current+0xec/0x1e0
[ 1117.555534]  0
[ 1117.560242]  kvm_mmu_create+0xdf/0x1e0
[ 1117.560257]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1117.560273]  kvm_vcpu_init+0x272/0x360
[ 1117.560285]  vmx_create_vcpu+0xfc/0x2aa0
[ 1117.560296]  ? mutex_trylock+0x1c0/0x1c0
[ 1117.560311]  ? handle_rdmsr+0x6e0/0x6e0
[ 1117.560322]  ? wait_for_completion+0x420/0x420
[ 1117.560334]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1117.560347]  kvm_vm_ioctl+0x501/0x1600
[ 1117.566008]  0
[ 1117.570406]  ? __lock_acquire+0x5f7/0x4620
[ 1117.570415]  ? find_held_lock+0x35/0x130
[ 1117.570430]  ? kvm_vcpu_release+0xa0/0xa0
[ 1117.570441]  ? trace_hardirqs_on+0x10/0x10
[ 1117.570455]  ? trace_hardirqs_on+0x10/0x10
[ 1117.570470]  ? __might_fault+0x110/0x1d0
[ 1117.570480]  ? save_trace+0x290/0x290
[ 1117.570490]  ? __might_fault+0x110/0x1d0
[ 1117.570504]  ? __fget+0x210/0x370
[ 1117.576879]  0
[ 1117.580639]  ? find_held_lock+0x35/0x130
[ 1117.580653]  ? __fget+0x210/0x370
[ 1117.580666]  ? kvm_vcpu_release+0xa0/0xa0
[ 1117.580678]  do_vfs_ioctl+0x7ae/0x1060
[ 1117.580691]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1117.580699]  ? lock_downgrade+0x740/0x740
[ 1117.580709]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1117.580720]  ? __fget+0x237/0x370
[ 1117.580736]  ? security_file_ioctl+0x89/0xb0
[ 1117.587275]  0
[ 1117.590475]  SyS_ioctl+0x8f/0xc0
[ 1117.590485]  ? do_vfs_ioctl+0x1060/0x1060
[ 1117.590499]  do_syscall_64+0x1e8/0x640
[ 1117.590509]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1117.590526]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1117.590534] RIP: 0033:0x45c429
[ 1117.590539] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1117.590548] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1117.590556] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1117.594722]  0
[ 1117.598666] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1117.598672] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1117.598677] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1117.768064] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1117.782118] syz-executor.5: 
[ 1117.782736] Node 0 
[ 1117.783199] page allocation failure: order:0
[ 1117.785761] DMA32: 732*4kB (UME) 671*8kB (UMH) 365*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32408kB
[ 1117.785842] Node 0 
[ 1117.788260] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1117.792601] Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1117.792650] Node 1 Normal: 198*4kB (UME) 265*8kB (UME) 588*16kB (UME) 377*32kB (UME) 120*64kB (UM) 14*128kB (M) 16*256kB (M) 13*512kB (ME) 3*1024kB (UM) 3*2048kB (UME) 438*4096kB (M) = 1847872kB
05:09:05 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:05 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x0, &(0x7f0000000280))

05:09:05 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1117.792737] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1117.792744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1117.792752] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1117.792758] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1117.792761] 21506 total pagecache pages
[ 1117.792771] 0 pages in swap cache
[ 1117.792777] Swap cache stats: add 0, delete 0, find 0/0
[ 1117.792781] Free swap  = 0kB
[ 1117.792785] Total swap = 0kB
05:09:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1117.792791] 1965979 pages RAM
[ 1117.792795] 0 pages HighMem/MovableOnly
[ 1117.792799] 335854 pages reserved
[ 1117.792802] 0 pages cma reserved
[ 1117.869682] nla_parse: 10 callbacks suppressed
[ 1117.869688] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1117.888669] (null)
[ 1117.940406] syz-executor.5 cpuset=syz5 mems_allowed=0-1
05:09:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1117.946719] CPU: 1 PID: 11252 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1117.955118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1117.964601] Call Trace:
[ 1117.967201]  dump_stack+0x142/0x197
[ 1117.970627] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1117.970841]  warn_alloc.cold+0x96/0x1af
[ 1117.970850]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1117.970860]  ? check_preemption_disabled+0x3c/0x250
[ 1117.970884]  __alloc_pages_slowpath+0x23c6/0x2930
05:09:05 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

[ 1117.998807]  ? warn_alloc+0xf0/0xf0
[ 1118.002946]  ? __might_sleep+0x93/0xb0
[ 1118.006869]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1118.011562]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1118.016079] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1118.016592]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1118.016613]  alloc_pages_current+0xec/0x1e0
[ 1118.034474]  kvm_mmu_create+0xdf/0x1e0
[ 1118.038384]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1118.042756]  kvm_vcpu_init+0x272/0x360
[ 1118.046671]  vmx_create_vcpu+0xfc/0x2aa0
[ 1118.050755]  ? mutex_trylock+0x1c0/0x1c0
[ 1118.054835]  ? retint_kernel+0x2d/0x2d
[ 1118.058747]  ? handle_rdmsr+0x6e0/0x6e0
[ 1118.062769]  ? wait_for_completion+0x420/0x420
[ 1118.067385]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1118.071735]  kvm_vm_ioctl+0x501/0x1600
[ 1118.075636]  ? __lock_acquire+0x5f7/0x4620
[ 1118.079914]  ? do_futex+0x21d/0x19e0
[ 1118.083680]  ? kvm_vcpu_release+0xa0/0xa0
[ 1118.087851]  ? retint_kernel+0x2d/0x2d
[ 1118.091771]  ? retint_kernel+0x2d/0x2d
[ 1118.095716]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1118.100750]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1118.105732]  ? check_preemption_disabled+0x3c/0x250
[ 1118.111194]  ? retint_kernel+0x2d/0x2d
[ 1118.115402]  ? do_vfs_ioctl+0xd29/0x1060
[ 1118.119601]  ? kvm_vcpu_release+0xa0/0xa0
[ 1118.123768]  do_vfs_ioctl+0x7ae/0x1060
[ 1118.127670]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1118.132439]  ? lock_downgrade+0x740/0x740
[ 1118.136836]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1118.141353]  ? __fget+0x237/0x370
[ 1118.144918]  ? security_file_ioctl+0x89/0xb0
[ 1118.149703]  SyS_ioctl+0x8f/0xc0
[ 1118.153062]  ? do_vfs_ioctl+0x1060/0x1060
[ 1118.157399]  do_syscall_64+0x1e8/0x640
[ 1118.161499]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1118.166995]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1118.172340] RIP: 0033:0x45c429
[ 1118.175549] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1118.183678] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1118.191050] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1118.198444] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1118.205813] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1118.213336] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1118.236329] warn_alloc_show_mem: 1 callbacks suppressed
[ 1118.236333] Mem-Info:
[ 1118.244968] active_anon:837602 inactive_anon:4832 isolated_anon:0
[ 1118.244968]  active_file:14324 inactive_file:6934 isolated_file:0
[ 1118.244968]  unevictable:0 dirty:295 writeback:0 unstable:0
[ 1118.244968]  slab_reclaimable:17917 slab_unreclaimable:151665
[ 1118.244968]  mapped:59409 shmem:255 pagetables:16894 bounce:0
[ 1118.244968]  free:472954 free_pcp:365 free_cma:0
[ 1118.279917] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1118.308654] Node 1 active_anon:1429628kB inactive_anon:18544kB active_file:55440kB inactive_file:24612kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26900kB dirty:1068kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1118.337330] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1118.365194] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1118.370493] Node 0 DMA32 free:32440kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:372kB local_pcp:184kB free_cma:0kB
[ 1118.400359] lowmem_reserve[]: 0 0 0 0 0
[ 1118.404339] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1118.430187] lowmem_reserve[]: 0 0 0 0 0
[ 1118.434211] Node 1 Normal free:1849544kB min:53504kB low:66880kB high:80256kB active_anon:1429588kB inactive_anon:18552kB active_file:55448kB inactive_file:24624kB unevictable:0kB writepending:1076kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27788kB bounce:0kB free_pcp:1072kB local_pcp:392kB free_cma:0kB
[ 1118.464901] lowmem_reserve[]: 0 0 0 0 0
[ 1118.468959] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1118.483450] Node 0 DMA32: 732*4kB (UME) 673*8kB (UMH) 366*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32440kB
[ 1118.499229] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1118.510181] Node 1 Normal: 335*4kB (UME) 305*8kB (UME) 627*16kB (UME) 387*32kB (UME) 120*64kB (UM) 14*128kB (M) 16*256kB (M) 13*512kB (ME) 3*1024kB (UM) 3*2048kB (UME) 438*4096kB (M) = 1849684kB
[ 1118.527903] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1118.536866] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1118.545515] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:09:06 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:06 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

05:09:06 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:06 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:06 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:06 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[0x0])

[ 1118.555364] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1118.564174] 21521 total pagecache pages
[ 1118.568162] 0 pages in swap cache
[ 1118.571827] Swap cache stats: add 0, delete 0, find 0/0
[ 1118.577189] Free swap  = 0kB
[ 1118.580378] Total swap = 0kB
[ 1118.583418] 1965979 pages RAM
[ 1118.586510] 0 pages HighMem/MovableOnly
[ 1118.590580] 335854 pages reserved
[ 1118.594160] 0 pages cma reserved
05:09:06 executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0)

[ 1118.661989] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1118.697602] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1118.704095] CPU: 1 PID: 11300 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
05:09:06 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1118.712011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1118.721372] Call Trace:
[ 1118.723982]  dump_stack+0x142/0x197
[ 1118.727786]  warn_alloc.cold+0x96/0x1af
[ 1118.731779]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1118.736644]  ? wait_for_completion+0x420/0x420
[ 1118.741342]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1118.746374]  ? warn_alloc+0xf0/0xf0
[ 1118.750045]  ? __might_sleep+0x93/0xb0
[ 1118.753957]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1118.758654]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1118.763783]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1118.769055]  alloc_pages_current+0xec/0x1e0
[ 1118.773372]  kvm_mmu_create+0xdf/0x1e0
[ 1118.777255]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1118.781619]  kvm_vcpu_init+0x272/0x360
[ 1118.785516]  vmx_create_vcpu+0xfc/0x2aa0
[ 1118.789582]  ? mutex_trylock+0x1c0/0x1c0
[ 1118.793654]  ? handle_rdmsr+0x6e0/0x6e0
[ 1118.797640]  ? wait_for_completion+0x420/0x420
[ 1118.802610]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1118.806983]  kvm_vm_ioctl+0x501/0x1600
05:09:06 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)

[ 1118.810921]  ? __lock_acquire+0x5f7/0x4620
[ 1118.815288]  ? find_held_lock+0x35/0x130
[ 1118.819383]  ? kvm_vcpu_release+0xa0/0xa0
[ 1118.823660]  ? trace_hardirqs_on+0x10/0x10
[ 1118.827966]  ? trace_hardirqs_on+0x10/0x10
[ 1118.832209]  ? __might_fault+0x110/0x1d0
[ 1118.836284]  ? save_trace+0x290/0x290
[ 1118.840096]  ? __might_fault+0x110/0x1d0
[ 1118.844168]  ? __fget+0x210/0x370
[ 1118.847635]  ? find_held_lock+0x35/0x130
[ 1118.851711]  ? __fget+0x210/0x370
[ 1118.855319]  ? kvm_vcpu_release+0xa0/0xa0
[ 1118.859477]  do_vfs_ioctl+0x7ae/0x1060
[ 1118.863359]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1118.868107]  ? lock_downgrade+0x740/0x740
[ 1118.872266]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1118.876672]  ? __fget+0x237/0x370
[ 1118.880119]  ? security_file_ioctl+0x89/0xb0
[ 1118.884533]  SyS_ioctl+0x8f/0xc0
[ 1118.887948]  ? do_vfs_ioctl+0x1060/0x1060
[ 1118.892260]  do_syscall_64+0x1e8/0x640
[ 1118.896164]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1118.901023]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1118.906224] RIP: 0033:0x45c429
05:09:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

[ 1118.909415] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1118.917239] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1118.924524] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1118.931814] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1118.939100] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1118.947511] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:09:06 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

05:09:06 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

[ 1119.138654] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1119.152282] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1119.157893] CPU: 0 PID: 11308 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1119.166669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1119.176544] Call Trace:
[ 1119.179158]  dump_stack+0x142/0x197
[ 1119.182801]  warn_alloc.cold+0x96/0x1af
[ 1119.186798]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1119.191816]  ? check_preemption_disabled+0x3c/0x250
[ 1119.196853]  ? retint_kernel+0x2d/0x2d
[ 1119.200943]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1119.206093]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1119.210887]  ? warn_alloc+0xf0/0xf0
[ 1119.214743]  ? __might_sleep+0x93/0xb0
[ 1119.218644]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1119.223343]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1119.228386]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1119.233426]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1119.238206]  alloc_pages_current+0xec/0x1e0
[ 1119.242536]  kvm_mmu_create+0xdf/0x1e0
[ 1119.246600]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1119.251039]  kvm_vcpu_init+0x272/0x360
[ 1119.255109]  vmx_create_vcpu+0xfc/0x2aa0
[ 1119.259582]  ? mutex_trylock+0x1c0/0x1c0
[ 1119.263915]  ? handle_rdmsr+0x6e0/0x6e0
[ 1119.267902]  ? wait_for_completion+0x420/0x420
[ 1119.272625]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1119.276955]  kvm_vm_ioctl+0x501/0x1600
[ 1119.280900]  ? __lock_acquire+0x5f7/0x4620
[ 1119.285339]  ? find_held_lock+0x35/0x130
[ 1119.289591]  ? kvm_vcpu_release+0xa0/0xa0
[ 1119.293749]  ? retint_kernel+0x2d/0x2d
[ 1119.297674]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1119.302845]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1119.307596]  ? check_preemption_disabled+0x3c/0x250
[ 1119.312791]  ? retint_kernel+0x2d/0x2d
[ 1119.316691]  ? selinux_file_ioctl+0x19a/0x560
[ 1119.321211]  ? selinux_file_ioctl+0x213/0x560
[ 1119.325954]  ? kvm_vcpu_release+0xa0/0xa0
[ 1119.330366]  do_vfs_ioctl+0x7ae/0x1060
[ 1119.334319]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1119.339080]  ? lock_downgrade+0x740/0x740
[ 1119.343242]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1119.347661]  ? __fget+0x237/0x370
[ 1119.351223]  ? security_file_ioctl+0x89/0xb0
[ 1119.355669]  SyS_ioctl+0x8f/0xc0
[ 1119.359056]  ? do_vfs_ioctl+0x1060/0x1060
[ 1119.363240]  do_syscall_64+0x1e8/0x640
[ 1119.367614]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1119.372472]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1119.377742] RIP: 0033:0x45c429
[ 1119.380944] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1119.388653] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1119.396157] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1119.403914] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1119.411216] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1119.418649] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1119.478972] warn_alloc_show_mem: 1 callbacks suppressed
[ 1119.479014] Mem-Info:
[ 1119.487182] active_anon:837603 inactive_anon:4834 isolated_anon:0
[ 1119.487182]  active_file:14328 inactive_file:6941 isolated_file:0
[ 1119.487182]  unevictable:0 dirty:280 writeback:0 unstable:0
[ 1119.487182]  slab_reclaimable:17935 slab_unreclaimable:151836
[ 1119.487182]  mapped:59407 shmem:255 pagetables:16882 bounce:0
[ 1119.487182]  free:472637 free_pcp:422 free_cma:0
[ 1119.523539] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:84kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1119.552746] Node 1 active_anon:1429732kB inactive_anon:18552kB active_file:55456kB inactive_file:24640kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1044kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1119.581063] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1119.607765] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1119.612988] Node 0 DMA32 free:32440kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:84kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:348kB local_pcp:164kB free_cma:0kB
[ 1119.643502] lowmem_reserve[]: 0 0 0 0 0
[ 1119.648168] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1119.674836] lowmem_reserve[]: 0 0 0 0 0
[ 1119.678952] Node 1 Normal free:1848772kB min:53504kB low:66880kB high:80256kB active_anon:1429612kB inactive_anon:18552kB active_file:55456kB inactive_file:24664kB unevictable:0kB writepending:1052kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13792kB pagetables:27804kB bounce:0kB free_pcp:1284kB local_pcp:680kB free_cma:0kB
[ 1119.709750] lowmem_reserve[]: 0 0 0 0 0
[ 1119.713811] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1119.728304] Node 0 DMA32: 732*4kB (UME) 673*8kB (UMH) 366*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32440kB
[ 1119.745175] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1119.756088] Node 1 Normal: 201*4kB (UME) 184*8kB (UME) 676*16kB (UME) 384*32kB (UME) 123*64kB (UME) 19*128kB (UME) 17*256kB (ME) 12*512kB (M) 2*1024kB (M) 3*2048kB (UME) 438*4096kB (M) = 1848420kB
[ 1119.774153] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1119.783204] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1119.792362] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1119.801408] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1119.810630] 21532 total pagecache pages
[ 1119.814638] 0 pages in swap cache
[ 1119.818103] Swap cache stats: add 0, delete 0, find 0/0
[ 1119.824832] Free swap  = 0kB
05:09:07 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

05:09:07 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[0x0])

05:09:07 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:07 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)

05:09:07 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

[ 1119.827873] Total swap = 0kB
[ 1119.830950] 1965979 pages RAM
[ 1119.834059] 0 pages HighMem/MovableOnly
[ 1119.838059] 335854 pages reserved
[ 1119.841568] 0 pages cma reserved
05:09:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

05:09:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

05:09:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

[ 1120.036272] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1120.068239] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1120.082217] CPU: 1 PID: 11343 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1120.090252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.094001] syz-executor.5: 
[ 1120.099816] Call Trace:
[ 1120.099838]  dump_stack+0x142/0x197
[ 1120.099851]  warn_alloc.cold+0x96/0x1af
[ 1120.099861]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1120.099881]  ? wait_for_completion+0x420/0x420
[ 1120.099896]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1120.099919]  ? warn_alloc+0xf0/0xf0
[ 1120.099939]  ? __might_sleep+0x93/0xb0
[ 1120.099951]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1120.099971]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1120.103429] page allocation failure: order:0
[ 1120.105595]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1120.105619]  alloc_pages_current+0xec/0x1e0
[ 1120.105636]  kvm_mmu_create+0xdf/0x1e0
[ 1120.105649]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1120.105666]  kvm_vcpu_init+0x272/0x360
[ 1120.109657] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1120.113431]  vmx_create_vcpu+0xfc/0x2aa0
[ 1120.113444]  ? mutex_trylock+0x1c0/0x1c0
[ 1120.113460]  ? handle_rdmsr+0x6e0/0x6e0
[ 1120.113475]  ? wait_for_completion+0x420/0x420
[ 1120.113497]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1120.113510]  kvm_vm_ioctl+0x501/0x1600
[ 1120.113521]  ? __lock_acquire+0x5f7/0x4620
[ 1120.113528]  ? find_held_lock+0x35/0x130
[ 1120.113541]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.118736] (null)
[ 1120.123092]  ? trace_hardirqs_on+0x10/0x10
[ 1120.123109]  ? trace_hardirqs_on+0x10/0x10
[ 1120.123123]  ? __might_fault+0x110/0x1d0
[ 1120.123132]  ? save_trace+0x290/0x290
05:09:07 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)

05:09:07 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[0x0])

[ 1120.123141]  ? __might_fault+0x110/0x1d0
[ 1120.123154]  ? __fget+0x210/0x370
[ 1120.123162]  ? find_held_lock+0x35/0x130
[ 1120.123172]  ? __fget+0x210/0x370
[ 1120.123187]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.123198]  do_vfs_ioctl+0x7ae/0x1060
[ 1120.123215]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1120.128479] syz-executor.5 cpuset=
[ 1120.131834]  ? lock_downgrade+0x740/0x740
[ 1120.131851]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1120.131863]  ? __fget+0x237/0x370
[ 1120.131882]  ? security_file_ioctl+0x89/0xb0
[ 1120.131892]  SyS_ioctl+0x8f/0xc0
[ 1120.131902]  ? do_vfs_ioctl+0x1060/0x1060
[ 1120.131915]  do_syscall_64+0x1e8/0x640
[ 1120.131924]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1120.131941]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1120.139808] syz5
[ 1120.140503] RIP: 0033:0x45c429
[ 1120.145956]  mems_allowed=0-1
[ 1120.150132] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
05:09:08 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1120.150148] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1120.150153] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1120.150158] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1120.150163] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1120.150168] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1120.370385] CPU: 0 PID: 11351 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1120.378387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.385172] syz-executor.2: 
[ 1120.388966] Call Trace:
[ 1120.388989]  dump_stack+0x142/0x197
[ 1120.389005]  warn_alloc.cold+0x96/0x1af
[ 1120.389016]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1120.389036]  ? wait_for_completion+0x420/0x420
[ 1120.389052]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1120.389079]  ? warn_alloc+0xf0/0xf0
[ 1120.409503] page allocation failure: order:0
[ 1120.411661]  ? __might_sleep+0x93/0xb0
[ 1120.411676]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1120.411688]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1120.411701]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1120.411716]  ? check_preemption_disabled+0x3c/0x250
[ 1120.411733]  alloc_pages_current+0xec/0x1e0
[ 1120.411748]  kvm_mmu_create+0xdf/0x1e0
[ 1120.411760]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1120.411774]  kvm_vcpu_init+0x272/0x360
[ 1120.411787]  vmx_create_vcpu+0xfc/0x2aa0
[ 1120.411798]  ? mutex_trylock+0x1c0/0x1c0
[ 1120.411813]  ? handle_rdmsr+0x6e0/0x6e0
[ 1120.411823]  ? wait_for_completion+0x420/0x420
[ 1120.411834]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1120.411846]  kvm_vm_ioctl+0x501/0x1600
[ 1120.419047] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1120.420371]  ? __lock_acquire+0x5f7/0x4620
[ 1120.420382]  ? get_unused_fd_flags+0xd0/0xd0
[ 1120.420394]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.420403]  ? trace_hardirqs_on+0x10/0x10
[ 1120.420417]  ? trace_hardirqs_on+0x10/0x10
[ 1120.420429]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1120.420441]  ? save_trace+0x290/0x290
[ 1120.420454]  ? __fget+0x210/0x370
[ 1120.420464]  ? find_held_lock+0x35/0x130
05:09:08 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1120.420472]  ? __fget+0x210/0x370
[ 1120.420484]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.420495]  do_vfs_ioctl+0x7ae/0x1060
[ 1120.420507]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1120.420517]  ? lock_downgrade+0x740/0x740
[ 1120.428831] (null)
[ 1120.433507]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1120.433522]  ? __fget+0x237/0x370
[ 1120.433541]  ? security_file_ioctl+0x89/0xb0
[ 1120.433554]  SyS_ioctl+0x8f/0xc0
[ 1120.433564]  ? do_vfs_ioctl+0x1060/0x1060
[ 1120.433578]  do_syscall_64+0x1e8/0x640
[ 1120.433588]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1120.433604]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1120.433611] RIP: 0033:0x45c429
[ 1120.433615] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1120.433625] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1120.433630] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1120.433635] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1120.433640] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1120.433645] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1120.646969] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1120.657041] CPU: 1 PID: 11377 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1120.665044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.674415] Call Trace:
[ 1120.677019]  dump_stack+0x142/0x197
[ 1120.680671]  warn_alloc.cold+0x96/0x1af
[ 1120.684665]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1120.689543]  ? wait_for_completion+0x420/0x420
[ 1120.694154]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1120.699035]  ? warn_alloc+0xf0/0xf0
[ 1120.702720]  ? __might_sleep+0x93/0xb0
[ 1120.706645]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1120.710801] syz-executor.5: 
[ 1120.711329]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1120.711343]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1120.711365]  alloc_pages_current+0xec/0x1e0
[ 1120.711379]  kvm_mmu_create+0xdf/0x1e0
[ 1120.714779] page allocation failure: order:0
[ 1120.719550]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1120.719567]  kvm_vcpu_init+0x272/0x360
[ 1120.719581]  vmx_create_vcpu+0xfc/0x2aa0
[ 1120.719593]  ? mutex_trylock+0x1c0/0x1c0
[ 1120.719610]  ? handle_rdmsr+0x6e0/0x6e0
[ 1120.719620]  ? wait_for_completion+0x420/0x420
[ 1120.719633]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1120.719648]  kvm_vm_ioctl+0x501/0x1600
[ 1120.725759] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1120.729145]  ? __lock_acquire+0x5f7/0x4620
[ 1120.729154]  ? find_held_lock+0x35/0x130
[ 1120.729170]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.729180]  ? trace_hardirqs_on+0x10/0x10
[ 1120.729196]  ? trace_hardirqs_on+0x10/0x10
[ 1120.729209]  ? __might_fault+0x110/0x1d0
[ 1120.729218]  ? save_trace+0x290/0x290
[ 1120.729228]  ? __might_fault+0x110/0x1d0
[ 1120.729240]  ? __fget+0x210/0x370
[ 1120.729252]  ? find_held_lock+0x35/0x130
[ 1120.733545] (null)
[ 1120.737672]  ? __fget+0x210/0x370
[ 1120.737686]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.737699]  do_vfs_ioctl+0x7ae/0x1060
[ 1120.737713]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1120.737723]  ? lock_downgrade+0x740/0x740
[ 1120.737733]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1120.737745]  ? __fget+0x237/0x370
[ 1120.737763]  ? security_file_ioctl+0x89/0xb0
[ 1120.737778]  SyS_ioctl+0x8f/0xc0
[ 1120.743182] syz-executor.5 cpuset=
[ 1120.746167]  ? do_vfs_ioctl+0x1060/0x1060
[ 1120.746181]  do_syscall_64+0x1e8/0x640
[ 1120.746191]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1120.746209]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1120.746218] RIP: 0033:0x45c429
[ 1120.746229] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1120.746241] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1120.746246] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1120.746252] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1120.746260] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1120.750890] syz5
[ 1120.754510] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1120.758901]  mems_allowed=0-1
05:09:08 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)

05:09:08 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

05:09:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)

[ 1120.779313] warn_alloc_show_mem: 2 callbacks suppressed
[ 1120.779317] Mem-Info:
[ 1120.784739] CPU: 0 PID: 11382 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1120.810484] active_anon:837622 inactive_anon:4834 isolated_anon:0
[ 1120.810484]  active_file:14326 inactive_file:6941 isolated_file:0
[ 1120.810484]  unevictable:0 dirty:301 writeback:0 unstable:0
[ 1120.810484]  slab_reclaimable:17932 slab_unreclaimable:151843
[ 1120.810484]  mapped:59434 shmem:255 pagetables:16895 bounce:0
[ 1120.810484]  free:472573 free_pcp:375 free_cma:0
05:09:08 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1120.813236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.816711] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1120.820848] Call Trace:
[ 1120.820870]  dump_stack+0x142/0x197
[ 1120.820883]  warn_alloc.cold+0x96/0x1af
05:09:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)

[ 1120.820891]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1120.820903]  ? retint_kernel+0x2d/0x2d
[ 1120.820915]  ? wait_for_completion+0x420/0x420
[ 1120.820929]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1120.820951]  ? warn_alloc+0xf0/0xf0
[ 1120.823181] Node 1 active_anon:1429808kB inactive_anon:18552kB active_file:55448kB inactive_file:24696kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27000kB dirty:1092kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1120.826530]  ? __might_sleep+0x93/0xb0
[ 1120.830827] Node 0 
[ 1120.834576]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1120.839338] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1120.843478]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1120.843490]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1120.843508]  alloc_pages_current+0xec/0x1e0
05:09:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1120.843523]  kvm_mmu_create+0xdf/0x1e0
[ 1120.843541]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1120.843554]  kvm_vcpu_init+0x272/0x360
[ 1120.843565]  vmx_create_vcpu+0xfc/0x2aa0
[ 1120.843574]  ? retint_kernel+0x2d/0x2d
[ 1120.843589]  ? handle_rdmsr+0x6e0/0x6e0
[ 1120.843601]  ? vmx_create_vcpu+0xe/0x2aa0
[ 1120.855824] lowmem_reserve[]:
[ 1120.856060]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1120.859427]  0
[ 1120.862976]  kvm_vm_ioctl+0x501/0x1600
[ 1120.862988]  ? __lock_acquire+0x5f7/0x4620
[ 1120.862998]  ? get_unused_fd_flags+0xd0/0xd0
[ 1120.863009]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.863017]  ? trace_hardirqs_on+0x10/0x10
[ 1120.863030]  ? trace_hardirqs_on+0x10/0x10
[ 1120.863041]  ? __might_fault+0x110/0x1d0
[ 1120.863051]  ? save_trace+0x290/0x290
[ 1120.863060]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1120.863070]  ? __fget+0x210/0x370
[ 1120.863079]  ? find_held_lock+0x35/0x130
[ 1120.863087]  ? __fget+0x210/0x370
[ 1120.863099]  ? kvm_vcpu_release+0xa0/0xa0
[ 1120.863108]  do_vfs_ioctl+0x7ae/0x1060
[ 1120.863121]  ? selinux_file_mprotect+0x5d0/0x5d0
05:09:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

05:09:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

[ 1120.868763]  2569
[ 1120.871183]  ? lock_downgrade+0x740/0x740
[ 1120.871197]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1120.871208]  ? __fget+0x237/0x370
[ 1120.871224]  ? security_file_ioctl+0x89/0xb0
[ 1120.871236]  SyS_ioctl+0x8f/0xc0
[ 1120.871245]  ? do_vfs_ioctl+0x1060/0x1060
[ 1120.871258]  do_syscall_64+0x1e8/0x640
[ 1120.871267]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1120.871283]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1120.871293] RIP: 0033:0x45c429
05:09:09 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0)

[ 1120.871298] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1120.871308] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1120.871316] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1120.884279]  2569
[ 1120.884622] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1120.896262]  2569
[ 1120.901438] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1120.901445] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1121.349060]  2569
[ 1121.352145] Node 0 DMA32 free:32456kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:380kB local_pcp:208kB free_cma:0kB
[ 1121.382542] lowmem_reserve[]: 0 0 0 0 0
[ 1121.386671] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1121.412305] lowmem_reserve[]: 0 0 0 0 0
[ 1121.416321] Node 1 Normal free:1846620kB min:53504kB low:66880kB high:80256kB active_anon:1430004kB inactive_anon:18544kB active_file:55448kB inactive_file:24724kB unevictable:0kB writepending:1144kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14144kB pagetables:28248kB bounce:0kB free_pcp:1204kB local_pcp:680kB free_cma:0kB
[ 1121.454354] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1121.463778] lowmem_reserve[]: 0 0 0 0 0
[ 1121.467802] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
05:09:09 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1121.500234] Node 0 DMA32: 732*4kB (UME) 671*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32440kB
[ 1121.516380] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1121.541939] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1121.547456] Node 1 Normal: 341*4kB (UME) 178*8kB (UME) 558*16kB (UM) 377*32kB (UME) 127*64kB (UME) 18*128kB (UME) 18*256kB (UME) 13*512kB (UM) 3*1024kB (UM) 2*2048kB (ME) 438*4096kB (M) = 1846692kB
[ 1121.567521] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1121.589585] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1121.594737] CPU: 0 PID: 11397 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1121.604881] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1121.611471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1121.611476] Call Trace:
[ 1121.611496]  dump_stack+0x142/0x197
[ 1121.611511]  warn_alloc.cold+0x96/0x1af
[ 1121.611521]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1121.611531]  ? check_preemption_disabled+0x3c/0x250
[ 1121.611539]  ? retint_kernel+0x2d/0x2d
[ 1121.611557]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1121.611578]  ? warn_alloc+0xf0/0xf0
[ 1121.611586]  ? check_preemption_disabled+0x3c/0x250
[ 1121.611598]  ? retint_kernel+0x2d/0x2d
[ 1121.620518] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1121.630156]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1121.630172]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1121.630183]  ? retint_kernel+0x2d/0x2d
[ 1121.630200]  alloc_pages_current+0xec/0x1e0
[ 1121.630214]  kvm_mmu_create+0xdf/0x1e0
[ 1121.630226]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1121.630238]  kvm_vcpu_init+0x272/0x360
[ 1121.630250]  vmx_create_vcpu+0xfc/0x2aa0
[ 1121.630261]  ? check_preemption_disabled+0x3c/0x250
[ 1121.630270]  ? retint_kernel+0x2d/0x2d
[ 1121.630281]  ? handle_rdmsr+0x6e0/0x6e0
[ 1121.630294]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1121.630304]  kvm_vm_ioctl+0x501/0x1600
[ 1121.630314]  ? __lock_acquire+0x5f7/0x4620
[ 1121.630321]  ? find_held_lock+0x35/0x130
[ 1121.630332]  ? kvm_vcpu_release+0xa0/0xa0
[ 1121.630342]  ? retint_kernel+0x2d/0x2d
[ 1121.633419] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1121.636953]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1121.636966]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1121.636979]  ? check_preemption_disabled+0x3c/0x250
[ 1121.636990]  ? retint_kernel+0x2d/0x2d
[ 1121.637006]  ? selinux_file_ioctl+0x19a/0x560
[ 1121.637018]  ? selinux_file_ioctl+0x206/0x560
[ 1121.641242] 21548 total pagecache pages
[ 1121.645971]  ? kvm_vcpu_release+0xa0/0xa0
[ 1121.645984]  do_vfs_ioctl+0x7ae/0x1060
[ 1121.645997]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1121.646006]  ? lock_downgrade+0x740/0x740
[ 1121.646016]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1121.646027]  ? __fget+0x237/0x370
[ 1121.646045]  ? security_file_ioctl+0x89/0xb0
[ 1121.646055]  SyS_ioctl+0x8f/0xc0
[ 1121.646067]  ? do_vfs_ioctl+0x1060/0x1060
[ 1121.651306] 0 pages in swap cache
[ 1121.655181]  do_syscall_64+0x1e8/0x640
[ 1121.655195]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1121.655211]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1121.655222] RIP: 0033:0x45c429
[ 1121.660528] Swap cache stats: add 0, delete 0, find 0/0
[ 1121.663873] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1121.663890] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1121.663894] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1121.663899] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1121.663904] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1121.663910] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1121.908158] Free swap  = 0kB
[ 1121.911900] Total swap = 0kB
[ 1121.915155] 1965979 pages RAM
[ 1121.918560] 0 pages HighMem/MovableOnly
[ 1121.922819] 335854 pages reserved
[ 1121.926322] 0 pages cma reserved
05:09:09 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:09 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0)

05:09:09 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:09 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

05:09:09 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:09 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

[ 1122.006888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1122.022148] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1122.046998] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1122.078824] CPU: 1 PID: 11426 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1122.086950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1122.096751] Call Trace:
[ 1122.099547]  dump_stack+0x142/0x197
[ 1122.103204]  warn_alloc.cold+0x96/0x1af
[ 1122.107314]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1122.112213]  ? wait_for_completion+0x420/0x420
[ 1122.116815]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1122.121811]  ? warn_alloc+0xf0/0xf0
[ 1122.125530]  ? __might_sleep+0x93/0xb0
[ 1122.129436]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1122.134215]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1122.139253]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1122.144308]  alloc_pages_current+0xec/0x1e0
[ 1122.148843]  kvm_mmu_create+0xdf/0x1e0
[ 1122.152753]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1122.157095]  kvm_vcpu_init+0x272/0x360
[ 1122.161150]  vmx_create_vcpu+0xfc/0x2aa0
[ 1122.165244]  ? mutex_trylock+0x1c0/0x1c0
[ 1122.169330]  ? handle_rdmsr+0x6e0/0x6e0
[ 1122.173327]  ? wait_for_completion+0x420/0x420
[ 1122.177938]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1122.183587]  kvm_vm_ioctl+0x501/0x1600
[ 1122.187495]  ? __lock_acquire+0x5f7/0x4620
[ 1122.191746]  ? find_held_lock+0x35/0x130
[ 1122.195827]  ? kvm_vcpu_release+0xa0/0xa0
[ 1122.200085]  ? trace_hardirqs_on+0x10/0x10
[ 1122.204338]  ? trace_hardirqs_on+0x10/0x10
[ 1122.208580]  ? __might_fault+0x110/0x1d0
[ 1122.212643]  ? save_trace+0x290/0x290
[ 1122.216563]  ? __might_fault+0x110/0x1d0
[ 1122.220641]  ? __fget+0x210/0x370
[ 1122.224906]  ? find_held_lock+0x35/0x130
[ 1122.224929] syz-executor.5: 
[ 1122.228969]  ? __fget+0x210/0x370
[ 1122.228983]  ? kvm_vcpu_release+0xa0/0xa0
[ 1122.228995]  do_vfs_ioctl+0x7ae/0x1060
[ 1122.229010]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1122.229019]  ? lock_downgrade+0x740/0x740
[ 1122.229029]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1122.229041]  ? __fget+0x237/0x370
[ 1122.229058]  ? security_file_ioctl+0x89/0xb0
[ 1122.232343] page allocation failure: order:0
[ 1122.235548]  SyS_ioctl+0x8f/0xc0
05:09:09 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="00000000000000002800120009000100766574680000148e05c9365aacb3235f9c6336000018000200140001000000000048fc68466db1d142fd6182485f3c63e7515ea73082750bb2b4e4a1192ba4c8a72992eff1f588272205", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x5}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x4}}, [@filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @local}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x11, 0xd27}, 0x24}}, 0x0)

[ 1122.235560]  ? do_vfs_ioctl+0x1060/0x1060
[ 1122.235573]  do_syscall_64+0x1e8/0x640
[ 1122.235584]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1122.235601]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1122.235610] RIP: 0033:0x45c429
[ 1122.235615] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1122.235626] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1122.235632] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
05:09:10 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1122.235637] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1122.235648] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1122.240097] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1122.243662] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1122.283094] warn_alloc_show_mem: 2 callbacks suppressed
[ 1122.283098] Mem-Info:
[ 1122.296727] (null)
[ 1122.313893] active_anon:837681 inactive_anon:4832 isolated_anon:0
[ 1122.313893]  active_file:14326 inactive_file:6968 isolated_file:0
[ 1122.313893]  unevictable:0 dirty:320 writeback:0 unstable:0
[ 1122.313893]  slab_reclaimable:17917 slab_unreclaimable:151926
[ 1122.313893]  mapped:59411 shmem:255 pagetables:16979 bounce:0
[ 1122.313893]  free:472431 free_pcp:296 free_cma:0
[ 1122.317570] syz-executor.5 cpuset=
[ 1122.336466] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1122.357742] syz5
[ 1122.359084] Node 1 active_anon:1430044kB inactive_anon:18544kB active_file:55448kB inactive_file:24776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26908kB dirty:1168kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1122.365290]  mems_allowed=0-1
[ 1122.406884] Node 0 
[ 1122.456597] CPU: 0 PID: 11434 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1122.468596] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1122.468875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1122.477331] lowmem_reserve[]:
[ 1122.503531] Call Trace:
[ 1122.503554]  dump_stack+0x142/0x197
[ 1122.503567]  warn_alloc.cold+0x96/0x1af
05:09:10 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1122.503577]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1122.503596]  ? wait_for_completion+0x420/0x420
[ 1122.503610]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1122.503618]  ? check_preemption_disabled+0x3c/0x250
[ 1122.503639]  ? warn_alloc+0xf0/0xf0
[ 1122.503656]  ? __might_sleep+0x93/0xb0
[ 1122.503667]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1122.503681]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1122.503693]  ? retint_kernel+0x2d/0x2d
[ 1122.503708]  alloc_pages_current+0xec/0x1e0
[ 1122.503723]  kvm_mmu_create+0xdf/0x1e0
[ 1122.503737]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1122.503749]  kvm_vcpu_init+0x272/0x360
[ 1122.503760]  vmx_create_vcpu+0xfc/0x2aa0
[ 1122.503768]  ? check_preemption_disabled+0x3c/0x250
[ 1122.503776]  ? retint_kernel+0x2d/0x2d
[ 1122.503789]  ? handle_rdmsr+0x6e0/0x6e0
[ 1122.518376]  0
[ 1122.519063]  ? kvm_arch_vcpu_create+0x14/0xc0
[ 1122.523057]  2569
[ 1122.526864]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1122.526880]  kvm_vm_ioctl+0x501/0x1600
[ 1122.526891]  ? __lock_acquire+0x5f7/0x4620
[ 1122.526905]  ? kvm_vcpu_release+0xa0/0xa0
[ 1122.526920]  ? retint_kernel+0x2d/0x2d
05:09:10 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:10 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

[ 1122.536407]  2569
[ 1122.541194]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1122.541208]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1122.541222]  ? check_preemption_disabled+0x3c/0x250
[ 1122.541232]  ? retint_kernel+0x2d/0x2d
[ 1122.541248]  ? selinux_file_ioctl+0x19a/0x560
[ 1122.541257]  ? selinux_file_ioctl+0x1fe/0x560
[ 1122.541269]  ? kvm_vcpu_release+0xa0/0xa0
[ 1122.541280]  do_vfs_ioctl+0x7ae/0x1060
[ 1122.541291]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1122.541302]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1122.541314]  ? check_preemption_disabled+0x3c/0x250
[ 1122.547083]  2569
[ 1122.550013]  ? retint_kernel+0x2d/0x2d
[ 1122.550032]  ? security_file_ioctl+0x89/0xb0
[ 1122.550047]  SyS_ioctl+0x8f/0xc0
[ 1122.550057]  ? do_vfs_ioctl+0x1060/0x1060
[ 1122.550068]  do_syscall_64+0x1e8/0x640
[ 1122.550076]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1122.550089]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1122.550097] RIP: 0033:0x45c429
[ 1122.550101] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1122.550112] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1122.550118] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1122.550123] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1122.550128] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1122.550133] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1122.765841] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1122.775018]  2569
05:09:10 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

[ 1122.778705] Node 0 DMA32 free:32432kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:416kB local_pcp:252kB free_cma:0kB
[ 1122.820179] lowmem_reserve[]: 0 0 0 0 0
[ 1122.824331] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1122.861212] lowmem_reserve[]: 0 0 0 0 0
[ 1122.865363] Node 1 Normal free:1845692kB min:53504kB low:66880kB high:80256kB active_anon:1429844kB inactive_anon:18544kB active_file:55448kB inactive_file:24776kB unevictable:0kB writepending:1168kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14080kB pagetables:28004kB bounce:0kB free_pcp:1088kB local_pcp:684kB free_cma:0kB
[ 1122.897457] lowmem_reserve[]: 0 0 0 0 0
[ 1122.905886] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1122.926073] Node 0 DMA32: 732*4kB (UME) 668*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32416kB
[ 1122.982433] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1123.002794] Node 1 Normal: 325*4kB (UME) 187*8kB (UME) 615*16kB (UM) 380*32kB (UME) 132*64kB (UME) 16*128kB (UME) 18*256kB (UME) 12*512kB (M) 3*1024kB (UM) 2*2048kB (ME) 438*4096kB (M) = 1847260kB
[ 1123.004352] syz-executor.5: 
[ 1123.022278] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1123.025546] page allocation failure: order:0
[ 1123.034923] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1123.034950] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1123.039530] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1123.039539] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1123.052819] (null)
[ 1123.054991] 21563 total pagecache pages
[ 1123.063749] syz-executor.5 cpuset=
[ 1123.076649] 0 pages in swap cache
[ 1123.079672] syz5
[ 1123.083056] Swap cache stats: add 0, delete 0, find 0/0
[ 1123.086678]  mems_allowed=0-1
[ 1123.088412] Free swap  = 0kB
[ 1123.088418] Total swap = 0kB
[ 1123.088426] 1965979 pages RAM
[ 1123.088433] 0 pages HighMem/MovableOnly
[ 1123.098249] CPU: 0 PID: 11457 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1123.100711] 335854 pages reserved
[ 1123.103282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1123.103287] Call Trace:
[ 1123.103307]  dump_stack+0x142/0x197
[ 1123.103320]  warn_alloc.cold+0x96/0x1af
[ 1123.103332]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1123.106551] 0 pages cma reserved
[ 1123.110452]  ? wait_for_completion+0x420/0x420
[ 1123.110470]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1123.110493]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1123.110508]  ? retint_kernel+0x2d/0x2d
[ 1123.110520]  ? warn_alloc+0xf0/0xf0
[ 1123.110537]  ? __might_sleep+0x93/0xb0
[ 1123.110548]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1123.110555]  ? retint_kernel+0x2d/0x2d
[ 1123.110567]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1123.190733]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1123.195571]  ? check_preemption_disabled+0x3c/0x250
[ 1123.200739]  ? retint_kernel+0x2d/0x2d
[ 1123.204630]  alloc_pages_current+0xec/0x1e0
[ 1123.209124]  kvm_mmu_create+0xdf/0x1e0
[ 1123.213023]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1123.217343]  kvm_vcpu_init+0x272/0x360
[ 1123.222279]  vmx_create_vcpu+0xfc/0x2aa0
[ 1123.226343]  ? mutex_trylock+0x1c0/0x1c0
[ 1123.230485]  ? check_preemption_disabled+0x3c/0x250
[ 1123.235507]  ? handle_rdmsr+0x6e0/0x6e0
[ 1123.239483]  ? wait_for_completion+0x420/0x420
[ 1123.244065]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1123.248392]  kvm_vm_ioctl+0x501/0x1600
[ 1123.252449]  ? __lock_acquire+0x5f7/0x4620
[ 1123.256681]  ? mark_held_locks+0xb1/0x100
[ 1123.260944]  ? kvm_vcpu_release+0xa0/0xa0
[ 1123.265111]  ? retint_kernel+0x2d/0x2d
[ 1123.268999]  ? retint_kernel+0x2d/0x2d
[ 1123.275879]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1123.281072]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1123.285979]  ? check_preemption_disabled+0x3c/0x250
[ 1123.291006]  ? retint_kernel+0x2d/0x2d
[ 1123.294894]  ? kvm_vcpu_release+0xa0/0xa0
[ 1123.299044]  ? kvm_vcpu_release+0xa0/0xa0
[ 1123.303188]  do_vfs_ioctl+0x7ae/0x1060
[ 1123.307068]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1123.311879]  ? lock_downgrade+0x740/0x740
[ 1123.316038]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1123.320438]  ? __fget+0x237/0x370
[ 1123.323941]  ? security_file_ioctl+0x89/0xb0
[ 1123.328507]  SyS_ioctl+0x8f/0xc0
[ 1123.331867]  ? do_vfs_ioctl+0x1060/0x1060
[ 1123.336063]  do_syscall_64+0x1e8/0x640
[ 1123.339940]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1123.344930]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1123.350115] RIP: 0033:0x45c429
[ 1123.353462] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1123.361199] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1123.368651] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1123.375918] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
05:09:11 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3)

05:09:11 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

05:09:11 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000040), 0x200000a5}])

05:09:11 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

[ 1123.383195] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1123.390671] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1123.416220] warn_alloc_show_mem: 1 callbacks suppressed
[ 1123.416262] Mem-Info:
[ 1123.432656] active_anon:837544 inactive_anon:4834 isolated_anon:0
[ 1123.432656]  active_file:14326 inactive_file:6984 isolated_file:0
[ 1123.432656]  unevictable:0 dirty:333 writeback:0 unstable:0
[ 1123.432656]  slab_reclaimable:17915 slab_unreclaimable:151942
[ 1123.432656]  mapped:59432 shmem:255 pagetables:16937 bounce:0
[ 1123.432656]  free:472695 free_pcp:324 free_cma:0
05:09:11 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:11 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0xf0, 0x1c, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in6=@empty}, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}}, 0xf0}}, 0x0)

[ 1123.478394] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:112kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1123.535981] Node 1 active_anon:1429796kB inactive_anon:18552kB active_file:55448kB inactive_file:24812kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:1220kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1123.566274] netlink: 220 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1123.580933] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1123.586970] netlink: 220 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1123.608449] lowmem_reserve[]: 0 2569 2569 2569 2569
05:09:11 executing program 3:
sendmsg$sock(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x4000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c8a14195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27e9a232fe2238fff867ba8fd41b29caad2a986e0e244bd11747ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee450e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd4fad615ff6e2991589bbdd1ae0d1bce65c620c4a2527a82afe16e019a5e0b5ec1b1b8aafba090000c3630488edcc4a8cbd3246e962b773a75b28a51cd09cbcb3577fea6f1e9fe8cd2b532c084cbd051b4aeaf0e716b256acf183d8e55580a678c664813354f14a453b093948d49bca31a7170419bb1d32f256ff3010e69b2f0482c63ab78a74dec8b1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000000060, 0xe80, 0xfffffe6f, &(0x7f0000000100)="480e003f0000007e5bc5795eca00000800ffffffba0e7200ffff81", 0x0, 0x100, 0xf2ffffff, 0xfffffe0c, 0x212, &(0x7f0000000280)="f2a134bd13c7bd41a2a738ad8e7625ed330eb46063bd287d832698132e59ef45f8f50845c0ac85604b448e24348e4ae93e68238b7b9d561b349d19b5f5784e031c55c5a4e48926a1526e38640a161fab39732052ee83bc3b9cb625962f3eaf1ed426e6f0442693c16b0ab6a89a5738f5bccd6ae1492f8471a7afec6b", &(0x7f0000000380)="712ae01ebf877f139c8f1b0fcd056310bfa3de7157976d3ff4c82f2e0d1885774c5b7c7c853e5424fbf469ab0726e9f41208f98d20b093ddbb7f52e015b875cea2900b2443348cdf466c18cfae89ce96f0437cb21ca3703f0b94273c7500"/106}, 0x28)

05:09:11 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

[ 1123.624419] Node 0 DMA32 free:32416kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:112kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:424kB local_pcp:164kB free_cma:0kB
[ 1123.697238] lowmem_reserve[]: 0 0 0 0 0
[ 1123.707067] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1123.739196] lowmem_reserve[]: 0 0 0 0 0
[ 1123.744314] Node 1 Normal free:1847408kB min:53504kB low:66880kB high:80256kB active_anon:1430096kB inactive_anon:18552kB active_file:55448kB inactive_file:24812kB unevictable:0kB writepending:1220kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14240kB pagetables:28132kB bounce:0kB free_pcp:816kB local_pcp:280kB free_cma:0kB
[ 1123.776195] lowmem_reserve[]: 0 0 0 0 0
[ 1123.781611] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1123.799073] Node 0 DMA32: 732*4kB (UME) 667*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32408kB
[ 1123.817228] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1123.833050] Node 1 Normal: 214*4kB (UME) 152*8kB (UE) 654*16kB (UM) 370*32kB (UME) 135*64kB (UME) 17*128kB (UME) 18*256kB (UME) 14*512kB (UM) 2*1024kB (M) 2*2048kB (ME) 438*4096kB (M) = 1847160kB
[ 1123.853960] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1123.865888] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1123.875954] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1123.885077] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1123.900583] 21565 total pagecache pages
[ 1123.908354] 0 pages in swap cache
[ 1123.912208] Swap cache stats: add 0, delete 0, find 0/0
[ 1123.919471] Free swap  = 0kB
[ 1123.923025] Total swap = 0kB
[ 1123.926325] 1965979 pages RAM
[ 1123.929926] 0 pages HighMem/MovableOnly
[ 1123.936244] warn_alloc: 1 callbacks suppressed
[ 1123.936248] syz-executor.2: 
[ 1123.941700] 335854 pages reserved
05:09:11 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0b861f1036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5aaff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f083b211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313818068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6ccfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x80}]}})

05:09:11 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

[ 1123.942256] page allocation failure: order:0
[ 1123.944733] 0 pages cma reserved
[ 1123.992835] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1124.014748] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1124.021321] syz-executor.3 cpuset=syz3 mems_allowed=0-1
[ 1124.021349] CPU: 0 PID: 11500 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1124.021356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1124.021359] Call Trace:
[ 1124.021379]  dump_stack+0x142/0x197
[ 1124.030682] syz-executor.2 cpuset=
[ 1124.034646]  warn_alloc.cold+0x96/0x1af
[ 1124.034659]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1124.034678]  ? wait_for_completion+0x420/0x420
[ 1124.034694]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1124.051658] syz2
[ 1124.054293]  ? warn_alloc+0xf0/0xf0
[ 1124.058572]  mems_allowed=0-1
[ 1124.063254]  ? __might_sleep+0x93/0xb0
[ 1124.063271]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1124.063288]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1124.063298]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1124.063317]  alloc_pages_current+0xec/0x1e0
[ 1124.063331]  kvm_mmu_create+0xdf/0x1e0
[ 1124.063344]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1124.063357]  kvm_vcpu_init+0x272/0x360
[ 1124.063370]  vmx_create_vcpu+0xfc/0x2aa0
[ 1124.120924]  ? mutex_trylock+0x1c0/0x1c0
[ 1124.125020]  ? handle_rdmsr+0x6e0/0x6e0
[ 1124.128988]  ? wait_for_completion+0x420/0x420
[ 1124.133569]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1124.137901]  kvm_vm_ioctl+0x501/0x1600
[ 1124.141907]  ? __lock_acquire+0x5f7/0x4620
[ 1124.146271]  ? get_unused_fd_flags+0xd0/0xd0
[ 1124.150707]  ? kvm_vcpu_release+0xa0/0xa0
[ 1124.154860]  ? trace_hardirqs_on+0x10/0x10
[ 1124.159104]  ? trace_hardirqs_on+0x10/0x10
[ 1124.163367]  ? __might_fault+0x110/0x1d0
[ 1124.167467]  ? save_trace+0x290/0x290
[ 1124.171285]  ? __might_fault+0x110/0x1d0
[ 1124.175439]  ? __fget+0x210/0x370
[ 1124.179063]  ? find_held_lock+0x35/0x130
[ 1124.183129]  ? __fget+0x210/0x370
[ 1124.186579]  ? kvm_vcpu_release+0xa0/0xa0
[ 1124.190925]  do_vfs_ioctl+0x7ae/0x1060
[ 1124.194824]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1124.199607]  ? lock_downgrade+0x740/0x740
[ 1124.203982]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1124.208416]  ? __fget+0x237/0x370
[ 1124.211879]  ? security_file_ioctl+0x89/0xb0
[ 1124.216434]  SyS_ioctl+0x8f/0xc0
[ 1124.219821]  ? do_vfs_ioctl+0x1060/0x1060
[ 1124.224076]  do_syscall_64+0x1e8/0x640
[ 1124.227978]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1124.232838]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1124.238099] RIP: 0033:0x45c429
[ 1124.241373] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1124.249084] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1124.256588] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1124.263875] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1124.271161] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1124.278607] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1124.299286] CPU: 1 PID: 11482 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1124.308484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1124.318194] Call Trace:
[ 1124.320839]  dump_stack+0x142/0x197
[ 1124.324621]  warn_alloc.cold+0x96/0x1af
[ 1124.328624]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1124.333492]  ? wait_for_completion+0x420/0x420
[ 1124.338096]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1124.342971]  ? warn_alloc+0xf0/0xf0
[ 1124.346982]  ? __might_sleep+0x93/0xb0
[ 1124.350890]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1124.355577]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1124.360616]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1124.365671]  alloc_pages_current+0xec/0x1e0
[ 1124.370721]  kvm_mmu_create+0xdf/0x1e0
[ 1124.374630]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1124.378971]  kvm_vcpu_init+0x272/0x360
[ 1124.382874]  vmx_create_vcpu+0xfc/0x2aa0
[ 1124.386947]  ? mutex_trylock+0x1c0/0x1c0
[ 1124.391028]  ? handle_rdmsr+0x6e0/0x6e0
[ 1124.395043]  ? wait_for_completion+0x420/0x420
[ 1124.399656]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1124.404224]  kvm_vm_ioctl+0x501/0x1600
[ 1124.408236]  ? __lock_acquire+0x5f7/0x4620
[ 1124.412602]  ? find_held_lock+0x35/0x130
[ 1124.417036]  ? kvm_vcpu_release+0xa0/0xa0
[ 1124.421293]  ? trace_hardirqs_on+0x10/0x10
[ 1124.425582]  ? trace_hardirqs_on+0x10/0x10
[ 1124.429951]  ? __might_fault+0x110/0x1d0
[ 1124.434023]  ? save_trace+0x290/0x290
[ 1124.437927]  ? __might_fault+0x110/0x1d0
[ 1124.443562]  ? __fget+0x210/0x370
[ 1124.447016]  ? find_held_lock+0x35/0x130
[ 1124.451161]  ? __fget+0x210/0x370
[ 1124.454674]  ? kvm_vcpu_release+0xa0/0xa0
[ 1124.458925]  do_vfs_ioctl+0x7ae/0x1060
[ 1124.463332]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1124.468098]  ? lock_downgrade+0x740/0x740
[ 1124.472383]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1124.476798]  ? __fget+0x237/0x370
[ 1124.480404]  ? security_file_ioctl+0x89/0xb0
[ 1124.484815]  SyS_ioctl+0x8f/0xc0
[ 1124.488186]  ? do_vfs_ioctl+0x1060/0x1060
[ 1124.492579]  do_syscall_64+0x1e8/0x640
[ 1124.496469]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1124.501557]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1124.506960] RIP: 0033:0x45c429
[ 1124.510193] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1124.517901] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1124.525172] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1124.532537] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1124.540160] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1124.547517] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1124.569034] warn_alloc_show_mem: 1 callbacks suppressed
[ 1124.569039] Mem-Info:
[ 1124.578159] active_anon:837587 inactive_anon:4834 isolated_anon:0
[ 1124.578159]  active_file:14326 inactive_file:6994 isolated_file:0
[ 1124.578159]  unevictable:0 dirty:347 writeback:0 unstable:0
[ 1124.578159]  slab_reclaimable:17930 slab_unreclaimable:151797
[ 1124.578159]  mapped:59409 shmem:255 pagetables:16841 bounce:0
[ 1124.578159]  free:472782 free_pcp:451 free_cma:0
[ 1124.614533] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:116kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1124.643996] Node 1 active_anon:1429668kB inactive_anon:18552kB active_file:55448kB inactive_file:24864kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26888kB dirty:1284kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1124.674607] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1124.702199] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1124.708728] Node 0 DMA32 free:32448kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:116kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:436kB local_pcp:264kB free_cma:0kB
[ 1124.740120] lowmem_reserve[]: 0 0 0 0 0
[ 1124.744131] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1124.770844] lowmem_reserve[]: 0 0 0 0 0
[ 1124.774940] Node 1 Normal free:1849000kB min:53504kB low:66880kB high:80256kB active_anon:1429668kB inactive_anon:18552kB active_file:55448kB inactive_file:24864kB unevictable:0kB writepending:1292kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13728kB pagetables:27740kB bounce:0kB free_pcp:1368kB local_pcp:644kB free_cma:0kB
[ 1124.806138] lowmem_reserve[]: 0 0 0 0 0
[ 1124.810183] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1124.824734] Node 0 DMA32: 732*4kB (UME) 667*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32424kB
[ 1124.840706] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1124.851590] Node 1 Normal: 296*4kB (UME) 260*8kB (UME) 693*16kB (UME) 386*32kB (UM) 134*64kB (UME) 16*128kB (UME) 17*256kB (ME) 14*512kB (UM) 2*1024kB (M) 2*2048kB (ME) 438*4096kB (M) = 1849040kB
[ 1124.869826] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1124.878826] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1124.887867] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1124.896780] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1124.905785] 21581 total pagecache pages
[ 1124.909779] 0 pages in swap cache
[ 1124.913310] Swap cache stats: add 0, delete 0, find 0/0
[ 1124.918727] Free swap  = 0kB
[ 1124.921844] Total swap = 0kB
[ 1124.924889] 1965979 pages RAM
[ 1124.928084] 0 pages HighMem/MovableOnly
[ 1124.932148] 335854 pages reserved
[ 1124.935641] 0 pages cma reserved
05:09:12 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0b861f1036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5aaff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f083b211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313818068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6ccfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x80}]}})

05:09:12 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:12 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

05:09:12 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:12 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x8, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x200000a5}])

[ 1125.068573] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1125.080635] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1125.086288] CPU: 0 PID: 11532 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1125.094217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1125.103759] Call Trace:
[ 1125.106364]  dump_stack+0x142/0x197
[ 1125.110218]  warn_alloc.cold+0x96/0x1af
[ 1125.114216]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1125.119217]  ? wait_for_completion+0x420/0x420
[ 1125.119756] syz-executor.3: 
[ 1125.123815]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1125.123838]  ? warn_alloc+0xf0/0xf0
[ 1125.123861]  ? __might_sleep+0x93/0xb0
[ 1125.123872]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1125.123885]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1125.123900]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1125.123920]  alloc_pages_current+0xec/0x1e0
[ 1125.123934]  kvm_mmu_create+0xdf/0x1e0
[ 1125.123947]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1125.123960]  kvm_vcpu_init+0x272/0x360
[ 1125.123974]  vmx_create_vcpu+0xfc/0x2aa0
[ 1125.152912] page allocation failure: order:0
[ 1125.154882]  ? mutex_trylock+0x1c0/0x1c0
[ 1125.154903]  ? handle_rdmsr+0x6e0/0x6e0
[ 1125.154915]  ? wait_for_completion+0x420/0x420
[ 1125.166380] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1125.167502]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1125.167528]  kvm_vm_ioctl+0x501/0x1600
[ 1125.173083] (null)
[ 1125.176446]  ? __lock_acquire+0x5f7/0x4620
[ 1125.176460]  ? find_held_lock+0x35/0x130
[ 1125.184285] syz-executor.3 cpuset=
[ 1125.185780]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.185792]  ? trace_hardirqs_on+0x10/0x10
[ 1125.185809]  ? trace_hardirqs_on+0x10/0x10
[ 1125.191839] syz3
[ 1125.195328]  ? __might_fault+0x110/0x1d0
[ 1125.204502]  mems_allowed=0-1
[ 1125.206215]  ? save_trace+0x290/0x290
[ 1125.206228]  ? __might_fault+0x110/0x1d0
[ 1125.206242]  ? __fget+0x210/0x370
[ 1125.258578]  ? find_held_lock+0x35/0x130
[ 1125.262686]  ? __fget+0x210/0x370
[ 1125.266174]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.270335]  do_vfs_ioctl+0x7ae/0x1060
[ 1125.274237]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1125.278995]  ? lock_downgrade+0x740/0x740
[ 1125.283156]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1125.287597]  ? __fget+0x237/0x370
[ 1125.291214]  ? security_file_ioctl+0x89/0xb0
[ 1125.296252]  SyS_ioctl+0x8f/0xc0
[ 1125.299821]  ? do_vfs_ioctl+0x1060/0x1060
[ 1125.303984]  do_syscall_64+0x1e8/0x640
[ 1125.307873]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1125.312724]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1125.317921] RIP: 0033:0x45c429
[ 1125.321110] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1125.328827] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1125.336114] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1125.344346] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1125.351654] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1125.358953] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1125.366263] CPU: 1 PID: 11527 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1125.374314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1125.383769] Call Trace:
[ 1125.386381]  dump_stack+0x142/0x197
[ 1125.390027]  warn_alloc.cold+0x96/0x1af
[ 1125.394014]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1125.398982]  ? wait_for_completion+0x420/0x420
[ 1125.403591]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1125.408990]  ? warn_alloc+0xf0/0xf0
[ 1125.412652]  ? __might_sleep+0x93/0xb0
[ 1125.416557]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1125.421350]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1125.426394]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1125.431442]  alloc_pages_current+0xec/0x1e0
[ 1125.435789]  kvm_mmu_create+0xdf/0x1e0
[ 1125.439691]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1125.444154]  kvm_vcpu_init+0x272/0x360
[ 1125.448063]  vmx_create_vcpu+0xfc/0x2aa0
[ 1125.452133]  ? mutex_trylock+0x1c0/0x1c0
[ 1125.456261]  ? handle_rdmsr+0x6e0/0x6e0
[ 1125.460253]  ? wait_for_completion+0x420/0x420
[ 1125.462583] syz-executor.5: 
[ 1125.464852]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1125.464867]  kvm_vm_ioctl+0x501/0x1600
[ 1125.464879]  ? __lock_acquire+0x5f7/0x4620
[ 1125.464891]  ? get_unused_fd_flags+0xd0/0xd0
[ 1125.464904]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.464915]  ? trace_hardirqs_on+0x10/0x10
[ 1125.464931]  ? trace_hardirqs_on+0x10/0x10
[ 1125.464943]  ? __might_fault+0x110/0x1d0
[ 1125.464954]  ? save_trace+0x290/0x290
[ 1125.464964]  ? __might_fault+0x110/0x1d0
[ 1125.464975]  ? __fget+0x210/0x370
[ 1125.464990]  ? find_held_lock+0x35/0x130
[ 1125.468292] page allocation failure: order:0
[ 1125.472435]  ? __fget+0x210/0x370
[ 1125.472449]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.472460]  do_vfs_ioctl+0x7ae/0x1060
[ 1125.472474]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1125.472484]  ? lock_downgrade+0x740/0x740
[ 1125.472496]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1125.472508]  ? __fget+0x237/0x370
[ 1125.472523]  ? security_file_ioctl+0x89/0xb0
[ 1125.472535]  SyS_ioctl+0x8f/0xc0
[ 1125.472543]  ? do_vfs_ioctl+0x1060/0x1060
[ 1125.472556]  do_syscall_64+0x1e8/0x640
05:09:13 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
r3 = dup(0xffffffffffffffff)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x8000fffffffe)
socket$inet_udplite(0x2, 0x2, 0x88)

[ 1125.472573]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1125.478068] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1125.480689]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1125.480699] RIP: 0033:0x45c429
[ 1125.480705] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1125.480716] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1125.480722] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1125.480728] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1125.480734] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1125.480740] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1125.609868] syz-executor.3: 
[ 1125.627216] (null)
[ 1125.637413] page allocation failure: order:0
[ 1125.638521] syz-executor.5 cpuset=
[ 1125.641920] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1125.643539] syz5 mems_allowed=0-1
[ 1125.643607] CPU: 0 PID: 11526 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1125.648716] (null)
[ 1125.651713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1125.651717] Call Trace:
[ 1125.651736]  dump_stack+0x142/0x197
[ 1125.651753]  warn_alloc.cold+0x96/0x1af
[ 1125.651764]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1125.651784]  ? wait_for_completion+0x420/0x420
[ 1125.651800]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1125.651821]  ? warn_alloc+0xf0/0xf0
[ 1125.651840]  ? __might_sleep+0x93/0xb0
[ 1125.651850]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1125.651859]  ? retint_kernel+0x2d/0x2d
[ 1125.651870]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1125.651881]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1125.651895]  ? check_preemption_disabled+0x3c/0x250
[ 1125.651904]  ? retint_kernel+0x2d/0x2d
[ 1125.651917]  alloc_pages_current+0xec/0x1e0
[ 1125.651931]  kvm_mmu_create+0xdf/0x1e0
[ 1125.651943]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1125.651963]  kvm_vcpu_init+0x272/0x360
[ 1125.651977]  vmx_create_vcpu+0xfc/0x2aa0
[ 1125.651988]  ? check_preemption_disabled+0x3c/0x250
[ 1125.651997]  ? retint_kernel+0x2d/0x2d
[ 1125.652010]  ? handle_rdmsr+0x6e0/0x6e0
[ 1125.652019]  ? kvm_arch_vcpu_create+0x61/0xc0
[ 1125.652031]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1125.652041]  kvm_vm_ioctl+0x501/0x1600
[ 1125.652051]  ? __lock_acquire+0x5f7/0x4620
[ 1125.652060]  ? do_futex+0x21d/0x19e0
[ 1125.652072]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.652081]  ? trace_hardirqs_on+0x10/0x10
[ 1125.652097]  ? trace_hardirqs_on+0x10/0x10
[ 1125.664927] syz-executor.3 cpuset=
[ 1125.669688]  ? __might_fault+0x110/0x1d0
[ 1125.669707]  ? save_trace+0x290/0x290
[ 1125.669720]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1125.669732]  ? __fget+0x210/0x370
[ 1125.669743]  ? find_held_lock+0x35/0x130
[ 1125.669751]  ? __fget+0x210/0x370
[ 1125.669766]  ? kvm_vcpu_release+0xa0/0xa0
[ 1125.672848] syz3
[ 1125.686548]  do_vfs_ioctl+0x7ae/0x1060
[ 1125.694909]  mems_allowed=0-1
[ 1125.697616]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1125.697629]  ? lock_downgrade+0x740/0x740
[ 1125.697649]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1125.697662]  ? __fget+0x237/0x370
[ 1125.697679]  ? security_file_ioctl+0x89/0xb0
[ 1125.697691]  SyS_ioctl+0x8f/0xc0
[ 1125.881179]  ? do_vfs_ioctl+0x1060/0x1060
[ 1125.885360]  do_syscall_64+0x1e8/0x640
[ 1125.889247]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1125.894243]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1125.899425] RIP: 0033:0x45c429
[ 1125.902688] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1125.910392] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
05:09:13 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

05:09:13 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, 0x0}])

05:09:13 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1125.917777] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1125.925055] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1125.932328] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1125.939599] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1126.000474] CPU: 1 PID: 11543 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1126.008849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1126.018471] Call Trace:
[ 1126.021080]  dump_stack+0x142/0x197
[ 1126.024727]  warn_alloc.cold+0x96/0x1af
[ 1126.028718]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1126.034018]  ? wait_for_completion+0x420/0x420
[ 1126.038621]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1126.043493]  ? warn_alloc+0xf0/0xf0
[ 1126.047144]  ? __might_sleep+0x93/0xb0
[ 1126.049929] warn_alloc_show_mem: 2 callbacks suppressed
[ 1126.049932] Mem-Info:
[ 1126.051072]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1126.051086]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1126.051099]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1126.051122]  alloc_pages_current+0xec/0x1e0
[ 1126.051137]  kvm_mmu_create+0xdf/0x1e0
[ 1126.051148]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1126.051161]  kvm_vcpu_init+0x272/0x360
[ 1126.056743] active_anon:837648 inactive_anon:4834 isolated_anon:0
[ 1126.056743]  active_file:14326 inactive_file:6989 isolated_file:0
[ 1126.056743]  unevictable:0 dirty:363 writeback:0 unstable:0
[ 1126.056743]  slab_reclaimable:17976 slab_unreclaimable:152109
[ 1126.056743]  mapped:59409 shmem:255 pagetables:16959 bounce:0
[ 1126.056743]  free:472354 free_pcp:235 free_cma:0
[ 1126.059024]  vmx_create_vcpu+0xfc/0x2aa0
[ 1126.059037]  ? mutex_trylock+0x1c0/0x1c0
[ 1126.059055]  ? handle_rdmsr+0x6e0/0x6e0
[ 1126.059066]  ? wait_for_completion+0x420/0x420
[ 1126.059083]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1126.059096]  kvm_vm_ioctl+0x501/0x1600
[ 1126.059106]  ? __lock_acquire+0x5f7/0x4620
[ 1126.059118]  ? get_unused_fd_flags+0xd0/0xd0
[ 1126.066798] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1126.071617]  ? kvm_vcpu_release+0xa0/0xa0
[ 1126.071632]  ? trace_hardirqs_on+0x10/0x10
05:09:13 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

05:09:13 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

[ 1126.071644]  ? trace_hardirqs_on+0x10/0x10
[ 1126.071656]  ? __might_fault+0x110/0x1d0
[ 1126.071667]  ? save_trace+0x290/0x290
[ 1126.071678]  ? __might_fault+0x110/0x1d0
[ 1126.071690]  ? __fget+0x210/0x370
[ 1126.071699]  ? find_held_lock+0x35/0x130
[ 1126.071708]  ? __fget+0x210/0x370
[ 1126.071719]  ? kvm_vcpu_release+0xa0/0xa0
[ 1126.071728]  do_vfs_ioctl+0x7ae/0x1060
[ 1126.071743]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1126.076976] Node 1 active_anon:1429912kB inactive_anon:18552kB active_file:55448kB inactive_file:24888kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26900kB dirty:1332kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1126.081108]  ? lock_downgrade+0x740/0x740
[ 1126.081124]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1126.081136]  ? __fget+0x237/0x370
[ 1126.081154]  ? security_file_ioctl+0x89/0xb0
[ 1126.081167]  SyS_ioctl+0x8f/0xc0
[ 1126.081178]  ? do_vfs_ioctl+0x1060/0x1060
[ 1126.081190]  do_syscall_64+0x1e8/0x640
05:09:13 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:13 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1126.081199]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1126.081214]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1126.081222] RIP: 0033:0x45c429
[ 1126.081230] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246
[ 1126.085391] Node 0 
[ 1126.089537]  ORIG_RAX: 0000000000000010
[ 1126.089545] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1126.089550] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1126.089554] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1126.089559] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1126.089564] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1126.370999] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1126.374208] syz-executor.2: 
[ 1126.398932] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1126.407611] Node 0 DMA32 free:32384kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:488kB local_pcp:160kB free_cma:0kB
[ 1126.438964] lowmem_reserve[]: 0 0 0 0 0
[ 1126.441483] page allocation failure: order:0
[ 1126.443979] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1126.454715] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1126.478328] lowmem_reserve[]: 0 0 0 0 0
[ 1126.488934] Node 1 Normal free:1847844kB min:53504kB low:66880kB high:80256kB active_anon:1429992kB inactive_anon:18540kB active_file:55448kB inactive_file:24932kB unevictable:0kB writepending:1372kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14016kB pagetables:28196kB bounce:0kB free_pcp:1084kB local_pcp:440kB free_cma:0kB
[ 1126.520265] (null)
[ 1126.520274] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1126.526746] lowmem_reserve[]: 0
[ 1126.527977] CPU: 1 PID: 11566 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1126.527985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1126.531561]  0
[ 1126.539192] Call Trace:
[ 1126.539213]  dump_stack+0x142/0x197
[ 1126.539228]  warn_alloc.cold+0x96/0x1af
[ 1126.539239]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1126.539256]  ? wait_for_completion+0x420/0x420
[ 1126.539270]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1126.539292]  ? warn_alloc+0xf0/0xf0
[ 1126.548861]  0
[ 1126.550547]  ? __might_sleep+0x93/0xb0
[ 1126.550563]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1126.550577]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1126.550587]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1126.550607]  alloc_pages_current+0xec/0x1e0
[ 1126.550622]  kvm_mmu_create+0xdf/0x1e0
[ 1126.553346]  0
[ 1126.556828]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1126.556843]  kvm_vcpu_init+0x272/0x360
[ 1126.556857]  vmx_create_vcpu+0xfc/0x2aa0
[ 1126.556867]  ? mutex_trylock+0x1c0/0x1c0
[ 1126.556883]  ? handle_rdmsr+0x6e0/0x6e0
[ 1126.560998]  0
[ 1126.565714]  ? wait_for_completion+0x420/0x420
[ 1126.565731]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1126.565745]  kvm_vm_ioctl+0x501/0x1600
[ 1126.565757]  ? __lock_acquire+0x5f7/0x4620
[ 1126.565765]  ? find_held_lock+0x35/0x130
[ 1126.565780]  ? kvm_vcpu_release+0xa0/0xa0
[ 1126.575461]  ? trace_hardirqs_on+0x10/0x10
[ 1126.575478]  ? trace_hardirqs_on+0x10/0x10
[ 1126.575491]  ? __might_fault+0x110/0x1d0
[ 1126.575504]  ? save_trace+0x290/0x290
[ 1126.579368] Node 0 
[ 1126.580943]  ? __might_fault+0x110/0x1d0
[ 1126.580955]  ? __fget+0x210/0x370
[ 1126.580966]  ? find_held_lock+0x35/0x130
[ 1126.580977]  ? __fget+0x210/0x370
[ 1126.580992]  ? kvm_vcpu_release+0xa0/0xa0
[ 1126.581003]  do_vfs_ioctl+0x7ae/0x1060
[ 1126.581017]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1126.585015] DMA: 
[ 1126.589600]  ? lock_downgrade+0x740/0x740
[ 1126.589615]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1126.589627]  ? __fget+0x237/0x370
[ 1126.589645]  ? security_file_ioctl+0x89/0xb0
[ 1126.589655]  SyS_ioctl+0x8f/0xc0
[ 1126.589665]  ? do_vfs_ioctl+0x1060/0x1060
[ 1126.589677]  do_syscall_64+0x1e8/0x640
[ 1126.589689]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1126.594864] 12*4kB 
[ 1126.600657]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1126.600667] RIP: 0033:0x45c429
[ 1126.600677] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1126.600686] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1126.600692] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1126.600698] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1126.600704] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1126.600709] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1126.800275] (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1126.800341] Node 0 DMA32: 732*4kB (UME) 660*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32368kB
[ 1126.834697] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1126.859637] Node 1 Normal: 177*4kB (UM) 155*8kB (UME) 731*16kB (UME) 384*32kB (UME) 136*64kB (UME) 20*128kB (UM) 18*256kB (UME) 13*512kB (UM) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1847628kB
[ 1126.879325] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1126.897042] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:09:14 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:14 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, 0x0}])

05:09:14 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:14 executing program 3:
socket$alg(0x26, 0x5, 0x0)
socket(0x1e, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpid()
sched_setscheduler(0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in6=@empty, 0x0, 0x33}, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x138}}, 0x0)

05:09:14 executing program 0:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1126.906623] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1126.915774] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1126.924592] 21604 total pagecache pages
[ 1126.928712] 0 pages in swap cache
[ 1126.932264] Swap cache stats: add 0, delete 0, find 0/0
[ 1126.937912] Free swap  = 0kB
[ 1126.941056] Total swap = 0kB
[ 1126.944100] 1965979 pages RAM
[ 1126.947253] 0 pages HighMem/MovableOnly
[ 1126.951319] 335854 pages reserved
[ 1126.954768] 0 pages cma reserved
05:09:14 executing program 3:
socket$alg(0x26, 0x5, 0x0)
socket(0x1e, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpid()
sched_setscheduler(0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local}, {@in6=@empty, 0x0, 0x33}, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x138}}, 0x0)

05:09:14 executing program 3:

[ 1127.086530] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1127.117237] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1127.131308] CPU: 0 PID: 11584 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1127.139351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1127.148717] Call Trace:
[ 1127.151322]  dump_stack+0x142/0x197
[ 1127.154968]  warn_alloc.cold+0x96/0x1af
[ 1127.158957]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1127.163841]  ? wait_for_completion+0x420/0x420
[ 1127.168539]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1127.173420]  ? warn_alloc+0xf0/0xf0
[ 1127.177082]  ? __might_sleep+0x93/0xb0
[ 1127.180994]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1127.185705]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1127.190839]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1127.195881]  alloc_pages_current+0xec/0x1e0
[ 1127.200247]  kvm_mmu_create+0xdf/0x1e0
[ 1127.204889]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1127.209224]  kvm_vcpu_init+0x272/0x360
[ 1127.213124]  vmx_create_vcpu+0xfc/0x2aa0
[ 1127.216870] syz-executor.5: 
[ 1127.217195]  ? mutex_trylock+0x1c0/0x1c0
[ 1127.217215]  ? handle_rdmsr+0x6e0/0x6e0
[ 1127.221950] page allocation failure: order:0
05:09:14 executing program 3:

05:09:14 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1127.224934]  ? wait_for_completion+0x420/0x420
[ 1127.224950]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1127.224965]  kvm_vm_ioctl+0x501/0x1600
[ 1127.224976]  ? __lock_acquire+0x5f7/0x4620
[ 1127.224991]  ? find_held_lock+0x35/0x130
[ 1127.229136] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1127.233391]  ? kvm_vcpu_release+0xa0/0xa0
[ 1127.233402]  ? trace_hardirqs_on+0x10/0x10
[ 1127.233415]  ? trace_hardirqs_on+0x10/0x10
[ 1127.233427]  ? __might_fault+0x110/0x1d0
[ 1127.233438]  ? save_trace+0x290/0x290
[ 1127.233449]  ? __might_fault+0x110/0x1d0
05:09:15 executing program 3:

[ 1127.233461]  ? __fget+0x210/0x370
[ 1127.233472]  ? find_held_lock+0x35/0x130
[ 1127.233481]  ? __fget+0x210/0x370
[ 1127.233491]  ? kvm_vcpu_release+0xa0/0xa0
[ 1127.233501]  do_vfs_ioctl+0x7ae/0x1060
[ 1127.233515]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1127.233524]  ? lock_downgrade+0x740/0x740
[ 1127.233535]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1127.233547]  ? __fget+0x237/0x370
[ 1127.233564]  ? security_file_ioctl+0x89/0xb0
[ 1127.233577]  SyS_ioctl+0x8f/0xc0
[ 1127.233586]  ? do_vfs_ioctl+0x1060/0x1060
[ 1127.233598]  do_syscall_64+0x1e8/0x640
[ 1127.233609]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1127.233625]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1127.233633] RIP: 0033:0x45c429
[ 1127.233638] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1127.233649] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1127.233656] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1127.233661] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
05:09:15 executing program 3:

[ 1127.233666] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1127.233672] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1127.338667] warn_alloc_show_mem: 2 callbacks suppressed
[ 1127.338671] Mem-Info:
[ 1127.355184] (null)
[ 1127.388220] active_anon:837678 inactive_anon:4833 isolated_anon:0
[ 1127.388220]  active_file:14326 inactive_file:7019 isolated_file:0
[ 1127.388220]  unevictable:0 dirty:385 writeback:0 unstable:0
[ 1127.388220]  slab_reclaimable:17939 slab_unreclaimable:152127
[ 1127.388220]  mapped:59410 shmem:255 pagetables:16957 bounce:0
[ 1127.388220]  free:472053 free_pcp:366 free_cma:0
[ 1127.408865] syz-executor.5 cpuset=
[ 1127.431394] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
05:09:15 executing program 3:

[ 1127.475483] Node 1 active_anon:1430032kB inactive_anon:18548kB active_file:55448kB inactive_file:24980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26904kB dirty:1420kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1127.476605] syz5
[ 1127.511535] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1127.526277]  mems_allowed=0-1
[ 1127.581743] CPU: 1 PID: 11588 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1127.584093] lowmem_reserve[]:
[ 1127.589756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1127.589762] Call Trace:
[ 1127.589782]  dump_stack+0x142/0x197
[ 1127.589797]  warn_alloc.cold+0x96/0x1af
[ 1127.589807]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1127.589824]  ? wait_for_completion+0x420/0x420
[ 1127.589838]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1127.589859]  ? warn_alloc+0xf0/0xf0
[ 1127.607933]  0
[ 1127.610266]  ? __might_sleep+0x93/0xb0
[ 1127.610280]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1127.610293]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1127.610307]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1127.614581]  2569
[ 1127.619163]  alloc_pages_current+0xec/0x1e0
[ 1127.619187]  kvm_mmu_create+0xdf/0x1e0
[ 1127.619203]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1127.619220]  kvm_vcpu_init+0x272/0x360
[ 1127.624163]  2569
[ 1127.628640]  vmx_create_vcpu+0xfc/0x2aa0
[ 1127.628659]  ? __mutex_unlock_slowpath+0xb4/0x800
[ 1127.628670]  ? retint_kernel+0x2d/0x2d
[ 1127.628679]  ? handle_rdmsr+0x6e0/0x6e0
[ 1127.628688]  ? wait_for_completion+0x420/0x420
[ 1127.628702]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1127.628716]  kvm_vm_ioctl+0x501/0x1600
[ 1127.632590]  2569
[ 1127.634157]  ? __lock_acquire+0x5f7/0x4620
[ 1127.634167]  ? mark_held_locks+0xb1/0x100
[ 1127.634183]  ? kvm_vcpu_release+0xa0/0xa0
[ 1127.634193]  ? trace_hardirqs_on+0x10/0x10
[ 1127.634206]  ? retint_kernel+0x2d/0x2d
[ 1127.638350]  2569
[ 1127.642796]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1127.642810]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1127.642824]  ? check_preemption_disabled+0x3c/0x250
[ 1127.642833]  ? retint_kernel+0x2d/0x2d
[ 1127.642849]  ? do_vfs_ioctl+0x83/0x1060
[ 1127.642863]  ? kvm_vcpu_release+0xa0/0xa0
[ 1127.653182]  do_vfs_ioctl+0x7ae/0x1060
[ 1127.653199]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1127.653210]  ? lock_downgrade+0x740/0x740
[ 1127.653220]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1127.653231]  ? __fget+0x237/0x370
[ 1127.653246]  ? security_file_ioctl+0x89/0xb0
05:09:15 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:15 executing program 1:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0)
io_setup(0x5f, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x806, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, 0x0}])

[ 1127.653265]  SyS_ioctl+0x8f/0xc0
[ 1127.655905] Node 0 
[ 1127.660129]  ? do_vfs_ioctl+0x1060/0x1060
[ 1127.660143]  do_syscall_64+0x1e8/0x640
[ 1127.660153]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1127.660171]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1127.660178] RIP: 0033:0x45c429
[ 1127.660182] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1127.660193] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1127.660199] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1127.660203] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1127.660208] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1127.660213] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1127.865548] DMA32 free:32360kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:468kB local_pcp:128kB free_cma:0kB
[ 1127.898985] lowmem_reserve[]: 0 0 0 0 0
[ 1127.903545] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1127.929046] lowmem_reserve[]: 0 0 0 0 0
[ 1127.933401] Node 1 Normal free:1845692kB min:53504kB low:66880kB high:80256kB active_anon:1429732kB inactive_anon:18548kB active_file:55448kB inactive_file:24980kB unevictable:0kB writepending:1420kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14080kB pagetables:28064kB bounce:0kB free_pcp:1168kB local_pcp:436kB free_cma:0kB
[ 1127.965379] lowmem_reserve[]: 0 0 0 0 0
[ 1127.969432] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1127.985805] Node 0 DMA32: 732*4kB (UME) 659*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32360kB
[ 1128.001560] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1128.012862] Node 1 Normal: 200*4kB (UME) 6*8kB (ME) 764*16kB (UME) 383*32kB (UME) 138*64kB (UME) 15*128kB (UM) 17*256kB (ME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1845744kB
[ 1128.025142] syz-executor.5: 
[ 1128.030863] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.030872] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.030879] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.030886] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.030890] 21607 total pagecache pages
[ 1128.030902] 0 pages in swap cache
[ 1128.030908] Swap cache stats: add 0, delete 0, find 0/0
05:09:15 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:15 executing program 3:

05:09:15 executing program 0:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:15 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1128.030912] Free swap  = 0kB
[ 1128.030915] Total swap = 0kB
[ 1128.030922] 1965979 pages RAM
[ 1128.030926] 0 pages HighMem/MovableOnly
[ 1128.030929] 335854 pages reserved
[ 1128.030933] 0 pages cma reserved
[ 1128.107500] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:09:15 executing program 3:

[ 1128.158324] syz-executor.5 cpuset=syz5 mems_allowed=0-1
05:09:15 executing program 1:

05:09:15 executing program 1:

[ 1128.199197] CPU: 0 PID: 11617 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1128.207247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1128.216698] Call Trace:
[ 1128.219302]  dump_stack+0x142/0x197
[ 1128.222979]  warn_alloc.cold+0x96/0x1af
[ 1128.226984]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1128.231850]  ? wait_for_completion+0x420/0x420
[ 1128.236711]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1128.241585]  ? warn_alloc+0xf0/0xf0
[ 1128.245240]  ? __might_sleep+0x93/0xb0
[ 1128.249251]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1128.253938]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1128.259000]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1128.264047]  alloc_pages_current+0xec/0x1e0
[ 1128.268392]  kvm_mmu_create+0xdf/0x1e0
[ 1128.272298]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1128.276802]  kvm_vcpu_init+0x272/0x360
[ 1128.280716]  vmx_create_vcpu+0xfc/0x2aa0
[ 1128.284794]  ? check_preemption_disabled+0x3c/0x250
[ 1128.289858]  ? retint_kernel+0x2d/0x2d
[ 1128.293774]  ? handle_rdmsr+0x6e0/0x6e0
05:09:15 executing program 3:

[ 1128.298129]  ? kvm_arch_vcpu_create+0x14/0xc0
[ 1128.302671]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1128.307193]  kvm_vm_ioctl+0x501/0x1600
[ 1128.311247]  ? __lock_acquire+0x5f7/0x4620
[ 1128.315505]  ? get_unused_fd_flags+0xd0/0xd0
[ 1128.320202]  ? kvm_vcpu_release+0xa0/0xa0
[ 1128.324376]  ? retint_kernel+0x2d/0x2d
[ 1128.328293]  ? retint_kernel+0x2d/0x2d
[ 1128.332214]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1128.337249]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1128.342028]  ? check_preemption_disabled+0x3c/0x250
05:09:16 executing program 3:

05:09:16 executing program 1:

[ 1128.347063]  ? retint_kernel+0x2d/0x2d
[ 1128.350977]  ? kvm_vcpu_release+0xa0/0xa0
[ 1128.355154]  ? kvm_vcpu_release+0xa0/0xa0
[ 1128.359318]  do_vfs_ioctl+0x7ae/0x1060
[ 1128.363275]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1128.368501]  ? check_preemption_disabled+0x3c/0x250
[ 1128.373645]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1128.378083]  ? security_file_ioctl+0x89/0xb0
[ 1128.382510]  SyS_ioctl+0x8f/0xc0
[ 1128.385895]  ? do_vfs_ioctl+0x1060/0x1060
[ 1128.390060]  do_syscall_64+0x1e8/0x640
[ 1128.394097]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1128.398977]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1128.404200] RIP: 0033:0x45c429
[ 1128.407407] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1128.415330] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1128.422612] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1128.430002] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1128.437412] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1128.444699] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1128.474417] warn_alloc_show_mem: 1 callbacks suppressed
[ 1128.474433] Mem-Info:
[ 1128.483622] active_anon:837631 inactive_anon:4834 isolated_anon:0
[ 1128.483622]  active_file:14326 inactive_file:7036 isolated_file:0
[ 1128.483622]  unevictable:0 dirty:399 writeback:0 unstable:0
[ 1128.483622]  slab_reclaimable:17939 slab_unreclaimable:152055
[ 1128.483622]  mapped:59434 shmem:255 pagetables:16925 bounce:0
[ 1128.483622]  free:472284 free_pcp:468 free_cma:0
[ 1128.520790] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1128.550151] Node 1 active_anon:1429844kB inactive_anon:18552kB active_file:55448kB inactive_file:25020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27000kB dirty:1476kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1128.578756] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1128.606315] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1128.611885] Node 0 DMA32 free:32344kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:2996kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:540kB local_pcp:128kB free_cma:0kB
[ 1128.642291] lowmem_reserve[]: 0 0 0 0 0
[ 1128.646605] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1128.673504] lowmem_reserve[]: 0 0 0 0 0
[ 1128.677898] Node 1 Normal free:1846204kB min:53504kB low:66880kB high:80256kB active_anon:1429844kB inactive_anon:18552kB active_file:55448kB inactive_file:25020kB unevictable:0kB writepending:1476kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14048kB pagetables:28084kB bounce:0kB free_pcp:1332kB local_pcp:656kB free_cma:0kB
[ 1128.708623] lowmem_reserve[]: 0 0 0 0 0
[ 1128.712792] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1128.727460] Node 0 DMA32: 732*4kB (UME) 655*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32328kB
[ 1128.743376] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1128.754214] Node 1 Normal: 226*4kB (UME) 125*8kB (UME) 750*16kB (UME) 388*32kB (UME) 137*64kB (UME) 18*128kB (UM) 18*256kB (UME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1847312kB
[ 1128.772302] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.781518] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.791006] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.799892] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.809790] 21625 total pagecache pages
[ 1128.814029] 0 pages in swap cache
[ 1128.817500] Swap cache stats: add 0, delete 0, find 0/0
[ 1128.823037] Free swap  = 0kB
05:09:16 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:16 executing program 3:

05:09:16 executing program 1:
getpid()
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="c9ae00001a", 0x5, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f00000004c0))
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
io_submit(0x0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)

05:09:16 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1128.826058] Total swap = 0kB
[ 1128.829115] 1965979 pages RAM
[ 1128.832382] 0 pages HighMem/MovableOnly
[ 1128.836456] 335854 pages reserved
[ 1128.840096] 0 pages cma reserved
05:09:16 executing program 3:

[ 1129.079665] warn_alloc: 1 callbacks suppressed
[ 1129.079683] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1129.093476] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1129.103242] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1129.109159] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1129.116178] CPU: 1 PID: 11658 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1129.128264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1129.137630] Call Trace:
[ 1129.140264]  dump_stack+0x142/0x197
[ 1129.144010]  warn_alloc.cold+0x96/0x1af
[ 1129.147989]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1129.152855]  ? wait_for_completion+0x420/0x420
[ 1129.157462]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1129.162396]  ? warn_alloc+0xf0/0xf0
[ 1129.166245]  ? __might_sleep+0x93/0xb0
[ 1129.170146]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1129.174841]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1129.180568]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1129.185595]  ? check_preemption_disabled+0x3c/0x250
[ 1129.190735]  alloc_pages_current+0xec/0x1e0
[ 1129.195284]  kvm_mmu_create+0xdf/0x1e0
[ 1129.199199]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1129.203545]  kvm_vcpu_init+0x272/0x360
[ 1129.207562]  vmx_create_vcpu+0xfc/0x2aa0
[ 1129.211638]  ? check_preemption_disabled+0x3c/0x250
[ 1129.216662]  ? retint_kernel+0x2d/0x2d
[ 1129.220660]  ? handle_rdmsr+0x6e0/0x6e0
[ 1129.224664]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1129.228992]  kvm_vm_ioctl+0x501/0x1600
[ 1129.232908]  ? __lock_acquire+0x5f7/0x4620
[ 1129.237270]  ? find_held_lock+0x35/0x130
[ 1129.241345]  ? kvm_vcpu_release+0xa0/0xa0
[ 1129.245560]  ? retint_kernel+0x2d/0x2d
[ 1129.249470]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1129.254497]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1129.259559]  ? check_preemption_disabled+0x3c/0x250
[ 1129.264735]  ? retint_kernel+0x2d/0x2d
[ 1129.268675]  ? __fget+0x210/0x370
[ 1129.272268]  ? lock_release+0x44d/0x940
[ 1129.276260]  ? kvm_vcpu_release+0xa0/0xa0
[ 1129.280413]  do_vfs_ioctl+0x7ae/0x1060
[ 1129.284414]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1129.289196]  ? lock_downgrade+0x740/0x740
[ 1129.293353]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1129.297784]  ? __fget+0x237/0x370
[ 1129.301248]  ? security_file_ioctl+0x89/0xb0
[ 1129.305876]  SyS_ioctl+0x8f/0xc0
[ 1129.309253]  ? do_vfs_ioctl+0x1060/0x1060
[ 1129.313417]  do_syscall_64+0x1e8/0x640
[ 1129.317334]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1129.322287]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1129.327839] RIP: 0033:0x45c429
[ 1129.331035] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1129.338767] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1129.346070] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1129.353382] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1129.361097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1129.368397] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1129.375987] CPU: 0 PID: 11649 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1129.384695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1129.394066] Call Trace:
[ 1129.396675]  dump_stack+0x142/0x197
[ 1129.400344]  warn_alloc.cold+0x96/0x1af
[ 1129.404325]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1129.409195]  ? wait_for_completion+0x420/0x420
[ 1129.413801]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1129.418688]  ? warn_alloc+0xf0/0xf0
[ 1129.422760]  ? __might_sleep+0x93/0xb0
[ 1129.426669]  __alloc_pages_nodemask+0x62c/0x7a0
05:09:17 executing program 4:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:17 executing program 0:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:17 executing program 3:

05:09:17 executing program 1:

[ 1129.431404]  ? __alloc_pages_nodemask+0x3c6/0x7a0
[ 1129.436524]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1129.441627]  alloc_pages_current+0xec/0x1e0
[ 1129.446074]  kvm_mmu_create+0xdf/0x1e0
[ 1129.450149]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1129.454491]  kvm_vcpu_init+0x272/0x360
[ 1129.458402]  vmx_create_vcpu+0xfc/0x2aa0
[ 1129.462579]  ? check_preemption_disabled+0x3c/0x250
[ 1129.467608]  ? handle_rdmsr+0x6e0/0x6e0
[ 1129.471604]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1129.475942]  kvm_vm_ioctl+0x501/0x1600
05:09:17 executing program 3:

[ 1129.479861]  ? __lock_acquire+0x5f7/0x4620
[ 1129.484112]  ? retint_kernel+0x2d/0x2d
[ 1129.488017]  ? kvm_vcpu_release+0xa0/0xa0
[ 1129.492183]  ? trace_hardirqs_on+0x10/0x10
[ 1129.496446]  ? trace_hardirqs_on+0x10/0x10
[ 1129.500708]  ? __might_fault+0x110/0x1d0
[ 1129.504780]  ? save_trace+0x290/0x290
[ 1129.508632]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1129.513667]  ? __fget+0x210/0x370
[ 1129.517159]  ? find_held_lock+0x35/0x130
[ 1129.521270]  ? __fget+0x210/0x370
[ 1129.524737]  ? kvm_vcpu_release+0xa0/0xa0
05:09:17 executing program 3:

[ 1129.528907]  do_vfs_ioctl+0x7ae/0x1060
[ 1129.532964]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1129.537904]  ? lock_downgrade+0x740/0x740
[ 1129.542074]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1129.546501]  ? __fget+0x237/0x370
[ 1129.549976]  ? security_file_ioctl+0x89/0xb0
[ 1129.554401]  SyS_ioctl+0x8f/0xc0
[ 1129.557783]  ? do_vfs_ioctl+0x1060/0x1060
[ 1129.562050]  do_syscall_64+0x1e8/0x640
[ 1129.566185]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1129.571138]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1129.576333] RIP: 0033:0x45c429
05:09:17 executing program 3:

[ 1129.579528] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1129.587666] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1129.595032] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1129.603799] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1129.611216] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1129.618500] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1129.659025] warn_alloc_show_mem: 1 callbacks suppressed
[ 1129.659041] Mem-Info:
[ 1129.667560] active_anon:837648 inactive_anon:4834 isolated_anon:0
[ 1129.667560]  active_file:14326 inactive_file:7036 isolated_file:0
[ 1129.667560]  unevictable:0 dirty:136 writeback:1 unstable:0
[ 1129.667560]  slab_reclaimable:17951 slab_unreclaimable:152231
[ 1129.667560]  mapped:59407 shmem:255 pagetables:16954 bounce:0
[ 1129.667560]  free:471887 free_pcp:377 free_cma:0
[ 1129.716591] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
05:09:17 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:17 executing program 1:

05:09:17 executing program 3:

[ 1129.748270] Node 1 active_anon:1429912kB inactive_anon:18552kB active_file:55448kB inactive_file:25048kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:424kB writeback:4kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1129.795284] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1129.850535] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1129.855689] Node 0 DMA32 free:32352kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:588kB local_pcp:128kB free_cma:0kB
[ 1129.888015] lowmem_reserve[]: 0 0 0 0 0
[ 1129.892299] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1129.918028] lowmem_reserve[]: 0 0 0 0 0
[ 1129.922239] Node 1 Normal free:1846112kB min:53504kB low:66880kB high:80256kB active_anon:1429848kB inactive_anon:18552kB active_file:55448kB inactive_file:25076kB unevictable:0kB writepending:456kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14016kB pagetables:28000kB bounce:0kB free_pcp:1032kB local_pcp:440kB free_cma:0kB
[ 1129.953085] lowmem_reserve[]: 0 0 0 0 0
[ 1129.957176] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1129.972259] Node 0 DMA32: 732*4kB (UME) 658*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32352kB
[ 1129.987964] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1129.999038] Node 1 Normal: 244*4kB (UM) 19*8kB (ME) 695*16kB (UME) 388*32kB (UME) 139*64kB (UME) 16*128kB (UM) 18*256kB (UME) 13*512kB (UM) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1846040kB
[ 1130.016967] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1130.025989] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1130.034709] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
05:09:17 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:17 executing program 3:

[ 1130.044354] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1130.053071] 21631 total pagecache pages
[ 1130.057113] 0 pages in swap cache
[ 1130.060774] Swap cache stats: add 0, delete 0, find 0/0
[ 1130.066199] Free swap  = 0kB
[ 1130.069290] Total swap = 0kB
[ 1130.072475] 1965979 pages RAM
[ 1130.075650] 0 pages HighMem/MovableOnly
[ 1130.080084] 335854 pages reserved
[ 1130.083624] 0 pages cma reserved
[ 1130.133276] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1130.158379] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1130.168099] CPU: 1 PID: 11689 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1130.176016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1130.185590] Call Trace:
[ 1130.188193]  dump_stack+0x142/0x197
[ 1130.191836]  warn_alloc.cold+0x96/0x1af
[ 1130.195833]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1130.200699]  ? wait_for_completion+0x420/0x420
[ 1130.205306]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1130.210185]  ? warn_alloc+0xf0/0xf0
[ 1130.213828]  ? __might_sleep+0x93/0xb0
[ 1130.217729]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1130.222417]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1130.227662]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1130.232715]  alloc_pages_current+0xec/0x1e0
[ 1130.237056]  kvm_mmu_create+0xdf/0x1e0
[ 1130.240975]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1130.245334]  ? __sanitizer_cov_trace_pc+0x41/0x60
[ 1130.250287]  kvm_vcpu_init+0x272/0x360
[ 1130.254309]  vmx_create_vcpu+0xfc/0x2aa0
[ 1130.258627]  ? mutex_trylock+0x1c0/0x1c0
[ 1130.262721]  ? handle_rdmsr+0x6e0/0x6e0
[ 1130.266799]  ? wait_for_completion+0x420/0x420
[ 1130.271402]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1130.275737]  kvm_vm_ioctl+0x501/0x1600
[ 1130.279657]  ? __lock_acquire+0x5f7/0x4620
[ 1130.284002]  ? get_unused_fd_flags+0xd0/0xd0
[ 1130.288516]  ? kvm_vcpu_release+0xa0/0xa0
[ 1130.292674]  ? retint_kernel+0x2d/0x2d
[ 1130.296665]  ? retint_kernel+0x2d/0x2d
[ 1130.297631] syz-executor.2: 
[ 1130.300589]  ? retint_kernel+0x2d/0x2d
[ 1130.300603]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1130.300617]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1130.300631]  ? check_preemption_disabled+0x3c/0x250
[ 1130.300639]  ? retint_kernel+0x2d/0x2d
[ 1130.300649]  ? kvm_vcpu_release+0xa0/0xa0
[ 1130.300668]  ? kvm_vcpu_release+0xa0/0xa0
[ 1130.300679]  do_vfs_ioctl+0x7ae/0x1060
[ 1130.300699]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1130.300707]  ? lock_downgrade+0x740/0x740
[ 1130.300719]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1130.300736]  ? __fget+0x237/0x370
[ 1130.303933] page allocation failure: order:0
[ 1130.307633]  ? security_file_ioctl+0x89/0xb0
[ 1130.307646]  SyS_ioctl+0x8f/0xc0
[ 1130.307657]  ? do_vfs_ioctl+0x1060/0x1060
[ 1130.307670]  do_syscall_64+0x1e8/0x640
[ 1130.307679]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:18 executing program 4:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1130.307700]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1130.307708] RIP: 0033:0x45c429
[ 1130.307714] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1130.313284] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1130.317689] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1130.317695] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1130.317700] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
05:09:18 executing program 0:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:18 executing program 1:

05:09:18 executing program 3:

05:09:18 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1130.317705] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1130.317711] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:09:18 executing program 1:

05:09:18 executing program 3:

[ 1130.484032] (null)
[ 1130.486573] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1130.540852] CPU: 0 PID: 11697 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1130.548760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1130.559251] Call Trace:
[ 1130.561859]  dump_stack+0x142/0x197
[ 1130.565510]  warn_alloc.cold+0x96/0x1af
[ 1130.569513]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1130.574515]  ? check_preemption_disabled+0x3c/0x250
[ 1130.579575]  ? retint_kernel+0x2d/0x2d
[ 1130.583483]  __alloc_pages_slowpath+0x23c6/0x2930
05:09:18 executing program 3:

05:09:18 executing program 1:

[ 1130.588452]  ? warn_alloc+0xf0/0xf0
[ 1130.592107]  ? __might_sleep+0x93/0xb0
[ 1130.596012]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1130.600700]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1130.605727]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1130.610878]  ? check_preemption_disabled+0x3c/0x250
[ 1130.615910]  alloc_pages_current+0xec/0x1e0
[ 1130.620512]  kvm_mmu_create+0xdf/0x1e0
[ 1130.624413]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1130.628763]  kvm_vcpu_init+0x272/0x360
[ 1130.632679]  vmx_create_vcpu+0xfc/0x2aa0
05:09:18 executing program 3:

[ 1130.636761]  ? check_preemption_disabled+0x3c/0x250
[ 1130.641798]  ? handle_rdmsr+0x6e0/0x6e0
[ 1130.645800]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1130.650136]  kvm_vm_ioctl+0x501/0x1600
[ 1130.654095]  ? __lock_acquire+0x5f7/0x4620
[ 1130.658606]  ? kvm_vcpu_release+0xa0/0xa0
[ 1130.662762]  ? retint_kernel+0x2d/0x2d
[ 1130.666659]  ? retint_kernel+0x2d/0x2d
[ 1130.670592]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1130.675619]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1130.680499]  ? check_preemption_disabled+0x3c/0x250
[ 1130.685530]  ? retint_kernel+0x2d/0x2d
[ 1130.689458]  ? do_vfs_ioctl+0x83/0x1060
[ 1130.693447]  ? kvm_vcpu_release+0xa0/0xa0
[ 1130.697607]  do_vfs_ioctl+0x7ae/0x1060
[ 1130.701513]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1130.706311]  ? lock_downgrade+0x740/0x740
[ 1130.710474]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1130.714906]  ? __fget+0x237/0x370
[ 1130.718494]  ? security_file_ioctl+0x89/0xb0
[ 1130.722933]  SyS_ioctl+0x8f/0xc0
[ 1130.726467]  ? do_vfs_ioctl+0x1060/0x1060
[ 1130.730631]  do_syscall_64+0x1e8/0x640
[ 1130.734621]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1130.739490]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1130.744780] RIP: 0033:0x45c429
[ 1130.748166] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1130.755915] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1130.763198] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1130.770652] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1130.777969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1130.785314] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1130.797568] warn_alloc_show_mem: 1 callbacks suppressed
[ 1130.797582] Mem-Info:
[ 1130.813433] active_anon:837640 inactive_anon:4837 isolated_anon:0
[ 1130.813433]  active_file:14326 inactive_file:7039 isolated_file:0
[ 1130.813433]  unevictable:0 dirty:138 writeback:19 unstable:0
[ 1130.813433]  slab_reclaimable:17930 slab_unreclaimable:152338
[ 1130.813433]  mapped:59407 shmem:255 pagetables:16884 bounce:0
[ 1130.813433]  free:471905 free_pcp:365 free_cma:0
[ 1130.848670] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1130.878039] Node 1 active_anon:1429800kB inactive_anon:18560kB active_file:55448kB inactive_file:25104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26868kB dirty:448kB writeback:76kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1130.906789] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1130.933928] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1130.939277] Node 0 DMA32 free:32456kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:592kB local_pcp:128kB free_cma:0kB
[ 1130.969646] lowmem_reserve[]: 0 0 0 0 0
[ 1130.973843] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1130.999863] lowmem_reserve[]: 0 0 0 0 0
[ 1131.004068] Node 1 Normal free:1846860kB min:53504kB low:66880kB high:80256kB active_anon:1429800kB inactive_anon:18560kB active_file:55448kB inactive_file:25104kB unevictable:0kB writepending:488kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13888kB pagetables:27868kB bounce:0kB free_pcp:1240kB local_pcp:484kB free_cma:0kB
[ 1131.034445] lowmem_reserve[]: 0 0 0 0 0
[ 1131.038522] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1131.053194] Node 0 DMA32: 732*4kB (UME) 670*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32448kB
[ 1131.068762] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1131.079554] Node 1 Normal: 265*4kB (UME) 152*8kB (UME) 642*16kB (UME) 392*32kB (UME) 139*64kB (UME) 21*128kB (UM) 19*256kB (UME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1846852kB
[ 1131.097653] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1131.106647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1131.115386] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1131.124401] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1131.133076] 21645 total pagecache pages
[ 1131.137052] 0 pages in swap cache
05:09:18 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:18 executing program 1:

[ 1131.140663] Swap cache stats: add 0, delete 0, find 0/0
[ 1131.146030] Free swap  = 0kB
[ 1131.149188] Total swap = 0kB
[ 1131.152265] 1965979 pages RAM
[ 1131.155371] 0 pages HighMem/MovableOnly
[ 1131.159476] 335854 pages reserved
[ 1131.162976] 0 pages cma reserved
05:09:18 executing program 4:
prlimit64(0x0, 0x0, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:19 executing program 0:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:19 executing program 3:

05:09:19 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:19 executing program 1:

[ 1131.306042] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1131.317581] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1131.325492] CPU: 0 PID: 11729 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1131.333406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1131.342769] Call Trace:
[ 1131.345370]  dump_stack+0x142/0x197
[ 1131.349014]  warn_alloc.cold+0x96/0x1af
[ 1131.353057]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1131.357922]  ? wait_for_completion+0x420/0x420
[ 1131.362607]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1131.367483]  ? warn_alloc+0xf0/0xf0
[ 1131.371259]  ? __might_sleep+0x93/0xb0
[ 1131.375164]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1131.379851]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1131.384883]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1131.389918]  ? check_preemption_disabled+0x3c/0x250
[ 1131.394953]  alloc_pages_current+0xec/0x1e0
[ 1131.399551]  kvm_mmu_create+0xdf/0x1e0
[ 1131.403447]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1131.407796]  kvm_vcpu_init+0x272/0x360
[ 1131.411716]  vmx_create_vcpu+0xfc/0x2aa0
[ 1131.415795]  ? check_preemption_disabled+0x3c/0x250
[ 1131.420864]  ? retint_kernel+0x2d/0x2d
[ 1131.424765]  ? handle_rdmsr+0x6e0/0x6e0
[ 1131.428875]  ? kvm_arch_vcpu_create+0x14/0xc0
[ 1131.433386]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1131.437730]  kvm_vm_ioctl+0x501/0x1600
[ 1131.441647]  ? __lock_acquire+0x5f7/0x4620
[ 1131.445901]  ? kvm_vcpu_release+0xa0/0xa0
[ 1131.450060]  ? trace_hardirqs_on+0x10/0x10
[ 1131.454317]  ? trace_hardirqs_on+0x10/0x10
[ 1131.458561]  ? __might_fault+0x110/0x1d0
[ 1131.462633]  ? save_trace+0x290/0x290
[ 1131.466444]  ? __might_fault+0x110/0x1d0
[ 1131.470527]  ? __fget+0x210/0x370
[ 1131.473997]  ? find_held_lock+0x35/0x130
[ 1131.478069]  ? __fget+0x210/0x370
[ 1131.481536]  ? kvm_vcpu_release+0xa0/0xa0
[ 1131.485694]  do_vfs_ioctl+0x7ae/0x1060
[ 1131.489601]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1131.495322]  ? lock_downgrade+0x740/0x740
[ 1131.499482]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1131.503906]  ? __fget+0x237/0x370
[ 1131.507406]  ? security_file_ioctl+0x89/0xb0
[ 1131.511844]  SyS_ioctl+0x8f/0xc0
[ 1131.515218]  ? do_vfs_ioctl+0x1060/0x1060
[ 1131.519571]  do_syscall_64+0x1e8/0x640
[ 1131.523473]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1131.528344]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1131.533548] RIP: 0033:0x45c429
[ 1131.536739] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1131.544464] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
05:09:19 executing program 3:

[ 1131.551823] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1131.559108] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1131.566392] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1131.573679] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1131.576107] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
05:09:19 executing program 3:

[ 1131.632538] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1131.640622] CPU: 1 PID: 11739 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1131.648639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1131.657999] Call Trace:
[ 1131.660607]  dump_stack+0x142/0x197
[ 1131.665472]  warn_alloc.cold+0x96/0x1af
[ 1131.669459]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1131.674327]  ? wait_for_completion+0x420/0x420
[ 1131.678927]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1131.683795]  ? warn_alloc+0xf0/0xf0
[ 1131.687461]  ? __might_sleep+0x93/0xb0
[ 1131.691365]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1131.696042]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1131.701168]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1131.706203]  alloc_pages_current+0xec/0x1e0
[ 1131.710538]  kvm_mmu_create+0xdf/0x1e0
[ 1131.714442]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1131.718788]  kvm_vcpu_init+0x272/0x360
[ 1131.722689]  vmx_create_vcpu+0xfc/0x2aa0
[ 1131.726882]  ? mutex_trylock+0x1c0/0x1c0
[ 1131.730964]  ? handle_rdmsr+0x6e0/0x6e0
[ 1131.735068]  ? wait_for_completion+0x420/0x420
[ 1131.739673]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1131.744012]  kvm_vm_ioctl+0x501/0x1600
[ 1131.747914]  ? __lock_acquire+0x5f7/0x4620
[ 1131.752157]  ? find_held_lock+0x35/0x130
[ 1131.756235]  ? kvm_vcpu_release+0xa0/0xa0
[ 1131.760393]  ? trace_hardirqs_on+0x10/0x10
[ 1131.764643]  ? trace_hardirqs_on+0x10/0x10
[ 1131.768921]  ? __might_fault+0x110/0x1d0
[ 1131.772994]  ? save_trace+0x290/0x290
[ 1131.776809]  ? __might_fault+0x110/0x1d0
[ 1131.781054]  ? __fget+0x210/0x370
[ 1131.784521]  ? retint_kernel+0x2d/0x2d
[ 1131.788432]  ? kvm_vcpu_release+0xa0/0xa0
[ 1131.792602]  do_vfs_ioctl+0x7ae/0x1060
[ 1131.796501]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1131.801265]  ? check_preemption_disabled+0x3c/0x250
[ 1131.806296]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1131.810728]  ? security_file_ioctl+0x89/0xb0
[ 1131.815278]  SyS_ioctl+0x8f/0xc0
[ 1131.818661]  ? do_vfs_ioctl+0x1060/0x1060
[ 1131.822816]  do_syscall_64+0x1e8/0x640
[ 1131.826721]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:19 executing program 3:

05:09:19 executing program 1:

05:09:19 executing program 1:

[ 1131.831588]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1131.836883] RIP: 0033:0x45c429
[ 1131.840077] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1131.847884] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1131.855159] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1131.862540] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1131.869812] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1131.877295] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1131.887746] warn_alloc_show_mem: 1 callbacks suppressed
[ 1131.887769] Mem-Info:
[ 1131.895926] active_anon:837644 inactive_anon:4834 isolated_anon:0
[ 1131.895926]  active_file:14326 inactive_file:7057 isolated_file:0
[ 1131.895926]  unevictable:0 dirty:154 writeback:0 unstable:0
[ 1131.895926]  slab_reclaimable:17895 slab_unreclaimable:152281
[ 1131.895926]  mapped:59407 shmem:255 pagetables:16907 bounce:0
[ 1131.895926]  free:471913 free_pcp:415 free_cma:0
05:09:19 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:19 executing program 3:

[ 1131.932021] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1131.961304] Node 1 active_anon:1429772kB inactive_anon:18552kB active_file:55448kB inactive_file:25132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:496kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1132.000455] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1132.032172] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1132.037493] Node 0 DMA32 free:32448kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:568kB local_pcp:448kB free_cma:0kB
[ 1132.068215] lowmem_reserve[]: 0 0 0 0 0
05:09:19 executing program 4:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1132.072646] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1132.111951] lowmem_reserve[]: 0 0 0 0 0
[ 1132.116285] Node 1 Normal free:1846768kB min:53504kB low:66880kB high:80256kB active_anon:1429760kB inactive_anon:18552kB active_file:55448kB inactive_file:25168kB unevictable:0kB writepending:532kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13952kB pagetables:27868kB bounce:0kB free_pcp:1440kB local_pcp:732kB free_cma:0kB
[ 1132.159356] lowmem_reserve[]: 0 0 0 0 0
05:09:19 executing program 0:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:19 executing program 1:

[ 1132.182217] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1132.210454] Node 0 DMA32: 732*4kB (UME) 668*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (M) 2*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 32432kB
[ 1132.224188] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1132.246213] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1132.267611] Node 1 Normal: 217*4kB (UM) 171*8kB (UME) 674*16kB (UME) 384*32kB (UME) 138*64kB (UME) 21*128kB (UM) 19*256kB (UME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1847004kB
[ 1132.269070] syz-executor.2 cpuset=
[ 1132.289481] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1132.291886] syz2
[ 1132.299337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1132.303819]  mems_allowed=0-1
[ 1132.304953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1132.314190] CPU: 0 PID: 11762 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1132.319495] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1132.325168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1132.325173] Call Trace:
[ 1132.325193]  dump_stack+0x142/0x197
[ 1132.325206]  warn_alloc.cold+0x96/0x1af
[ 1132.325215]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1132.325233]  ? wait_for_completion+0x420/0x420
[ 1132.325249]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1132.325265]  ? retint_kernel+0x2d/0x2d
[ 1132.325279]  ? warn_alloc+0xf0/0xf0
[ 1132.325290]  ? check_preemption_disabled+0x3c/0x250
[ 1132.325309]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1132.325320]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1132.325331]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1132.325349]  alloc_pages_current+0xec/0x1e0
[ 1132.337951] 21654 total pagecache pages
[ 1132.341841]  kvm_mmu_create+0xdf/0x1e0
[ 1132.341859]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1132.341871]  kvm_vcpu_init+0x272/0x360
[ 1132.341882]  vmx_create_vcpu+0xfc/0x2aa0
[ 1132.341893]  ? mutex_trylock+0x1c0/0x1c0
[ 1132.341909]  ? handle_rdmsr+0x6e0/0x6e0
[ 1132.341918]  ? wait_for_completion+0x420/0x420
[ 1132.341932]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1132.355280] 0 pages in swap cache
[ 1132.357536]  kvm_vm_ioctl+0x501/0x1600
[ 1132.357549]  ? __lock_acquire+0x5f7/0x4620
[ 1132.357561]  ? mark_held_locks+0xb1/0x100
[ 1132.362393] Swap cache stats: add 0, delete 0, find 0/0
[ 1132.366822]  ? kvm_vcpu_release+0xa0/0xa0
[ 1132.366835]  ? trace_hardirqs_on+0x10/0x10
[ 1132.366846]  ? retint_kernel+0x2d/0x2d
[ 1132.366856]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1132.366870]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1132.375745] Free swap  = 0kB
[ 1132.376394]  ? check_preemption_disabled+0x3c/0x250
[ 1132.380491] Total swap = 0kB
[ 1132.384055]  ? retint_kernel+0x2d/0x2d
[ 1132.384074]  ? do_vfs_ioctl+0x83/0x1060
[ 1132.384087]  ? kvm_vcpu_release+0xa0/0xa0
[ 1132.384101]  do_vfs_ioctl+0x7ae/0x1060
[ 1132.389212] 1965979 pages RAM
[ 1132.393999]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1132.394011]  ? lock_downgrade+0x740/0x740
[ 1132.394023]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1132.394034]  ? __fget+0x237/0x370
[ 1132.394052]  ? security_file_ioctl+0x89/0xb0
[ 1132.394062]  SyS_ioctl+0x8f/0xc0
[ 1132.394070]  ? do_vfs_ioctl+0x1060/0x1060
[ 1132.394083]  do_syscall_64+0x1e8/0x640
[ 1132.394093]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1132.394109]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1132.394118] RIP: 0033:0x45c429
[ 1132.394123] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1132.394134] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
05:09:20 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:20 executing program 3:

05:09:20 executing program 1:

05:09:20 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1132.394139] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1132.394143] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1132.394148] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1132.394153] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1132.613621] 0 pages HighMem/MovableOnly
[ 1132.617815] 335854 pages reserved
[ 1132.621880] 0 pages cma reserved
05:09:20 executing program 3:

05:09:20 executing program 1:

[ 1132.717115] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1132.744552] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1132.751500] CPU: 1 PID: 11780 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1132.759486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1132.768881] Call Trace:
[ 1132.771488]  dump_stack+0x142/0x197
[ 1132.775202]  warn_alloc.cold+0x96/0x1af
[ 1132.779202]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1132.784165]  ? wait_for_completion+0x420/0x420
[ 1132.789289]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1132.794700]  ? warn_alloc+0xf0/0xf0
[ 1132.798352]  ? __might_sleep+0x93/0xb0
[ 1132.803216]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1132.807918]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1132.813066]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1132.818112]  alloc_pages_current+0xec/0x1e0
[ 1132.822468]  kvm_mmu_create+0xdf/0x1e0
[ 1132.826482]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1132.830821]  kvm_vcpu_init+0x272/0x360
[ 1132.834722]  vmx_create_vcpu+0xfc/0x2aa0
[ 1132.838915]  ? mutex_trylock+0x1c0/0x1c0
[ 1132.843089]  ? handle_rdmsr+0x6e0/0x6e0
[ 1132.847073]  ? wait_for_completion+0x420/0x420
[ 1132.851681]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1132.856038]  kvm_vm_ioctl+0x501/0x1600
[ 1132.859939]  ? __lock_acquire+0x5f7/0x4620
[ 1132.864218]  ? find_held_lock+0x35/0x130
[ 1132.868302]  ? kvm_vcpu_release+0xa0/0xa0
[ 1132.872469]  ? trace_hardirqs_on+0x10/0x10
[ 1132.878245]  ? trace_hardirqs_on+0x10/0x10
[ 1132.882510]  ? __might_fault+0x110/0x1d0
[ 1132.886581]  ? save_trace+0x290/0x290
[ 1132.890390]  ? __might_fault+0x110/0x1d0
[ 1132.894457]  ? __fget+0x210/0x370
[ 1132.897928]  ? find_held_lock+0x35/0x130
[ 1132.902070]  ? __fget+0x210/0x370
[ 1132.905536]  ? kvm_vcpu_release+0xa0/0xa0
[ 1132.907690] syz-executor.5: 
[ 1132.909697]  do_vfs_ioctl+0x7ae/0x1060
05:09:20 executing program 3:

05:09:20 executing program 1:

[ 1132.909712]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1132.909722]  ? lock_downgrade+0x740/0x740
[ 1132.909733]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1132.909745]  ? __fget+0x237/0x370
[ 1132.909774]  ? security_file_ioctl+0x89/0xb0
[ 1132.913105] page allocation failure: order:0
[ 1132.916691]  SyS_ioctl+0x8f/0xc0
[ 1132.916703]  ? do_vfs_ioctl+0x1060/0x1060
[ 1132.916717]  do_syscall_64+0x1e8/0x640
[ 1132.916728]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1132.916744]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1132.916753] RIP: 0033:0x45c429
[ 1132.916757] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1132.921731] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1132.925686] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1132.925706] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1132.925712] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1132.925717] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
05:09:20 executing program 1:

[ 1132.925722] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1132.949747] warn_alloc_show_mem: 1 callbacks suppressed
[ 1132.949752] Mem-Info:
[ 1132.989888] (null)
[ 1133.023819] active_anon:837648 inactive_anon:4834 isolated_anon:0
[ 1133.023819]  active_file:14326 inactive_file:7065 isolated_file:0
[ 1133.023819]  unevictable:0 dirty:169 writeback:0 unstable:0
[ 1133.023819]  slab_reclaimable:17908 slab_unreclaimable:152022
[ 1133.023819]  mapped:59432 shmem:255 pagetables:16929 bounce:0
[ 1133.023819]  free:472201 free_pcp:442 free_cma:0
[ 1133.055502] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1133.098283] CPU: 0 PID: 11785 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1133.107142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1133.116594] Call Trace:
[ 1133.117664] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1133.119255]  dump_stack+0x142/0x197
[ 1133.119271]  warn_alloc.cold+0x96/0x1af
[ 1133.119280]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1133.119294]  ? check_preemption_disabled+0x3c/0x250
[ 1133.165210] Node 1 active_anon:1429668kB inactive_anon:18552kB active_file:55448kB inactive_file:25204kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:27008kB dirty:580kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1133.166617]  ? retint_kernel+0x2d/0x2d
[ 1133.166641]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1133.199909] Node 0 
[ 1133.203834]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1133.203857]  ? warn_alloc+0xf0/0xf0
[ 1133.203876]  ? __might_sleep+0x93/0xb0
[ 1133.203888]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1133.203898]  ? retint_kernel+0x2d/0x2d
[ 1133.203908]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1133.203917]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1133.203930]  ? check_preemption_disabled+0x3c/0x250
[ 1133.203939]  ? retint_kernel+0x2d/0x2d
[ 1133.203958]  alloc_pages_current+0xec/0x1e0
[ 1133.203972]  kvm_mmu_create+0xdf/0x1e0
[ 1133.203984]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1133.203996]  kvm_vcpu_init+0x272/0x360
[ 1133.204010]  vmx_create_vcpu+0xfc/0x2aa0
[ 1133.216623] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1133.218497]  ? mutex_trylock+0x1c0/0x1c0
[ 1133.218508]  ? retint_kernel+0x2d/0x2d
[ 1133.218525]  ? handle_rdmsr+0x6e0/0x6e0
[ 1133.234500] lowmem_reserve[]:
[ 1133.236872]  ? wait_for_completion+0x420/0x420
[ 1133.236890]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1133.236908]  kvm_vm_ioctl+0x501/0x1600
[ 1133.242754]  0
[ 1133.245847]  ? __lock_acquire+0x5f7/0x4620
[ 1133.245858]  ? trace_hardirqs_on_caller+0x400/0x590
05:09:21 executing program 4:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:21 executing program 3:

05:09:21 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1133.245871]  ? kvm_vcpu_release+0xa0/0xa0
[ 1133.245884]  ? retint_kernel+0x2d/0x2d
[ 1133.254005]  2569
[ 1133.254107]  ? retint_kernel+0x2d/0x2d
[ 1133.258567]  2569
[ 1133.262331]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1133.262343]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1133.262354]  ? check_preemption_disabled+0x3c/0x250
[ 1133.262364]  ? retint_kernel+0x2d/0x2d
[ 1133.262381]  ? kvm_vcpu_release+0xa0/0xa0
[ 1133.262399]  ? kvm_vcpu_release+0xa0/0xa0
[ 1133.262419]  do_vfs_ioctl+0x7ae/0x1060
[ 1133.267716]  2569
[ 1133.292781]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1133.292793]  ? lock_downgrade+0x740/0x740
[ 1133.292806]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1133.292818]  ? __fget+0x237/0x370
[ 1133.292833]  ? security_file_ioctl+0x89/0xb0
[ 1133.292843]  SyS_ioctl+0x8f/0xc0
[ 1133.292852]  ? do_vfs_ioctl+0x1060/0x1060
[ 1133.292864]  do_syscall_64+0x1e8/0x640
[ 1133.292873]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1133.292888]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1133.292897] RIP: 0033:0x45c429
05:09:21 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:21 executing program 3:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x42800)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x280, 0x0)
getsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000300), &(0x7f0000000340)=0x4)
r2 = open(&(0x7f0000000400)='./file1\x00', 0x664000, 0x0)
getpid()
r3 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000540)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x2, 0x0, 0x40, 0x4, 0xfffe, 0x1, 0x0, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x20}, {0x3ff, 0x1, 0x80, 0x1, 0x0, 0x7, 0x3, 0xa80}, {0x80, 0x0, 0x8001, 0x2b24}, 0x7, 0x6e6bb4, 0x0, 0x0, 0x0, 0x1}, {{@in6=@ipv4={[], [], @loopback}, 0x4d6, 0x6c}, 0x0, @in=@multicast1, 0x3504, 0x2, 0x0, 0xb7, 0x8, 0x23c, 0x9}}, 0xe8)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$VFIO_CHECK_EXTENSION(r2, 0x3b65, 0x5)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x320f)
sysfs$3(0x3)
getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x3, &(0x7f0000000380), &(0x7f00000003c0)=0x4)
open(0x0, 0x141042, 0x0)
r5 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x0, 0x5, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r5, 0x84, 0x12, &(0x7f0000000180), &(0x7f0000000200)=0x4)

05:09:21 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @remote}, 0xc)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')

[ 1133.292902] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1133.292911] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1133.292916] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1133.292921] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1133.292926] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1133.292932] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1133.508515]  2569
[ 1133.511835] Node 0 DMA32 free:32408kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:556kB local_pcp:424kB free_cma:0kB
[ 1133.542908] lowmem_reserve[]: 0 0 0 0 0
[ 1133.560579] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1133.608232] lowmem_reserve[]: 0 0 0 0 0
[ 1133.614340] Node 1 Normal free:1846876kB min:53504kB low:66880kB high:80256kB active_anon:1429724kB inactive_anon:18544kB active_file:55448kB inactive_file:25204kB unevictable:0kB writepending:592kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14016kB pagetables:27908kB bounce:0kB free_pcp:1220kB local_pcp:612kB free_cma:0kB
[ 1133.646892] lowmem_reserve[]: 0 0 0 0 0
[ 1133.651677] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1133.666361] Node 0 DMA32: 732*4kB (UME) 663*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31368kB
[ 1133.681846] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1133.692958] Node 1 Normal: 268*4kB (UM) 277*8kB (UME) 692*16kB (UME) 385*32kB (UME) 139*64kB (UME) 15*128kB (UM) 18*256kB (UME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 437*4096kB (M) = 1847416kB
[ 1133.711081] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1133.720202] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1133.729119] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1133.738185] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1133.747582] 21663 total pagecache pages
[ 1133.751815] 0 pages in swap cache
[ 1133.755382] Swap cache stats: add 0, delete 0, find 0/0
05:09:21 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:21 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}]}})

05:09:21 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @remote}, 0xc)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')

[ 1133.761126] Free swap  = 0kB
[ 1133.764288] Total swap = 0kB
[ 1133.767424] 1965979 pages RAM
[ 1133.770739] 0 pages HighMem/MovableOnly
[ 1133.774831] 335854 pages reserved
[ 1133.776184] syz-executor.5: 
[ 1133.778399] 0 pages cma reserved
[ 1133.778554] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1133.827618] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1133.834926] CPU: 0 PID: 11811 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1133.842843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1133.852207] Call Trace:
[ 1133.854820]  dump_stack+0x142/0x197
[ 1133.858473]  warn_alloc.cold+0x96/0x1af
[ 1133.862463]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1133.867484]  ? check_preemption_disabled+0x3c/0x250
[ 1133.872654]  ? retint_kernel+0x2d/0x2d
[ 1133.876594]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1133.881498]  ? warn_alloc+0xf0/0xf0
[ 1133.885177]  ? __might_sleep+0x93/0xb0
[ 1133.889080]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1133.893764]  ? retint_kernel+0x2d/0x2d
[ 1133.897667]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1133.902699]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1133.907467]  ? check_preemption_disabled+0x3c/0x250
[ 1133.912495]  ? retint_kernel+0x2d/0x2d
[ 1133.916403]  alloc_pages_current+0xec/0x1e0
[ 1133.920739]  kvm_mmu_create+0xdf/0x1e0
[ 1133.924641]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1133.928976]  kvm_vcpu_init+0x272/0x360
[ 1133.932883]  vmx_create_vcpu+0xfc/0x2aa0
[ 1133.936971]  ? check_preemption_disabled+0x3c/0x250
[ 1133.942255]  ? retint_kernel+0x2d/0x2d
[ 1133.946162]  ? handle_rdmsr+0x6e0/0x6e0
[ 1133.950241]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1133.954600]  kvm_vm_ioctl+0x501/0x1600
[ 1133.958500]  ? __lock_acquire+0x5f7/0x4620
05:09:21 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:21 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1133.962742]  ? get_unused_fd_flags+0xd0/0xd0
[ 1133.967758]  ? kvm_vcpu_release+0xa0/0xa0
[ 1133.971942]  ? trace_hardirqs_on+0x10/0x10
[ 1133.976191]  ? retint_kernel+0x2d/0x2d
[ 1133.980357]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1133.985380]  ? save_trace+0x290/0x290
[ 1133.989189]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1133.994221]  ? __fget+0x210/0x370
[ 1133.997685]  ? find_held_lock+0x35/0x130
[ 1134.001753]  ? __fget+0x210/0x370
[ 1134.005219]  ? kvm_vcpu_release+0xa0/0xa0
[ 1134.009381]  do_vfs_ioctl+0x7ae/0x1060
[ 1134.013645]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1134.018644]  ? lock_downgrade+0x740/0x740
[ 1134.022972]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1134.027412]  ? __fget+0x237/0x370
[ 1134.030919]  ? security_file_ioctl+0x89/0xb0
[ 1134.035377]  SyS_ioctl+0x8f/0xc0
[ 1134.038757]  ? do_vfs_ioctl+0x1060/0x1060
[ 1134.042919]  do_syscall_64+0x1e8/0x640
[ 1134.046833]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1134.052062]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1134.057266] RIP: 0033:0x45c429
[ 1134.060463] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1134.068900] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1134.076187] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1134.083482] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1134.090795] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1134.098081] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1134.130841] warn_alloc_show_mem: 1 callbacks suppressed
[ 1134.130855] Mem-Info:
[ 1134.139211] active_anon:837570 inactive_anon:4835 isolated_anon:0
[ 1134.139211]  active_file:14326 inactive_file:7078 isolated_file:0
[ 1134.139211]  unevictable:0 dirty:183 writeback:0 unstable:0
[ 1134.139211]  slab_reclaimable:17937 slab_unreclaimable:152641
[ 1134.139211]  mapped:59410 shmem:255 pagetables:16893 bounce:0
[ 1134.139211]  free:471931 free_pcp:351 free_cma:0
05:09:21 executing program 4:
prlimit64(0x0, 0x7, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:21 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(0x0, 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:21 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0)

[ 1134.183986] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1134.228056] Node 1 active_anon:1429700kB inactive_anon:18556kB active_file:55448kB inactive_file:25216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26904kB dirty:612kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1134.256873] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1134.283909] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1134.289489] Node 0 DMA32 free:31368kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:580kB local_pcp:144kB free_cma:0kB
[ 1134.320864] lowmem_reserve[]: 0 0 0 0 0
[ 1134.325265] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1134.353196] lowmem_reserve[]: 0 0 0 0 0
[ 1134.357638] Node 1 Normal free:1845672kB min:53504kB low:66880kB high:80256kB active_anon:1429900kB inactive_anon:18556kB active_file:55448kB inactive_file:25216kB unevictable:0kB writepending:612kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13984kB pagetables:27956kB bounce:0kB free_pcp:888kB local_pcp:676kB free_cma:0kB
[ 1134.388818] lowmem_reserve[]: 0 0 0 0 0
[ 1134.393456] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1134.404504] syz-executor.2: 
[ 1134.409435] Node 0 
[ 1134.409576] page allocation failure: order:0
[ 1134.412956] DMA32: 732*4kB (UME) 665*8kB (UMH) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31384kB
[ 1134.422033] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1134.435387] Node 0 
[ 1134.439434] (null)
[ 1134.441715] Normal: 
[ 1134.444831] syz-executor.2 cpuset=
[ 1134.446157] 0*4kB 
[ 1134.448751] syz2
[ 1134.452288] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1134.458980]  mems_allowed=0-1
[ 1134.466088] Node 1 Normal: 258*4kB (UME) 399*8kB (UME) 761*16kB (UME) 397*32kB (UME) 142*64kB (UME) 15*128kB (UM) 17*256kB (ME) 12*512kB (M) 3*1024kB (UM) 3*2048kB (UME) 436*4096kB (M) = 1845680kB
[ 1134.474392] CPU: 1 PID: 11847 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1134.488108] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1134.495531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1134.495537] Call Trace:
[ 1134.495557]  dump_stack+0x142/0x197
[ 1134.495570]  warn_alloc.cold+0x96/0x1af
[ 1134.495579]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1134.495589]  ? check_preemption_disabled+0x3c/0x250
[ 1134.495598]  ? retint_kernel+0x2d/0x2d
[ 1134.495618]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1134.495642]  ? warn_alloc+0xf0/0xf0
[ 1134.495662]  ? __might_sleep+0x93/0xb0
[ 1134.495674]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1134.495695]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1134.504750] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1134.514059]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1134.514081]  alloc_pages_current+0xec/0x1e0
[ 1134.514096]  kvm_mmu_create+0xdf/0x1e0
[ 1134.514109]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1134.514124]  kvm_vcpu_init+0x272/0x360
[ 1134.514137]  vmx_create_vcpu+0xfc/0x2aa0
[ 1134.514149]  ? mutex_trylock+0x1c0/0x1c0
[ 1134.514164]  ? retint_kernel+0x2d/0x2d
[ 1134.516773] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1134.520393]  ? handle_rdmsr+0x6e0/0x6e0
[ 1134.520405]  ? wait_for_completion+0x420/0x420
[ 1134.520418]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1134.520430]  kvm_vm_ioctl+0x501/0x1600
[ 1134.520440]  ? __lock_acquire+0x5f7/0x4620
[ 1134.520455]  ? kvm_vcpu_release+0xa0/0xa0
[ 1134.524424] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1134.529261]  ? trace_hardirqs_on+0x10/0x10
[ 1134.529277]  ? trace_hardirqs_on+0x10/0x10
[ 1134.529290]  ? __might_fault+0x110/0x1d0
[ 1134.529305]  ? save_trace+0x290/0x290
[ 1134.534624] 21666 total pagecache pages
[ 1134.538468]  ? __might_fault+0x110/0x1d0
[ 1134.538482]  ? __fget+0x210/0x370
[ 1134.538500]  ? find_held_lock+0x35/0x130
[ 1134.543805] 0 pages in swap cache
[ 1134.547257]  ? __fget+0x210/0x370
[ 1134.547273]  ? kvm_vcpu_release+0xa0/0xa0
[ 1134.547285]  do_vfs_ioctl+0x7ae/0x1060
[ 1134.547303]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1134.551284] Swap cache stats: add 0, delete 0, find 0/0
[ 1134.555875]  ? lock_downgrade+0x740/0x740
[ 1134.555897]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1134.555911]  ? __fget+0x237/0x370
[ 1134.561597] Free swap  = 0kB
[ 1134.570125]  ? security_file_ioctl+0x89/0xb0
[ 1134.570141]  SyS_ioctl+0x8f/0xc0
[ 1134.570150]  ? do_vfs_ioctl+0x1060/0x1060
[ 1134.570161]  do_syscall_64+0x1e8/0x640
[ 1134.570171]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1134.570187]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1134.570196] RIP: 0033:0x45c429
[ 1134.570201] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1134.575244] Total swap = 0kB
[ 1134.579583] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1134.579589] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
05:09:22 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:22 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:22 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback}, 0x20)

05:09:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x40201, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x7, 0x0, 0x0, 0x0, 0x0, "655a0cf0c920eef08842d50808f2d3cda194a6"})
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000005240)={0x0, 0x0, &(0x7f0000003dc0)=[{0x0}, {&(0x7f0000000d40)="dd2864d5e5c6c173a7e754258bc79dd2ddf387b292fa1eeae0a0b7a907735013ce299d6e9d53175e00f7e794317dd4f9c1de5a0ae9c9d7b16009b5ed2ad0bb21de739b09bf7bcf81e08e3ceb1e7db5ce829419f3ec6991b4098fedec7652b612faa0817ae40385b945d5a53deffac5550e910b32c590f313164d9d966fee48619c14aa764ab53c5647f0afc6dafd1323d28f254610df55b79e40cba2ea83e9a0b7ca30b6fbe9a88ca29f5285ce7092a8dde5e9572494ce82ba2d95a19aff2376252024a200425586c2693e868181cdaf8252482c66fdb7c2d7668068468cfd4bfc210e97a0f5e0fa4fc75aa37dc359800f9a6095230ae58429a34abc84703e4562b41c72369050b3cb947ef2139afdb795cdb0fbf7e14debe1d49f6875e9f79ac9c8625162bc77a83b61a921666d2e1a0048a04797cea0c528c2309dfc066e10d7c777961e47f27417c1edaaa3c4a5cbfd2c7730c3b0bbdf2e1a71569e82e49eb000a6f945b369c84dcc729f3e0194f415ec1aee3aca71baeaf58c93af853615b8307edb31801bdf72cb454eaa6915ce23e2d904de806f259e58b10a1d45ba5a1dafd5a4e292480217db7d5fe41978d2af1bdd6091588850decd384ea70268741f3f07b88775e344a228032ec62a3650682fe2570bc148ebb74648ff61c798ebc2c45385bdaac57e4c97e48a2c7d65a0e6bb8e518854c4aade7d96d292d4be50afead72378bb5c5df2625fac07abe7aa94cf72a4dc65d4eec65144688fdea94892d0683310a4e46d0a77f8b3f04f57471c2aa0cbd811e91a743363ffac640dcba3cf", 0x242}], 0x2}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:09:22 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(0x0, 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1134.579595] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1134.579600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1134.579604] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1134.806957] 1965979 pages RAM
[ 1134.806962] 0 pages HighMem/MovableOnly
[ 1134.806965] 335854 pages reserved
[ 1134.806968] 0 pages cma reserved
05:09:22 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:22 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

[ 1134.934480] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1134.963445] syz-executor.3 cpuset=syz3 mems_allowed=0-1
[ 1134.969576] CPU: 1 PID: 11863 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1134.977510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1134.986874] Call Trace:
[ 1134.989481]  dump_stack+0x142/0x197
[ 1134.993124]  warn_alloc.cold+0x96/0x1af
[ 1134.997123]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1135.001988]  ? wait_for_completion+0x420/0x420
[ 1135.006588]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1135.011601]  ? warn_alloc+0xf0/0xf0
[ 1135.015252]  ? __might_sleep+0x93/0xb0
[ 1135.019167]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1135.023864]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1135.028910]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1135.033954]  alloc_pages_current+0xec/0x1e0
[ 1135.038304]  kvm_mmu_create+0xdf/0x1e0
[ 1135.042204]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1135.046538]  kvm_vcpu_init+0x272/0x360
[ 1135.050462]  vmx_create_vcpu+0xfc/0x2aa0
[ 1135.054585]  ? mutex_trylock+0x1c0/0x1c0
[ 1135.058688]  ? handle_rdmsr+0x6e0/0x6e0
[ 1135.062684]  ? wait_for_completion+0x420/0x420
[ 1135.067542]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1135.072022]  kvm_vm_ioctl+0x501/0x1600
[ 1135.075924]  ? __lock_acquire+0x5f7/0x4620
[ 1135.080323]  ? get_unused_fd_flags+0xd0/0xd0
[ 1135.084834]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.088995]  ? trace_hardirqs_on+0x10/0x10
[ 1135.093256]  ? trace_hardirqs_on+0x10/0x10
[ 1135.097523]  ? __might_fault+0x110/0x1d0
[ 1135.100475] syz-executor.2: 
[ 1135.101591]  ? save_trace+0x290/0x290
[ 1135.101604]  ? __might_fault+0x110/0x1d0
[ 1135.101618]  ? __fget+0x210/0x370
[ 1135.101629]  ? find_held_lock+0x35/0x130
[ 1135.101640]  ? __fget+0x210/0x370
[ 1135.101655]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.101666]  do_vfs_ioctl+0x7ae/0x1060
[ 1135.101683]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1135.105009] page allocation failure: order:0
[ 1135.108649]  ? lock_downgrade+0x740/0x740
[ 1135.108664]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1135.108675]  ? __fget+0x237/0x370
[ 1135.108694]  ? security_file_ioctl+0x89/0xb0
[ 1135.108707]  SyS_ioctl+0x8f/0xc0
[ 1135.108718]  ? do_vfs_ioctl+0x1060/0x1060
[ 1135.108731]  do_syscall_64+0x1e8/0x640
[ 1135.108740]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1135.108756]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
05:09:22 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1135.108764] RIP: 0033:0x45c429
[ 1135.108768] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1135.113618] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1135.116291] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1135.116297] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1135.116303] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1135.116307] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1135.116312] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1135.254642] (null)
[ 1135.257205] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1135.263437] CPU: 0 PID: 11862 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1135.271708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1135.281079] Call Trace:
[ 1135.283692]  dump_stack+0x142/0x197
[ 1135.287519]  warn_alloc.cold+0x96/0x1af
[ 1135.291518]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1135.296550]  ? wait_for_completion+0x420/0x420
[ 1135.301780]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1135.303455] syz-executor.5: 
[ 1135.306673]  ? warn_alloc+0xf0/0xf0
[ 1135.306692]  ? __might_sleep+0x93/0xb0
[ 1135.309727] page allocation failure: order:0
[ 1135.313338]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1135.313352]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1135.313364]  ? retint_kernel+0x2d/0x2d
[ 1135.313379]  alloc_pages_current+0xec/0x1e0
[ 1135.313391]  kvm_mmu_create+0xdf/0x1e0
[ 1135.313405]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1135.313418]  kvm_vcpu_init+0x272/0x360
[ 1135.313430]  vmx_create_vcpu+0xfc/0x2aa0
[ 1135.313441]  ? mutex_trylock+0x1c0/0x1c0
[ 1135.313464]  ? handle_rdmsr+0x6e0/0x6e0
[ 1135.313475]  ? wait_for_completion+0x420/0x420
[ 1135.313492]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1135.313509]  kvm_vm_ioctl+0x501/0x1600
[ 1135.313520]  ? __lock_acquire+0x5f7/0x4620
[ 1135.313533]  ? find_held_lock+0x35/0x130
[ 1135.313546]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.313555]  ? trace_hardirqs_on+0x10/0x10
[ 1135.313571]  ? trace_hardirqs_on+0x10/0x10
[ 1135.313582]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1135.313593]  ? save_trace+0x290/0x290
[ 1135.313607]  ? __fget+0x210/0x370
[ 1135.313621]  ? find_held_lock+0x35/0x130
[ 1135.329672] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1135.331778]  ? __fget+0x210/0x370
[ 1135.331791]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.331802]  do_vfs_ioctl+0x7ae/0x1060
05:09:23 executing program 1:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000280)='SMC_PNETID\x00')
sendmsg$SMC_PNETID_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r1, 0x1, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)

05:09:23 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="7c000000240007ff000c00f2ffff7f000032f2d1", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000900010067726564000000004c0002000800050000000000080005000000000038000300050000000000000028ceb860244d6a9b00000000000000000000000000000000000000000000000200000000000069409f6a37faf0deb4eb5e7364f03a7f27aafccd8080e0dbc314d6a4d9116970c7a65728520ad99f7e65037e111a675376bed7be4cb725004342a9c2e57bf54074628c4703b32b7334516a3b9861df56a64f"], 0x7c}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup3(r4, r3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendmmsg$alg(r2, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0)

[ 1135.331816]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1135.331826]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1135.331837]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1135.331847]  ? check_preemption_disabled+0x3c/0x250
[ 1135.331858]  ? retint_kernel+0x2d/0x2d
[ 1135.331875]  ? security_file_ioctl+0x89/0xb0
[ 1135.331886]  SyS_ioctl+0x8f/0xc0
[ 1135.331896]  ? do_vfs_ioctl+0x1060/0x1060
[ 1135.331908]  do_syscall_64+0x1e8/0x640
[ 1135.331917]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:23 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="7c000000240007ff000c00f2ffff7f000032f2d1", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000900010067726564000000004c0002000800050000000000080005000000000038000300050000000000000028ceb860244d6a9b00000000000000000000000000000000000000000000000200000000000069409f6a37faf0deb4eb5e7364f03a7f27aafccd8080e0dbc314d6a4d9116970c7a65728520ad99f7e65037e111a675376bed7be4cb725004342a9c2e57bf54074628c4703b32b7334516a3b9861df56a64f"], 0x7c}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100), 0x0, 0xfffffdef}], 0x492492492492642, 0x0)

[ 1135.331932]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1135.331940] RIP: 0033:0x45c429
[ 1135.331945] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1135.331956] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1135.331962] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1135.331967] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1135.331974] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1135.331980] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1135.434905] warn_alloc_show_mem: 2 callbacks suppressed
[ 1135.434928] Mem-Info:
[ 1135.451999] (null)
[ 1135.505797] active_anon:837671 inactive_anon:4833 isolated_anon:0
[ 1135.505797]  active_file:14326 inactive_file:7094 isolated_file:0
[ 1135.505797]  unevictable:0 dirty:210 writeback:0 unstable:0
[ 1135.505797]  slab_reclaimable:17955 slab_unreclaimable:152168
[ 1135.505797]  mapped:59407 shmem:255 pagetables:16960 bounce:0
[ 1135.505797]  free:471950 free_pcp:431 free_cma:0
05:09:23 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$tun(r0, &(0x7f0000000180)={@void, @val, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "f426e6", 0x0, "3237fb"}}}}}, 0xfdef)

[ 1135.509823] syz-executor.5 cpuset=
[ 1135.534435] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1135.554765] syz5
[ 1135.598666] Node 1 active_anon:1430004kB inactive_anon:18548kB active_file:55448kB inactive_file:25280kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:720kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1135.657908] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1135.672540]  mems_allowed=0-1
[ 1135.689574] CPU: 1 PID: 11868 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1135.693325] lowmem_reserve[]:
[ 1135.697538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1135.697543] Call Trace:
[ 1135.697562]  dump_stack+0x142/0x197
[ 1135.697576]  warn_alloc.cold+0x96/0x1af
[ 1135.697587]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1135.697600]  ? retint_kernel+0x2d/0x2d
[ 1135.697614]  ? wait_for_completion+0x420/0x420
[ 1135.697629]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1135.697652]  ? warn_alloc+0xf0/0xf0
[ 1135.697671]  ? __might_sleep+0x93/0xb0
[ 1135.697683]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1135.703349]  0
[ 1135.710303]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1135.710316]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1135.710331]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1135.710347]  alloc_pages_current+0xec/0x1e0
[ 1135.710363]  kvm_mmu_create+0xdf/0x1e0
[ 1135.710378]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1135.710390]  kvm_vcpu_init+0x272/0x360
[ 1135.710402]  vmx_create_vcpu+0xfc/0x2aa0
[ 1135.710412]  ? check_preemption_disabled+0x3c/0x250
[ 1135.710422]  ? retint_kernel+0x2d/0x2d
[ 1135.710434]  ? handle_rdmsr+0x6e0/0x6e0
[ 1135.710445]  ? kvm_arch_vcpu_create+0x14/0xc0
[ 1135.710456]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1135.710468]  kvm_vm_ioctl+0x501/0x1600
[ 1135.710486]  ? __lock_acquire+0x5f7/0x4620
[ 1135.713341]  2569
[ 1135.716879]  ? get_unused_fd_flags+0xd0/0xd0
[ 1135.716896]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.716907]  ? trace_hardirqs_on+0x10/0x10
05:09:23 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:23 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:23 executing program 1:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r0, 0x711, 0x0, 0x0, {0x5}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)

[ 1135.716918]  ? retint_kernel+0x2d/0x2d
[ 1135.716929]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1135.716942]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1135.716955]  ? check_preemption_disabled+0x3c/0x250
[ 1135.716964]  ? retint_kernel+0x2d/0x2d
[ 1135.716981]  ? do_vfs_ioctl+0x83/0x1060
[ 1135.716991]  ? kvm_vcpu_release+0xa0/0xa0
[ 1135.717006]  do_vfs_ioctl+0x7ae/0x1060
[ 1135.721345]  2569
[ 1135.725912]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1135.725922]  ? lock_downgrade+0x740/0x740
[ 1135.725935]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1135.725948]  ? __fget+0x237/0x370
[ 1135.725966]  ? security_file_ioctl+0x89/0xb0
[ 1135.725978]  SyS_ioctl+0x8f/0xc0
[ 1135.725988]  ? do_vfs_ioctl+0x1060/0x1060
[ 1135.726003]  do_syscall_64+0x1e8/0x640
[ 1135.730234]  2569
[ 1135.734476]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1135.734496]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1135.734504] RIP: 0033:0x45c429
[ 1135.734510] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1135.734521] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1135.734526] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1135.734532] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1135.734539] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1135.734544] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1135.973550]  2569
05:09:23 executing program 1:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r0, 0x711, 0x0, 0x0, {0x5}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)

[ 1135.976028] Node 0 DMA32 free:31360kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:564kB local_pcp:132kB free_cma:0kB
[ 1136.008943] lowmem_reserve[]: 0 0 0 0 0
[ 1136.013968] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1136.044503] lowmem_reserve[]: 0 0 0 0 0
[ 1136.049060] Node 1 Normal free:1841820kB min:53504kB low:66880kB high:80256kB active_anon:1430004kB inactive_anon:18548kB active_file:55448kB inactive_file:25280kB unevictable:0kB writepending:720kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14240kB pagetables:28076kB bounce:0kB free_pcp:1236kB local_pcp:668kB free_cma:0kB
[ 1136.085454] lowmem_reserve[]: 0 0 0 0 0
[ 1136.090007] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1136.164056] Node 0 DMA32: 732*4kB (UME) 656*8kB (UM) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31312kB
[ 1136.183947] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1136.205061] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1136.212819] Node 1 Normal: 174*4kB (UME) 199*8kB (UME) 758*16kB (UE) 306*32kB (UME) 146*64kB (UME) 27*128kB (UM) 20*256kB (UME) 14*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1843344kB
[ 1136.240518] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1136.246325] CPU: 1 PID: 11914 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1136.254218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1136.263606] Call Trace:
[ 1136.266208]  dump_stack+0x142/0x197
[ 1136.267078] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1136.269959]  warn_alloc.cold+0x96/0x1af
[ 1136.269971]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1136.269989]  ? wait_for_completion+0x420/0x420
[ 1136.270004]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1136.270027]  ? warn_alloc+0xf0/0xf0
[ 1136.270046]  ? __might_sleep+0x93/0xb0
[ 1136.270057]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1136.270069]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1136.270083]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1136.279140] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1136.282926]  alloc_pages_current+0xec/0x1e0
[ 1136.282943]  kvm_mmu_create+0xdf/0x1e0
[ 1136.282955]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1136.282968]  kvm_vcpu_init+0x272/0x360
[ 1136.282981]  vmx_create_vcpu+0xfc/0x2aa0
[ 1136.282993]  ? mutex_trylock+0x1c0/0x1c0
[ 1136.283007]  ? retint_kernel+0x2d/0x2d
[ 1136.283017]  ? handle_rdmsr+0x6e0/0x6e0
[ 1136.283028]  ? wait_for_completion+0x420/0x420
[ 1136.283043]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1136.288364] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1136.292488]  kvm_vm_ioctl+0x501/0x1600
[ 1136.292503]  ? __lock_acquire+0x5f7/0x4620
[ 1136.292511]  ? find_held_lock+0x35/0x130
[ 1136.292524]  ? kvm_vcpu_release+0xa0/0xa0
[ 1136.292532]  ? trace_hardirqs_on+0x10/0x10
[ 1136.292544]  ? retint_kernel+0x2d/0x2d
[ 1136.292555]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1136.292567]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1136.292585]  ? check_preemption_disabled+0x3c/0x250
[ 1136.297615] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1136.301052]  ? retint_kernel+0x2d/0x2d
[ 1136.301065]  ? kvm_vcpu_release+0xa0/0xa0
[ 1136.301081]  ? do_vfs_ioctl+0x74f/0x1060
[ 1136.301092]  ? kvm_vcpu_release+0xa0/0xa0
[ 1136.301100]  do_vfs_ioctl+0x7ae/0x1060
[ 1136.301113]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1136.301123]  ? lock_downgrade+0x740/0x740
[ 1136.301135]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1136.301147]  ? __fget+0x237/0x370
[ 1136.301163]  ? security_file_ioctl+0x89/0xb0
[ 1136.301175]  SyS_ioctl+0x8f/0xc0
[ 1136.301190]  ? do_vfs_ioctl+0x1060/0x1060
[ 1136.305539] 21696 total pagecache pages
[ 1136.309808]  do_syscall_64+0x1e8/0x640
[ 1136.309820]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1136.309836]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1136.309844] RIP: 0033:0x45c429
[ 1136.309849] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1136.309858] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1136.309863] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1136.309869] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1136.309874] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1136.309880] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1136.546541] 0 pages in swap cache
[ 1136.550482] Swap cache stats: add 0, delete 0, find 0/0
[ 1136.556098] Free swap  = 0kB
[ 1136.559180] Total swap = 0kB
[ 1136.563857] 1965979 pages RAM
05:09:24 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(0x0, 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:24 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:24 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r2, 0x0, 0xfea2, 0x20000802, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x3e8, 0x0, 0xffffffd8)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)

05:09:24 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@ipv6_getanyicast={0x14, 0x3e, 0x101}, 0x14}}, 0x0)

05:09:24 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1136.567083] 0 pages HighMem/MovableOnly
[ 1136.571194] 335854 pages reserved
[ 1136.574657] 0 pages cma reserved
05:09:24 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x0, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:24 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000100)=0x100)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000200)={0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:24 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:24 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1136.789397] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1136.807715] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1136.813679] CPU: 0 PID: 11930 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1136.821591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1136.830967] Call Trace:
[ 1136.833575]  dump_stack+0x142/0x197
[ 1136.837217]  warn_alloc.cold+0x96/0x1af
[ 1136.841218]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1136.846092]  ? wait_for_completion+0x420/0x420
[ 1136.850704]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1136.856320]  ? warn_alloc+0xf0/0xf0
[ 1136.860095]  ? __might_sleep+0x93/0xb0
[ 1136.864112]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1136.868803]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1136.873578]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1136.878614]  ? check_preemption_disabled+0x3c/0x250
[ 1136.883657]  alloc_pages_current+0xec/0x1e0
[ 1136.887995]  ? kvm_set_tsc_khz+0xf0/0x490
[ 1136.892159]  kvm_mmu_create+0xdf/0x1e0
[ 1136.896067]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1136.900419]  kvm_vcpu_init+0x272/0x360
[ 1136.904332]  vmx_create_vcpu+0xfc/0x2aa0
[ 1136.908409]  ? mutex_trylock+0x1c0/0x1c0
[ 1136.912530]  ? handle_rdmsr+0x6e0/0x6e0
[ 1136.916539]  ? wait_for_completion+0x420/0x420
[ 1136.921145]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1136.925640]  kvm_vm_ioctl+0x501/0x1600
[ 1136.929535]  ? __lock_acquire+0x5f7/0x4620
[ 1136.933953]  ? kvm_vcpu_release+0xa0/0xa0
[ 1136.938120]  ? trace_hardirqs_on+0x10/0x10
[ 1136.942386]  ? trace_hardirqs_on+0x10/0x10
[ 1136.946641]  ? __might_fault+0x110/0x1d0
[ 1136.950836]  ? save_trace+0x290/0x290
[ 1136.954766]  ? __might_fault+0x110/0x1d0
[ 1136.958845]  ? __fget+0x210/0x370
[ 1136.962509]  ? find_held_lock+0x35/0x130
[ 1136.966479] syz-executor.3: 
[ 1136.966577]  ? __fget+0x210/0x370
[ 1136.966593]  ? kvm_vcpu_release+0xa0/0xa0
[ 1136.969904] page allocation failure: order:0
[ 1136.973270]  do_vfs_ioctl+0x7ae/0x1060
[ 1136.973290]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1136.973302]  ? lock_downgrade+0x740/0x740
[ 1136.973313]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1136.973326]  ? __fget+0x237/0x370
[ 1136.973343]  ? security_file_ioctl+0x89/0xb0
[ 1136.973356]  SyS_ioctl+0x8f/0xc0
[ 1136.973366]  ? do_vfs_ioctl+0x1060/0x1060
[ 1136.973379]  do_syscall_64+0x1e8/0x640
[ 1136.973389]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1136.973405]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1136.973414] RIP: 0033:0x45c429
[ 1136.973419] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1136.973431] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1136.973436] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1136.973442] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1136.973448] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1136.973454] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1136.980649] warn_alloc_show_mem: 2 callbacks suppressed
[ 1136.980675] Mem-Info:
[ 1136.984801] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1136.991361] active_anon:837693 inactive_anon:4834 isolated_anon:0
[ 1136.991361]  active_file:14326 inactive_file:7104 isolated_file:0
[ 1136.991361]  unevictable:0 dirty:229 writeback:0 unstable:0
[ 1136.991361]  slab_reclaimable:17881 slab_unreclaimable:152113
[ 1136.991361]  mapped:59432 shmem:255 pagetables:16976 bounce:0
[ 1136.991361]  free:471386 free_pcp:376 free_cma:0
[ 1136.991401] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1136.991454] Node 1 active_anon:1430092kB inactive_anon:18552kB active_file:55448kB inactive_file:25348kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:796kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1136.991474] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1136.991535] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1136.996881] (null)
[ 1137.008791] syz-executor.3 cpuset=
[ 1137.012356] Node 0 
[ 1137.017088] syz3
[ 1137.021487] DMA32 free:31312kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:564kB local_pcp:136kB free_cma:0kB
[ 1137.027493]  mems_allowed=0-1
[ 1137.035527] lowmem_reserve[]:
[ 1137.042990] CPU: 1 PID: 11947 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1137.050465]  0
[ 1137.057160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.057166] Call Trace:
[ 1137.057187]  dump_stack+0x142/0x197
[ 1137.057200]  warn_alloc.cold+0x96/0x1af
[ 1137.057209]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1137.057221]  ? check_preemption_disabled+0x3c/0x250
[ 1137.057232]  ? retint_kernel+0x2d/0x2d
[ 1137.057253]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1137.057276]  ? warn_alloc+0xf0/0xf0
[ 1137.057296]  ? __might_sleep+0x93/0xb0
[ 1137.065134]  0
[ 1137.072356]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1137.072372]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1137.072391]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1137.072413]  alloc_pages_current+0xec/0x1e0
[ 1137.072429]  kvm_mmu_create+0xdf/0x1e0
[ 1137.072442]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1137.072455]  kvm_vcpu_init+0x272/0x360
[ 1137.072465]  vmx_create_vcpu+0xfc/0x2aa0
[ 1137.072475]  ? check_preemption_disabled+0x3c/0x250
[ 1137.072485]  ? retint_kernel+0x2d/0x2d
[ 1137.072499]  ? handle_rdmsr+0x6e0/0x6e0
[ 1137.072514]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1137.072525]  kvm_vm_ioctl+0x501/0x1600
[ 1137.072543]  ? __lock_acquire+0x5f7/0x4620
[ 1137.080783]  0
[ 1137.085329]  ? kvm_vcpu_release+0xa0/0xa0
[ 1137.085342]  ? retint_kernel+0x2d/0x2d
[ 1137.085350]  ? retint_kernel+0x2d/0x2d
[ 1137.085363]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1137.085375]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1137.085389]  ? check_preemption_disabled+0x3c/0x250
[ 1137.085398]  ? retint_kernel+0x2d/0x2d
[ 1137.085416]  ? kvm_vcpu_release+0xa0/0xa0
[ 1137.085427]  do_vfs_ioctl+0x7ae/0x1060
[ 1137.085442]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1137.088177]  0
05:09:25 executing program 1:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
unshare(0x400)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x0)

[ 1137.093764]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1137.093775]  ? check_preemption_disabled+0x3c/0x250
[ 1137.093785]  ? retint_user+0x17/0x18
[ 1137.093804]  ? security_file_ioctl+0x89/0xb0
[ 1137.093817]  SyS_ioctl+0x8f/0xc0
[ 1137.093828]  ? do_vfs_ioctl+0x1060/0x1060
[ 1137.093840]  do_syscall_64+0x1e8/0x640
[ 1137.093849]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1137.093863]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1137.093872] RIP: 0033:0x45c429
[ 1137.093877] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1137.093887] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1137.093893] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1137.093898] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1137.093918] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1137.129193]  0
[ 1137.156840] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1137.257841] syz-executor.2: 
[ 1137.267082] page allocation failure: order:0
05:09:25 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="7c000000240007ff000c00f2ffff7f000032f2d1", @ANYRES32=r1, @ANYBLOB="00000000ffffffff000000000900010067726564000000004c0002000800050000000000080005000000000038000300050000000000000028ceb860244d6a9b00000000000000000000000000000000000000000000000200000000000069409f6a37faf0deb4eb5e7364f03a7f27aafccd8080e0dbc314d6a4d9116970c7a65728520ad99f7e65037e111a675376bed7be4cb725004342a9c2e57bf54074628c4703b32b7334516a3b9861df56a64f"], 0x7c}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0xe, &(0x7f0000000100)}], 0x492492492492642, 0x0)

[ 1137.273902] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1137.273972] lowmem_reserve[]: 0 0 0 0 0
05:09:25 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1137.274059] Node 1 Normal free:1844028kB min:53504kB low:66880kB high:80256kB active_anon:1430088kB inactive_anon:18552kB active_file:55448kB inactive_file:25356kB unevictable:0kB writepending:832kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14336kB pagetables:28228kB bounce:0kB free_pcp:988kB local_pcp:468kB free_cma:0kB
[ 1137.274140] lowmem_reserve[]: 0 0 0 0 0
[ 1137.274232] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB 
[ 1137.276984] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1137.286067] (UM) 
[ 1137.294934] (null)
[ 1137.296867] 1*128kB 
[ 1137.302304] syz-executor.2 cpuset=
[ 1137.307112] (U) 
[ 1137.319923] syz2
[ 1137.322834] 1*256kB 
[ 1137.327640]  mems_allowed=0-1
[ 1137.328569] (U) 
[ 1137.333736] CPU: 1 PID: 11943 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1137.343074] 3*512kB 
[ 1137.343898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.343903] Call Trace:
[ 1137.343920]  dump_stack+0x142/0x197
[ 1137.343934]  warn_alloc.cold+0x96/0x1af
[ 1137.348460] (UM) 
[ 1137.352516]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1137.352535]  ? wait_for_completion+0x420/0x420
[ 1137.352557]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1137.352582]  ? warn_alloc+0xf0/0xf0
[ 1137.352600]  ? __might_sleep+0x93/0xb0
[ 1137.352611]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1137.352624]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1137.352634]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1137.352657]  alloc_pages_current+0xec/0x1e0
[ 1137.352678]  kvm_mmu_create+0xdf/0x1e0
[ 1137.357467] 0*1024kB 
[ 1137.361150]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1137.361167]  kvm_vcpu_init+0x272/0x360
[ 1137.361179]  vmx_create_vcpu+0xfc/0x2aa0
[ 1137.361194]  ? check_preemption_disabled+0x3c/0x250
[ 1137.361208]  ? handle_rdmsr+0x6e0/0x6e0
[ 1137.361222]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1137.361233]  kvm_vm_ioctl+0x501/0x1600
[ 1137.361245]  ? __lock_acquire+0x5f7/0x4620
[ 1137.361254]  ? perf_pending_event+0xe0/0xe0
[ 1137.361267]  ? kvm_vcpu_release+0xa0/0xa0
[ 1137.361282]  ? retint_kernel+0x2d/0x2d
[ 1137.365770] 0*2048kB 
[ 1137.370696]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1137.370708]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1137.370721]  ? check_preemption_disabled+0x3c/0x250
[ 1137.370732]  ? retint_kernel+0x2d/0x2d
[ 1137.370751]  ? selinux_file_ioctl+0x83/0x560
[ 1137.370759]  ? selinux_file_ioctl+0xb8/0x560
[ 1137.370771]  ? kvm_vcpu_release+0xa0/0xa0
[ 1137.370782]  do_vfs_ioctl+0x7ae/0x1060
[ 1137.370793]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1137.370802]  ? lock_downgrade+0x740/0x740
[ 1137.370812]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1137.370833]  ? __fget+0x237/0x370
[ 1137.375254] 2*4096kB 
[ 1137.378723]  ? security_file_ioctl+0x89/0xb0
[ 1137.378738]  SyS_ioctl+0x8f/0xc0
[ 1137.378749]  ? do_vfs_ioctl+0x1060/0x1060
[ 1137.378762]  do_syscall_64+0x1e8/0x640
[ 1137.378773]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1137.378794]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1137.383383] (M) 
[ 1137.387000] RIP: 0033:0x45c429
[ 1137.387006] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1137.387017] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1137.387023] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1137.387029] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1137.387036] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1137.387042] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1137.910451] = 10384kB
[ 1137.912967] Node 0 DMA32: 732*4kB (UME) 659*8kB (UM) 368*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31336kB
[ 1137.928711] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1137.939938] Node 1 Normal: 4*4kB (UE) 35*8kB (UME) 742*16kB (UME) 317*32kB (UME) 145*64kB (UME) 26*128kB (UM) 21*256kB (UME) 16*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1842536kB
[ 1137.958464] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1137.967593] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1137.976513] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1137.985782] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1137.994801] 21706 total pagecache pages
[ 1137.998971] 0 pages in swap cache
[ 1138.002676] Swap cache stats: add 0, delete 0, find 0/0
[ 1138.008126] Free swap  = 0kB
[ 1138.009766] syz-executor.3: 
[ 1138.011350] Total swap = 0kB
[ 1138.011407] 1965979 pages RAM
[ 1138.011421] 0 pages HighMem/MovableOnly
[ 1138.011457] 335854 pages reserved
[ 1138.011472] 0 pages cma reserved
05:09:25 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:25 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:25 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000000)=@newtaction={0x58, 0x30, 0x53b, 0x0, 0x0, {}, [{0x44, 0x1, [@m_sample={0x40, 0x1, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0xca4}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}}}]}]}, 0x58}}, 0x0)

[ 1138.036892] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1138.055254] syz-executor.3 cpuset=syz3 mems_allowed=0-1
[ 1138.065964] CPU: 1 PID: 11947 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1138.073976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.083366] Call Trace:
[ 1138.085965]  dump_stack+0x142/0x197
[ 1138.089608]  warn_alloc.cold+0x96/0x1af
[ 1138.093598]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1138.101494]  ? check_preemption_disabled+0x3c/0x250
[ 1138.106533]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1138.111440]  ? warn_alloc+0xf0/0xf0
[ 1138.115086]  ? __might_sleep+0x93/0xb0
[ 1138.118985]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1138.123672]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1138.128699]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1138.133726]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1138.139052]  alloc_pages_current+0xec/0x1e0
[ 1138.143389]  kvm_mmu_create+0xdf/0x1e0
[ 1138.147431]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1138.151867]  kvm_vcpu_init+0x272/0x360
[ 1138.155764]  vmx_create_vcpu+0xfc/0x2aa0
[ 1138.159842]  ? check_preemption_disabled+0x3c/0x250
[ 1138.164874]  ? handle_rdmsr+0x6e0/0x6e0
[ 1138.170076]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1138.174405]  kvm_vm_ioctl+0x501/0x1600
[ 1138.178750]  ? __lock_acquire+0x5f7/0x4620
[ 1138.183951]  ? find_held_lock+0x35/0x130
[ 1138.185328] syz-executor.2: 
[ 1138.188166]  ? kvm_vcpu_release+0xa0/0xa0
05:09:25 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1138.188179]  ? retint_kernel+0x2d/0x2d
[ 1138.188187]  ? retint_kernel+0x2d/0x2d
[ 1138.188198]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1138.188209]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1138.188221]  ? check_preemption_disabled+0x3c/0x250
[ 1138.188231]  ? retint_kernel+0x2d/0x2d
[ 1138.188249]  ? do_vfs_ioctl+0xd29/0x1060
[ 1138.188259]  ? kvm_vcpu_release+0xa0/0xa0
[ 1138.188269]  do_vfs_ioctl+0x7ae/0x1060
[ 1138.188281]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1138.188290]  ? lock_downgrade+0x740/0x740
[ 1138.188305]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1138.191574] page allocation failure: order:0
[ 1138.197161]  ? __fget+0x237/0x370
[ 1138.197180]  ? security_file_ioctl+0x89/0xb0
[ 1138.197193]  SyS_ioctl+0x8f/0xc0
[ 1138.197205]  ? do_vfs_ioctl+0x1060/0x1060
[ 1138.197219]  do_syscall_64+0x1e8/0x640
[ 1138.197229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1138.197245]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1138.197262] RIP: 0033:0x45c429
05:09:25 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1138.201801] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1138.205013] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1138.205024] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1138.205030] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1138.205036] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1138.205042] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1138.205048] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1138.216632] 
[ 1138.245264] (null)
[ 1138.277535] =============================
[ 1138.301649] syz-executor.2 cpuset=
[ 1138.349921] WARNING: suspicious RCU usage
[ 1138.358340] syz2 mems_allowed=0-1
[ 1138.365143] CPU: 0 PID: 11988 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1138.373037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.378104] 4.14.171-syzkaller #0 Not tainted
[ 1138.382404] Call Trace:
[ 1138.382427]  dump_stack+0x142/0x197
[ 1138.382440]  warn_alloc.cold+0x96/0x1af
[ 1138.382450]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1138.382461]  ? retint_kernel+0x2d/0x2d
[ 1138.382479]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1138.382505]  ? warn_alloc+0xf0/0xf0
[ 1138.382523]  ? __might_sleep+0x93/0xb0
[ 1138.382534]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1138.382545]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1138.382557]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1138.387325] -----------------------------
[ 1138.390028]  alloc_pages_current+0xec/0x1e0
[ 1138.390046]  kvm_mmu_create+0xdf/0x1e0
05:09:26 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1138.390059]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1138.390071]  kvm_vcpu_init+0x272/0x360
[ 1138.390082]  vmx_create_vcpu+0xfc/0x2aa0
[ 1138.390093]  ? mutex_trylock+0x1c0/0x1c0
[ 1138.390114]  ? handle_rdmsr+0x6e0/0x6e0
[ 1138.390127]  ? wait_for_completion+0x420/0x420
[ 1138.394048] net/sched/act_sample.c:95 suspicious rcu_dereference_protected() usage!
[ 1138.397738]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1138.397753]  kvm_vm_ioctl+0x501/0x1600
[ 1138.397762]  ? __lock_acquire+0x5f7/0x4620
[ 1138.397774]  ? do_futex+0x20e/0x19e0
[ 1138.402814] 
[ 1138.402814] other info that might help us debug this:
[ 1138.402814] 
[ 1138.406545]  ? kvm_vcpu_release+0xa0/0xa0
[ 1138.406559]  ? retint_kernel+0x2d/0x2d
[ 1138.406574]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1138.411737] 
[ 1138.411737] rcu_scheduler_active = 2, debug_locks = 1
[ 1138.415055]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1138.415070]  ? check_preemption_disabled+0x3c/0x250
[ 1138.415081]  ? retint_kernel+0x2d/0x2d
[ 1138.415103]  ? selinux_file_ioctl+0x24a/0x560
[ 1138.419072] 1 lock held by syz-executor.1/11983:
[ 1138.423658]  ? kvm_vcpu_release+0xa0/0xa0
[ 1138.423671]  do_vfs_ioctl+0x7ae/0x1060
[ 1138.423683]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1138.423693]  ? lock_downgrade+0x740/0x740
[ 1138.423703]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1138.423717]  ? __fget+0x237/0x370
[ 1138.423733]  ? security_file_ioctl+0x89/0xb0
[ 1138.423744]  SyS_ioctl+0x8f/0xc0
[ 1138.423753]  ? do_vfs_ioctl+0x1060/0x1060
[ 1138.423764]  do_syscall_64+0x1e8/0x640
[ 1138.423772]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:26 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r1, &(0x7f0000000040), 0x10)
sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
dup3(r0, r1, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000006800)={0x0, 0x0, 0x0, 0x0, &(0x7f00000067c0)=[@cred={{0x1c}}], 0x20}, 0x0)

05:09:26 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1138.423790]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1138.429067]  #0: 
[ 1138.433907] RIP: 0033:0x45c429
[ 1138.433914] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1138.433923] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1138.433928] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1138.433932] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1138.433937] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1138.433942] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1138.449391] warn_alloc_show_mem: 2 callbacks suppressed
[ 1138.449412] Mem-Info:
[ 1138.523507]  (
[ 1138.538506] active_anon:837706 inactive_anon:4834 isolated_anon:0
[ 1138.538506]  active_file:14326 inactive_file:7135 isolated_file:0
[ 1138.538506]  unevictable:0 dirty:249 writeback:0 unstable:0
[ 1138.538506]  slab_reclaimable:17881 slab_unreclaimable:152095
[ 1138.538506]  mapped:59407 shmem:255 pagetables:16972 bounce:0
[ 1138.538506]  free:471305 free_pcp:493 free_cma:0
[ 1138.568265] rtnl_mutex
[ 1138.604365] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1138.672983] ){+.+.}
05:09:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071")
clone(0x2180208ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

[ 1138.711842] Node 1 active_anon:1429944kB inactive_anon:18552kB active_file:55448kB inactive_file:25416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26892kB dirty:876kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1138.772523] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
05:09:26 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1138.786975] , at: [<ffffffff8521e159>] rtnetlink_rcv_msg+0x339/0xb70
[ 1138.812526] 
[ 1138.812526] stack backtrace:
[ 1138.814698] lowmem_reserve[]:
[ 1138.817330] CPU: 1 PID: 11983 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1138.817340]  0
[ 1138.820621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.820626] Call Trace:
[ 1138.820645]  dump_stack+0x142/0x197
05:09:26 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58)
accept$alg(r0, 0x0, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)

[ 1138.820656]  ? vprintk_func+0x65/0x159
[ 1138.820671]  lockdep_rcu_suspicious+0x153/0x15d
[ 1138.820685]  tcf_sample_init+0x783/0x960
[ 1138.820698]  ? tcf_sample_act+0x9f0/0x9f0
[ 1138.820709]  ? ___preempt_schedule+0x16/0x18
[ 1138.820723]  ? _raw_read_unlock+0x41/0x50
[ 1138.820736]  tcf_action_init_1+0x53c/0xaa0
[ 1138.820748]  ? tcf_action_dump_old+0x80/0x80
[ 1138.820757]  ? lock_downgrade+0x740/0x740
[ 1138.820780]  ? nla_parse+0x186/0x240
[ 1138.820793]  tcf_action_init+0x2ab/0x480
05:09:26 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
creat(&(0x7f0000000700)='./bus\x00', 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

[ 1138.820809]  ? tcf_action_init_1+0xaa0/0xaa0
[ 1138.820840]  ? memset+0x32/0x40
[ 1138.820852]  ? nla_parse+0x186/0x240
[ 1138.820865]  tc_ctl_action+0x30a/0x548
[ 1138.820878]  ? tca_action_gd+0x840/0x840
[ 1138.820898]  ? tca_action_gd+0x840/0x840
[ 1138.820911]  rtnetlink_rcv_msg+0x3da/0xb70
[ 1138.820925]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 1138.820938]  ? netlink_deliver_tap+0x93/0x8f0
[ 1138.820954]  netlink_rcv_skb+0x14f/0x3c0
[ 1138.820965]  ? rtnl_bridge_getlink+0x7a0/0x7a0
[ 1138.820975]  ? lock_downgrade+0x740/0x740
[ 1138.820985]  ? netlink_ack+0x9a0/0x9a0
[ 1138.820997]  ? netlink_deliver_tap+0xba/0x8f0
[ 1138.821012]  rtnetlink_rcv+0x1d/0x30
[ 1138.821022]  netlink_unicast+0x44d/0x650
[ 1138.821035]  ? netlink_attachskb+0x6a0/0x6a0
[ 1138.821048]  ? security_netlink_send+0x81/0xb0
[ 1138.821059]  netlink_sendmsg+0x7c4/0xc60
[ 1138.821079]  ? netlink_unicast+0x650/0x650
[ 1138.821096]  ? security_socket_sendmsg+0x89/0xb0
[ 1138.821107]  ? netlink_unicast+0x650/0x650
[ 1138.821117]  sock_sendmsg+0xce/0x110
[ 1138.821128]  ___sys_sendmsg+0x70a/0x840
[ 1138.821140]  ? copy_msghdr_from_user+0x3f0/0x3f0
[ 1138.821151]  ? __fget+0x210/0x370
[ 1138.821161]  ? find_held_lock+0x35/0x130
[ 1138.821172]  ? __fget+0x210/0x370
[ 1138.821188]  ? lock_downgrade+0x740/0x740
[ 1138.821202]  ? __fget+0x237/0x370
[ 1138.821217]  ? __fget_light+0x172/0x1f0
[ 1138.821228]  ? __fdget+0x1b/0x20
[ 1138.821239]  ? sockfd_lookup_light+0xb4/0x160
[ 1138.821250]  __sys_sendmsg+0xb9/0x140
[ 1138.821260]  ? SyS_shutdown+0x170/0x170
[ 1138.821271]  ? put_timespec64+0xb4/0x100
[ 1138.821296]  ? SyS_clock_gettime+0xf8/0x180
[ 1138.821310]  SyS_sendmsg+0x2d/0x50
[ 1138.821318]  ? __sys_sendmsg+0x140/0x140
[ 1138.821329]  do_syscall_64+0x1e8/0x640
[ 1138.821338]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1138.821353]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1138.821362] RIP: 0033:0x45c429
[ 1138.821368] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1138.821378] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1138.821385] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000003
[ 1138.821390] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1138.821396] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1138.821402] R13: 00000000000009fa R14: 00000000004cc6eb R15: 000000000076bf2c
[ 1138.836322] encrypted_key: insufficient parameters specified
[ 1138.854860]  2569 2569 2569 2569
[ 1139.145621] Node 0 DMA32 free:31312kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:2996kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:592kB local_pcp:128kB free_cma:0kB
[ 1139.177451] lowmem_reserve[]: 0 0 0 0 0
[ 1139.188330] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1139.230943] lowmem_reserve[]: 0 0 0 0 0
[ 1139.235185] Node 1 Normal free:1844736kB min:53504kB low:66880kB high:80256kB active_anon:1429696kB inactive_anon:18544kB active_file:55448kB inactive_file:25468kB unevictable:0kB writepending:928kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13824kB pagetables:27916kB bounce:0kB free_pcp:1308kB local_pcp:616kB free_cma:0kB
[ 1139.265866] lowmem_reserve[]: 0 0 0 0 0
[ 1139.274913] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1139.290452] Node 0 DMA32: 732*4kB (UME) 661*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31336kB
[ 1139.305398] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1139.316560] Node 1 Normal: 257*4kB (UME) 192*8kB (UME) 736*16kB (UME) 324*32kB (UME) 146*64kB (UME) 30*128kB (UM) 21*256kB (UME) 16*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1845508kB
[ 1139.334721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1139.343820] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1139.353009] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1139.361974] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1139.370614] 21731 total pagecache pages
[ 1139.374603] 0 pages in swap cache
[ 1139.378287] Swap cache stats: add 0, delete 0, find 0/0
[ 1139.383711] Free swap  = 0kB
[ 1139.386735] Total swap = 0kB
[ 1139.389768] 1965979 pages RAM
[ 1139.393011] 0 pages HighMem/MovableOnly
[ 1139.397104] 335854 pages reserved
05:09:27 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:27 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000000)={{0x0, 0x0, @reserved="e85a7f0421e606fdaa5ec550cb03d0f5c3f16bb4953d6cce72548ae1e3e6243b"}})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11c000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6(0x10, 0x8000000100000003, 0x0)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

05:09:27 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:27 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, 0x0)

05:09:27 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1139.400761] 0 pages cma reserved
05:09:27 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:27 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x80}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
creat(0x0, 0x0)

[ 1139.523778] warn_alloc: 1 callbacks suppressed
[ 1139.523783] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1139.563766] syz-executor.1 cpuset=syz1 mems_allowed=0-1
[ 1139.575593] CPU: 0 PID: 12047 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1139.583634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1139.593218] Call Trace:
[ 1139.595933]  dump_stack+0x142/0x197
[ 1139.599579]  warn_alloc.cold+0x96/0x1af
[ 1139.603951]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1139.607564] syz-executor.3: 
[ 1139.608821]  ? wait_for_completion+0x420/0x420
[ 1139.608841]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1139.608862]  ? warn_alloc+0xf0/0xf0
[ 1139.617868] page allocation failure: order:0
[ 1139.621736]  ? __might_sleep+0x93/0xb0
[ 1139.621751]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1139.621762]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1139.621772]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1139.621792]  alloc_pages_current+0xec/0x1e0
[ 1139.621810]  kvm_mmu_create+0xdf/0x1e0
[ 1139.628379] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1139.630045]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1139.630061]  kvm_vcpu_init+0x272/0x360
05:09:27 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:27 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1139.630072]  vmx_create_vcpu+0xfc/0x2aa0
[ 1139.630082]  ? mutex_trylock+0x1c0/0x1c0
[ 1139.630097]  ? handle_rdmsr+0x6e0/0x6e0
[ 1139.630107]  ? wait_for_completion+0x420/0x420
[ 1139.630119]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1139.630130]  kvm_vm_ioctl+0x501/0x1600
[ 1139.630141]  ? __lock_acquire+0x5f7/0x4620
[ 1139.630151]  ? get_unused_fd_flags+0xd0/0xd0
[ 1139.630163]  ? kvm_vcpu_release+0xa0/0xa0
[ 1139.630171]  ? trace_hardirqs_on+0x10/0x10
[ 1139.630185]  ? trace_hardirqs_on+0x10/0x10
[ 1139.636361] (null)
[ 1139.639834]  ? __might_fault+0x110/0x1d0
[ 1139.639848]  ? save_trace+0x290/0x290
[ 1139.639858]  ? __might_fault+0x110/0x1d0
[ 1139.639872]  ? __fget+0x210/0x370
[ 1139.639882]  ? find_held_lock+0x35/0x130
[ 1139.639893]  ? __fget+0x210/0x370
[ 1139.648494] syz-executor.3 cpuset=
[ 1139.650127]  ? kvm_vcpu_release+0xa0/0xa0
[ 1139.650141]  do_vfs_ioctl+0x7ae/0x1060
[ 1139.650154]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1139.650164]  ? lock_downgrade+0x740/0x740
[ 1139.650174]  ? ioctl_preallocate+0x1c0/0x1c0
05:09:27 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1139.650185]  ? __fget+0x237/0x370
[ 1139.650201]  ? security_file_ioctl+0x89/0xb0
[ 1139.650213]  SyS_ioctl+0x8f/0xc0
[ 1139.650222]  ? do_vfs_ioctl+0x1060/0x1060
[ 1139.650234]  do_syscall_64+0x1e8/0x640
[ 1139.650243]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1139.650258]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1139.650268] RIP: 0033:0x45c429
[ 1139.656800] syz3
[ 1139.658518] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246
[ 1139.667714]  mems_allowed=0-1
[ 1139.669242]  ORIG_RAX: 0000000000000010
[ 1139.669250] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1139.669255] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1139.669262] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1139.669268] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1139.669274] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1139.710883] warn_alloc_show_mem: 1 callbacks suppressed
[ 1139.710886] Mem-Info:
[ 1139.769554] CPU: 1 PID: 12057 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1139.875272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1139.884635] Call Trace:
[ 1139.887240]  dump_stack+0x142/0x197
[ 1139.890892]  warn_alloc.cold+0x96/0x1af
[ 1139.893989] syz-executor.5: 
[ 1139.894876]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1139.894897]  ? wait_for_completion+0x420/0x420
[ 1139.894916]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1139.898087] page allocation failure: order:0
[ 1139.902829]  ? warn_alloc+0xf0/0xf0
[ 1139.902850]  ? __might_sleep+0x93/0xb0
05:09:27 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1139.902863]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1139.902874]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1139.902884]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1139.902905]  alloc_pages_current+0xec/0x1e0
[ 1139.902920]  kvm_mmu_create+0xdf/0x1e0
[ 1139.902933]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1139.902948]  kvm_vcpu_init+0x272/0x360
[ 1139.902962]  vmx_create_vcpu+0xfc/0x2aa0
[ 1139.902972]  ? mutex_trylock+0x1c0/0x1c0
[ 1139.902988]  ? handle_rdmsr+0x6e0/0x6e0
[ 1139.913315] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1139.916961]  ? wait_for_completion+0x420/0x420
[ 1139.916985]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1139.917003]  kvm_vm_ioctl+0x501/0x1600
[ 1139.917015]  ? __lock_acquire+0x5f7/0x4620
[ 1139.917027]  ? get_unused_fd_flags+0xd0/0xd0
[ 1139.917040]  ? kvm_vcpu_release+0xa0/0xa0
[ 1139.917057]  ? trace_hardirqs_on+0x10/0x10
[ 1139.924103] (null)
[ 1139.924593]  ? trace_hardirqs_on+0x10/0x10
[ 1139.924608]  ? __might_fault+0x110/0x1d0
[ 1139.924619]  ? save_trace+0x290/0x290
[ 1139.924630]  ? __might_fault+0x110/0x1d0
[ 1139.924647]  ? __fget+0x210/0x370
[ 1139.932139] syz-executor.5 cpuset=
[ 1139.934474]  ? find_held_lock+0x35/0x130
[ 1139.934487]  ? __fget+0x210/0x370
[ 1139.934503]  ? kvm_vcpu_release+0xa0/0xa0
[ 1139.934514]  do_vfs_ioctl+0x7ae/0x1060
[ 1139.934527]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1139.934545]  ? lock_downgrade+0x740/0x740
[ 1139.942228] syz5
[ 1139.944034]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1139.951346]  mems_allowed=0-1
[ 1139.952285]  ? __fget+0x237/0x370
[ 1139.952305]  ? security_file_ioctl+0x89/0xb0
[ 1139.952322]  SyS_ioctl+0x8f/0xc0
[ 1140.019562] active_anon:837673 inactive_anon:4833 isolated_anon:0
[ 1140.019562]  active_file:14326 inactive_file:7137 isolated_file:0
[ 1140.019562]  unevictable:0 dirty:265 writeback:0 unstable:0
[ 1140.019562]  slab_reclaimable:17859 slab_unreclaimable:152640
[ 1140.019562]  mapped:59410 shmem:255 pagetables:16942 bounce:0
[ 1140.019562]  free:470740 free_pcp:365 free_cma:0
[ 1140.022924]  ? do_vfs_ioctl+0x1060/0x1060
[ 1140.022939]  do_syscall_64+0x1e8/0x640
[ 1140.022948]  ? trace_hardirqs_off_thunk+0x1a/0x1c
05:09:27 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1140.022964]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1140.022972] RIP: 0033:0x45c429
[ 1140.022977] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.041033] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1140.041604] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1140.041610] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1140.041616] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.041623] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1140.061436] Node 1 active_anon:1430012kB inactive_anon:18548kB active_file:55448kB inactive_file:25480kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26904kB dirty:940kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1140.064045] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1140.169873] CPU: 1 PID: 12046 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1140.177813] Node 0 
[ 1140.182983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1140.182988] Call Trace:
[ 1140.183007]  dump_stack+0x142/0x197
[ 1140.183020]  warn_alloc.cold+0x96/0x1af
[ 1140.183030]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1140.183050]  ? wait_for_completion+0x420/0x420
[ 1140.190608] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1140.197769]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1140.197795]  ? warn_alloc+0xf0/0xf0
[ 1140.197813]  ? __might_sleep+0x93/0xb0
[ 1140.197823]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1140.197838]  ? retint_kernel+0x2d/0x2d
[ 1140.226593] lowmem_reserve[]:
[ 1140.233829]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1140.233845]  ? __sanitizer_cov_trace_pc+0x4a/0x60
[ 1140.233859]  alloc_pages_current+0xec/0x1e0
[ 1140.233875]  kvm_mmu_create+0xdf/0x1e0
[ 1140.233887]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1140.233900]  kvm_vcpu_init+0x272/0x360
[ 1140.233915]  vmx_create_vcpu+0xfc/0x2aa0
[ 1140.242016]  0
[ 1140.244110]  ? mutex_trylock+0x1c0/0x1c0
[ 1140.244132]  ? handle_rdmsr+0x6e0/0x6e0
[ 1140.244145]  ? wait_for_completion+0x420/0x420
[ 1140.253643]  2569
[ 1140.256118]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1140.256134]  kvm_vm_ioctl+0x501/0x1600
[ 1140.256145]  ? __lock_acquire+0x5f7/0x4620
[ 1140.256156]  ? mark_held_locks+0xb1/0x100
[ 1140.259902]  2569
[ 1140.263853]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.263864]  ? retint_kernel+0x2d/0x2d
[ 1140.263876]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1140.263888]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1140.263901]  ? check_preemption_disabled+0x3c/0x250
[ 1140.268840]  2569
[ 1140.273579]  ? retint_kernel+0x2d/0x2d
[ 1140.273605]  ? selinux_file_ioctl+0x83/0x560
[ 1140.300089]  2569
[ 1140.304793]  ? selinux_file_ioctl+0x17e/0x560
[ 1140.304807]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.304817]  do_vfs_ioctl+0x7ae/0x1060
[ 1140.304829]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1140.304839]  ? lock_downgrade+0x740/0x740
[ 1140.304851]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1140.312463]  ? __fget+0x237/0x370
[ 1140.312480]  ? security_file_ioctl+0x89/0xb0
[ 1140.312492]  SyS_ioctl+0x8f/0xc0
[ 1140.312501]  ? do_vfs_ioctl+0x1060/0x1060
[ 1140.312514]  do_syscall_64+0x1e8/0x640
[ 1140.317662] Node 0 
[ 1140.321487]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1140.321507]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1140.321516] RIP: 0033:0x45c429
[ 1140.321521] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.321530] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1140.321535] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1140.321540] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.321545] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1140.321550] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1140.389350] syz-executor.3: 
[ 1140.464219] DMA32 free:31336kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:632kB local_pcp:156kB free_cma:0kB
[ 1140.481162] syz-executor.2: 
[ 1140.533806] lowmem_reserve[]:
[ 1140.538899] page allocation failure: order:0
[ 1140.545396]  0
[ 1140.573372] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1140.588878]  0
[ 1140.593483] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1140.593598] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1140.599242]  0
[ 1140.603078] syz-executor.3 cpuset=
[ 1140.607521]  0
[ 1140.609180] syz3 mems_allowed=0-1
[ 1140.609200] CPU: 1 PID: 12057 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1140.609207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1140.609211] Call Trace:
[ 1140.609229]  dump_stack+0x142/0x197
[ 1140.609243]  warn_alloc.cold+0x96/0x1af
[ 1140.613622]  0
[ 1140.614554]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1140.614575]  ? wait_for_completion+0x420/0x420
[ 1140.614591]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1140.627154]  ? warn_alloc+0xf0/0xf0
[ 1140.627176]  ? __might_sleep+0x93/0xb0
[ 1140.627189]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1140.627200]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1140.627211]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1140.627229]  alloc_pages_current+0xec/0x1e0
[ 1140.627244]  kvm_mmu_create+0xdf/0x1e0
[ 1140.637179] Node 0 
[ 1140.639346]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1140.639362]  kvm_vcpu_init+0x272/0x360
[ 1140.639375]  vmx_create_vcpu+0xfc/0x2aa0
[ 1140.639389]  ? mutex_trylock+0x1c0/0x1c0
[ 1140.643153] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1140.647001]  ? handle_rdmsr+0x6e0/0x6e0
[ 1140.647014]  ? wait_for_completion+0x420/0x420
[ 1140.647029]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1140.647041]  kvm_vm_ioctl+0x501/0x1600
[ 1140.648998] lowmem_reserve[]:
[ 1140.653872]  ? __lock_acquire+0x5f7/0x4620
[ 1140.653884]  ? get_unused_fd_flags+0xd0/0xd0
[ 1140.653898]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.653908]  ? trace_hardirqs_on+0x10/0x10
[ 1140.653923]  ? trace_hardirqs_on+0x10/0x10
[ 1140.653935]  ? __might_fault+0x110/0x1d0
[ 1140.653945]  ? save_trace+0x290/0x290
[ 1140.653954]  ? __might_fault+0x110/0x1d0
[ 1140.653962]  ? __fget+0x210/0x370
[ 1140.653974]  ? find_held_lock+0x35/0x130
[ 1140.658940]  0
[ 1140.663538]  ? __fget+0x210/0x370
[ 1140.663553]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.663565]  do_vfs_ioctl+0x7ae/0x1060
[ 1140.663580]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1140.663589]  ? lock_downgrade+0x740/0x740
[ 1140.663599]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1140.663610]  ? __fget+0x237/0x370
[ 1140.663625]  ? security_file_ioctl+0x89/0xb0
[ 1140.663637]  SyS_ioctl+0x8f/0xc0
[ 1140.667455]  0
[ 1140.671218]  ? do_vfs_ioctl+0x1060/0x1060
[ 1140.671234]  do_syscall_64+0x1e8/0x640
[ 1140.671242]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1140.671258]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1140.671272] RIP: 0033:0x45c429
[ 1140.671278] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.671288] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1140.671293] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1140.671298] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.671303] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1140.671308] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1140.672255] CPU: 1 PID: 12054 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1140.684842]  0
[ 1140.686305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1140.686310] Call Trace:
[ 1140.686331]  dump_stack+0x142/0x197
[ 1140.686345]  warn_alloc.cold+0x96/0x1af
[ 1140.686356]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1140.693504]  0
[ 1140.694684]  ? wait_for_completion+0x420/0x420
[ 1140.694702]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1140.694724]  ? warn_alloc+0xf0/0xf0
[ 1140.697038]  0
[ 1140.701444]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1140.701459]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1140.701469]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1140.701491]  alloc_pages_current+0xec/0x1e0
[ 1140.701505]  kvm_mmu_create+0xdf/0x1e0
[ 1140.701518]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1140.701532]  kvm_vcpu_init+0x272/0x360
[ 1140.701543]  vmx_create_vcpu+0xfc/0x2aa0
[ 1140.701553]  ? mutex_trylock+0x1c0/0x1c0
[ 1140.701565]  ? retint_kernel+0x2d/0x2d
[ 1140.709506]  ? handle_rdmsr+0x6e0/0x6e0
[ 1140.709519]  ? wait_for_completion+0x420/0x420
[ 1140.709535]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1140.709547]  kvm_vm_ioctl+0x501/0x1600
[ 1140.709557]  ? __lock_acquire+0x5f7/0x4620
[ 1140.709569]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.713885] Node 1 
[ 1140.738452]  ? retint_kernel+0x2d/0x2d
[ 1140.738467]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1140.738480]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1140.738493]  ? check_preemption_disabled+0x3c/0x250
[ 1140.738502]  ? retint_kernel+0x2d/0x2d
[ 1140.738518]  ? selinux_file_ioctl+0x19a/0x560
[ 1140.738526]  ? selinux_file_ioctl+0x1b7/0x560
[ 1140.738538]  ? kvm_vcpu_release+0xa0/0xa0
[ 1140.738549]  do_vfs_ioctl+0x7ae/0x1060
[ 1140.738559]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1140.738571]  ? lock_downgrade+0x740/0x740
[ 1140.743383] Normal free:1841572kB min:53504kB low:66880kB high:80256kB active_anon:1429988kB inactive_anon:18544kB active_file:55448kB inactive_file:25492kB unevictable:0kB writepending:924kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14016kB pagetables:27980kB bounce:0kB free_pcp:1268kB local_pcp:612kB free_cma:0kB
[ 1140.747684]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1140.747699]  ? __fget+0x237/0x370
[ 1140.747717]  ? security_file_ioctl+0x89/0xb0
[ 1140.747729]  SyS_ioctl+0x8f/0xc0
[ 1140.747737]  ? do_vfs_ioctl+0x1060/0x1060
[ 1140.747752]  do_syscall_64+0x1e8/0x640
[ 1140.752486] lowmem_reserve[]:
[ 1140.756246]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1140.756267]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1140.756275] RIP: 0033:0x45c429
[ 1140.756280] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.759556]  0
[ 1140.763641] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1140.763647] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1140.763651] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.763656] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1140.763660] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1140.765991] warn_alloc_show_mem: 1 callbacks suppressed
[ 1140.766027] Mem-Info:
[ 1140.768500]  0
[ 1140.773230] active_anon:837667 inactive_anon:4832 isolated_anon:0
[ 1140.773230]  active_file:14326 inactive_file:7140 isolated_file:0
[ 1140.773230]  unevictable:0 dirty:261 writeback:0 unstable:0
[ 1140.773230]  slab_reclaimable:17848 slab_unreclaimable:152735
[ 1140.773230]  mapped:59415 shmem:255 pagetables:16899 bounce:0
[ 1140.773230]  free:470823 free_pcp:469 free_cma:0
[ 1140.781880]  0
[ 1140.782325] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1140.786600]  0
[ 1140.800326] Node 1 active_anon:1429788kB inactive_anon:18544kB active_file:55448kB inactive_file:25492kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26924kB dirty:924kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1140.829984]  0
[ 1140.832756] Node 0 
[ 1140.846908] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1140.855364] Node 0 
[ 1140.857763] lowmem_reserve[]:
[ 1140.871164] DMA: 
[ 1140.875199]  0
[ 1140.887457] 12*4kB 
[ 1140.889567]  2569
[ 1140.898679] (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1140.898756] Node 0 DMA32: 732*4kB (UME) 661*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 
[ 1140.907336]  2569
[ 1140.919094] 0*4096kB 
[ 1140.923607]  2569
[ 1140.925289] = 31336kB
[ 1140.934646]  2569
[ 1140.941662] Node 0 
[ 1140.953917] Normal: 
[ 1140.957541] Node 0 
[ 1140.963956] 0*4kB 
[ 1140.967114] DMA32 free:31336kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:644kB local_pcp:488kB free_cma:0kB
[ 1140.968771] 0*8kB 
[ 1140.973610] lowmem_reserve[]: 0
[ 1140.982173] 0*16kB 
[ 1140.984424]  0
[ 1140.988366] 0*32kB 
[ 1140.992261]  0 0 0
[ 1141.000898] 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1141.000932] Node 1 Normal: 
[ 1141.005313] Node 0 
[ 1141.009288] 158*4kB 
[ 1141.013380] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1141.021373] (UME) 
[ 1141.022610] lowmem_reserve[]:
[ 1141.026590] 325*8kB 
[ 1141.031201]  0
[ 1141.039087] (UME) 
[ 1141.042191]  0
[ 1141.045411] 751*16kB 
[ 1141.050527]  0 0 0
[ 1141.059464] (UME) 
[ 1141.065040] 321*32kB 
[ 1141.069637] Node 1 
[ 1141.078703] (UME) 
05:09:29 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:29 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:29 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x6}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x2}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)

[ 1141.082865] Normal free:1843344kB min:53504kB low:66880kB high:80256kB active_anon:1429880kB inactive_anon:18548kB active_file:55448kB inactive_file:25564kB unevictable:0kB writepending:1028kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:14016kB pagetables:27864kB bounce:0kB free_pcp:1364kB local_pcp:628kB free_cma:0kB
[ 1141.087318] 147*64kB 
[ 1141.091649] lowmem_reserve[]: 0
[ 1141.126693] (UME) 
[ 1141.130362]  0
[ 1141.134612] 14*128kB 
[ 1141.138089]  0
[ 1141.142683] (M) 
[ 1141.146727]  0
[ 1141.149751] 17*256kB 
[ 1141.160010]  0
[ 1141.161303] (ME) 
[ 1141.176279] 16*512kB 
[ 1141.182211] Node 0 
[ 1141.189401] (UM) 
[ 1141.196893] DMA: 
[ 1141.209742] 2*1024kB 
[ 1141.212102] 12*4kB 
[ 1141.217401] (M) 
[ 1141.219897] (UM) 
[ 1141.225990] 3*2048kB 
[ 1141.261147] 6*8kB 
[ 1141.290857] (UME) 
[ 1141.322439] (UM) 
[ 1141.352154] 436*4096kB 
[ 1141.354410] 1*16kB 
[ 1141.356167] (M) 
[ 1141.358312] (U) 
[ 1141.361173] = 1843312kB
[ 1141.366244] 1*32kB 
[ 1141.376555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1141.390442] (U) 
[ 1141.397485] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1141.399391] 2*64kB 
[ 1141.401308] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1141.401316] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1141.401321] 21756 total pagecache pages
[ 1141.401331] 0 pages in swap cache
[ 1141.401336] Swap cache stats: add 0, delete 0, find 0/0
[ 1141.401340] Free swap  = 0kB
[ 1141.401344] Total swap = 0kB
[ 1141.401351] 1965979 pages RAM
[ 1141.401355] 0 pages HighMem/MovableOnly
[ 1141.401358] 335854 pages reserved
[ 1141.401361] 0 pages cma reserved
[ 1141.721946] (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1141.731065] Node 0 DMA32: 732*4kB (UME) 666*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31376kB
[ 1141.747786] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1141.758776] Node 1 Normal: 188*4kB (UME) 251*8kB (UME) 761*16kB (UME) 329*32kB (UME) 147*64kB (UME) 14*128kB (M) 18*256kB (UME) 14*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1842488kB
[ 1141.776967] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1141.786604] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1141.795693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1141.804797] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1141.813649] 21757 total pagecache pages
[ 1141.817946] 0 pages in swap cache
[ 1141.822521] Swap cache stats: add 0, delete 0, find 0/0
[ 1141.827980] Free swap  = 0kB
[ 1141.831733] Total swap = 0kB
05:09:29 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:29 executing program 1:
r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2)
poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0)

05:09:29 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:29 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}]}})
creat(&(0x7f0000000700)='./bus\x00', 0x0)

[ 1141.834832] 1965979 pages RAM
[ 1141.838010] 0 pages HighMem/MovableOnly
[ 1141.842351] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1141.842656] 335854 pages reserved
[ 1141.856980] 0 pages cma reserved
[ 1141.858012] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1141.875419] CPU: 0 PID: 12105 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1141.883433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1141.892794] Call Trace:
[ 1141.895401]  dump_stack+0x142/0x197
[ 1141.899136]  warn_alloc.cold+0x96/0x1af
[ 1141.903261]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1141.908137]  ? wait_for_completion+0x420/0x420
[ 1141.912850]  ? get_page_from_freelist+0x11/0x2370
[ 1141.917772]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1141.923178]  ? warn_alloc+0xf0/0xf0
[ 1141.926814]  ? check_preemption_disabled+0x3c/0x250
[ 1141.931867]  ? retint_kernel+0x2d/0x2d
[ 1141.935820]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1141.940520]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1141.945692]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1141.950872]  alloc_pages_current+0xec/0x1e0
[ 1141.955225]  kvm_mmu_create+0xdf/0x1e0
[ 1141.959129]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1141.963473]  kvm_vcpu_init+0x272/0x360
[ 1141.967385]  vmx_create_vcpu+0xfc/0x2aa0
[ 1141.971469]  ? mutex_trylock+0x1c0/0x1c0
[ 1141.975562]  ? handle_rdmsr+0x6e0/0x6e0
[ 1141.979661]  ? wait_for_completion+0x420/0x420
[ 1141.984297]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1141.988646]  kvm_vm_ioctl+0x501/0x1600
[ 1141.992550]  ? __lock_acquire+0x5f7/0x4620
[ 1141.996806]  ? mark_held_locks+0xb1/0x100
[ 1142.000976]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.005152]  ? trace_hardirqs_on+0x10/0x10
[ 1142.009523]  ? trace_hardirqs_on+0x10/0x10
[ 1142.013780]  ? __might_fault+0x110/0x1d0
[ 1142.017919]  ? save_trace+0x290/0x290
[ 1142.021744]  ? __might_fault+0x110/0x1d0
[ 1142.025824]  ? __fget+0x210/0x370
[ 1142.029291]  ? retint_kernel+0x2d/0x2d
05:09:29 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1142.033204]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.037520]  do_vfs_ioctl+0x7ae/0x1060
[ 1142.041439]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1142.047166]  ? check_preemption_disabled+0x3c/0x250
[ 1142.052204]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1142.057034]  ? security_file_ioctl+0x89/0xb0
[ 1142.061569]  SyS_ioctl+0x8f/0xc0
[ 1142.065043]  ? do_vfs_ioctl+0x1060/0x1060
[ 1142.069211]  do_syscall_64+0x1e8/0x640
[ 1142.073250]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1142.078262]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1142.083475] RIP: 0033:0x45c429
[ 1142.086680] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1142.094399] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1142.097849] syz-executor.5: 
[ 1142.101851] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1142.101859] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1142.101864] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1142.101869] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
05:09:29 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:29 executing program 1:
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x4200, 0x0)

[ 1142.129273] warn_alloc_show_mem: 2 callbacks suppressed
[ 1142.129308] Mem-Info:
[ 1142.144677] active_anon:837611 inactive_anon:4832 isolated_anon:0
[ 1142.144677]  active_file:14326 inactive_file:7165 isolated_file:0
[ 1142.144677]  unevictable:0 dirty:292 writeback:0 unstable:0
[ 1142.144677]  slab_reclaimable:17898 slab_unreclaimable:153157
[ 1142.144677]  mapped:59432 shmem:255 pagetables:16889 bounce:0
[ 1142.144677]  free:470333 free_pcp:390 free_cma:0
[ 1142.180933] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1142.185143] syz-executor.3: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1142.260374] Node 1 active_anon:1429764kB inactive_anon:18544kB active_file:55448kB inactive_file:25592kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26992kB dirty:1048kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1142.294451] syz-executor.3 cpuset=syz3 mems_allowed=0-1
[ 1142.320628] page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1142.329756] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1142.334419] CPU: 1 PID: 12123 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1142.357514] lowmem_reserve[]:
[ 1142.364781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1142.364786] Call Trace:
[ 1142.364807]  dump_stack+0x142/0x197
[ 1142.364822]  warn_alloc.cold+0x96/0x1af
[ 1142.364833]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1142.364868]  ? wait_for_completion+0x420/0x420
[ 1142.364885]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1142.364909]  ? warn_alloc+0xf0/0xf0
[ 1142.364928]  ? __might_sleep+0x93/0xb0
[ 1142.364940]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1142.364953]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1142.364964]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1142.364986]  alloc_pages_current+0xec/0x1e0
[ 1142.365001]  kvm_mmu_create+0xdf/0x1e0
[ 1142.365015]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1142.365029]  kvm_vcpu_init+0x272/0x360
[ 1142.365042]  vmx_create_vcpu+0xfc/0x2aa0
[ 1142.365051]  ? mutex_trylock+0x1c0/0x1c0
[ 1142.365069]  ? handle_rdmsr+0x6e0/0x6e0
[ 1142.365079]  ? wait_for_completion+0x420/0x420
[ 1142.365092]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1142.365104]  kvm_vm_ioctl+0x501/0x1600
[ 1142.365115]  ? __lock_acquire+0x5f7/0x4620
[ 1142.365124]  ? get_unused_fd_flags+0xd0/0xd0
[ 1142.365137]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.365147]  ? trace_hardirqs_on+0x10/0x10
[ 1142.365162]  ? trace_hardirqs_on+0x10/0x10
[ 1142.365180]  ? __might_fault+0x110/0x1d0
[ 1142.365191]  ? save_trace+0x290/0x290
[ 1142.365201]  ? __might_fault+0x110/0x1d0
[ 1142.365212]  ? __fget+0x210/0x370
[ 1142.365222]  ? find_held_lock+0x35/0x130
[ 1142.365232]  ? __fget+0x210/0x370
[ 1142.365243]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.365255]  do_vfs_ioctl+0x7ae/0x1060
[ 1142.365267]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1142.365276]  ? lock_downgrade+0x740/0x740
[ 1142.365286]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1142.365299]  ? __fget+0x237/0x370
[ 1142.365316]  ? security_file_ioctl+0x89/0xb0
[ 1142.365328]  SyS_ioctl+0x8f/0xc0
[ 1142.365339]  ? do_vfs_ioctl+0x1060/0x1060
[ 1142.365354]  do_syscall_64+0x1e8/0x640
[ 1142.369324]  0
[ 1142.378539]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1142.378558]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1142.378566] RIP: 0033:0x45c429
[ 1142.378571] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1142.378580] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1142.378585] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1142.378590] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1142.378595] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1142.378600] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1142.381790] syz-executor.5 cpuset=
[ 1142.389976]  2569
[ 1142.396902] syz5
[ 1142.400896]  2569
[ 1142.405901]  mems_allowed=0-1
[ 1142.408895]  2569
[ 1142.413528] CPU: 1 PID: 12114 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1142.413536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1142.413540] Call Trace:
[ 1142.413557]  dump_stack+0x142/0x197
[ 1142.413573]  warn_alloc.cold+0x96/0x1af
[ 1142.413584]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1142.413595]  ? check_preemption_disabled+0x3c/0x250
[ 1142.413670]  ? retint_kernel+0x2d/0x2d
[ 1142.413698]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1142.413708]  ? check_preemption_disabled+0x3c/0x250
[ 1142.413732]  ? warn_alloc+0xf0/0xf0
[ 1142.413752]  ? __might_sleep+0x93/0xb0
[ 1142.413765]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1142.413779]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1142.413792]  ? retint_kernel+0x2d/0x2d
[ 1142.413814]  alloc_pages_current+0xec/0x1e0
[ 1142.413829]  kvm_mmu_create+0xdf/0x1e0
[ 1142.413842]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1142.413855]  kvm_vcpu_init+0x272/0x360
[ 1142.413868]  vmx_create_vcpu+0xfc/0x2aa0
[ 1142.413878]  ? check_preemption_disabled+0x3c/0x250
[ 1142.413888]  ? retint_kernel+0x2d/0x2d
[ 1142.413903]  ? handle_rdmsr+0x6e0/0x6e0
[ 1142.413914]  ? kvm_arch_vcpu_create+0x14/0xc0
[ 1142.413928]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1142.413940]  kvm_vm_ioctl+0x501/0x1600
[ 1142.413951]  ? __lock_acquire+0x5f7/0x4620
[ 1142.413962]  ? get_unused_fd_flags+0xd0/0xd0
[ 1142.413975]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.413985]  ? trace_hardirqs_on+0x10/0x10
[ 1142.414001]  ? trace_hardirqs_on+0x10/0x10
[ 1142.414014]  ? __might_fault+0x110/0x1d0
[ 1142.414025]  ? save_trace+0x290/0x290
[ 1142.414035]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1142.414045]  ? __fget+0x210/0x370
[ 1142.414055]  ? find_held_lock+0x35/0x130
[ 1142.414066]  ? __fget+0x210/0x370
[ 1142.414078]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.414089]  do_vfs_ioctl+0x7ae/0x1060
[ 1142.414101]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1142.414110]  ? lock_downgrade+0x740/0x740
[ 1142.414161]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1142.414176]  ? __fget+0x237/0x370
[ 1142.414193]  ? security_file_ioctl+0x89/0xb0
[ 1142.414206]  SyS_ioctl+0x8f/0xc0
[ 1142.414216]  ? do_vfs_ioctl+0x1060/0x1060
[ 1142.414229]  do_syscall_64+0x1e8/0x640
[ 1142.414239]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1142.414256]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1142.414265] RIP: 0033:0x45c429
[ 1142.414270] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1142.414281] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1142.414287] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1142.414293] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1142.414299] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1142.414305] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1142.442176] syz-executor.3: 
[ 1142.447186]  2569
[ 1142.455354] page allocation failure: order:0
[ 1142.476572] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1142.477758] Node 0 
[ 1142.482440] (null)
[ 1142.485724] DMA32 free:31368kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:708kB local_pcp:200kB free_cma:0kB
[ 1142.490307] syz-executor.3 cpuset=
[ 1142.501052] lowmem_reserve[]:
[ 1142.504347] syz3
[ 1142.507421]  0
[ 1142.514799]  mems_allowed=0-1
[ 1142.515301]  0
[ 1142.519104] CPU: 1 PID: 12123 Comm: syz-executor.3 Not tainted 4.14.171-syzkaller #0
[ 1142.522984]  0
[ 1142.526744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1142.526748] Call Trace:
[ 1142.526766]  dump_stack+0x142/0x197
[ 1142.526780]  warn_alloc.cold+0x96/0x1af
[ 1142.531716]  0
[ 1142.535774]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1142.535795]  ? wait_for_completion+0x420/0x420
[ 1142.540593]  0
[ 1142.543748]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1142.543773]  ? warn_alloc+0xf0/0xf0
[ 1142.552108]  ? __might_sleep+0x93/0xb0
[ 1142.552122]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1142.552135]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1142.552145]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1142.552165]  alloc_pages_current+0xec/0x1e0
[ 1142.556598] Node 0 
[ 1142.560414]  kvm_mmu_create+0xdf/0x1e0
[ 1142.560428]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1142.560441]  kvm_vcpu_init+0x272/0x360
[ 1142.560452]  vmx_create_vcpu+0xfc/0x2aa0
[ 1142.560462]  ? mutex_trylock+0x1c0/0x1c0
[ 1142.560479]  ? handle_rdmsr+0x6e0/0x6e0
[ 1142.562363] Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1142.567140]  ? wait_for_completion+0x420/0x420
[ 1142.567157]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1142.567170]  kvm_vm_ioctl+0x501/0x1600
[ 1142.567183]  ? __lock_acquire+0x5f7/0x4620
[ 1142.572776] lowmem_reserve[]:
[ 1142.575738]  ? get_unused_fd_flags+0xd0/0xd0
[ 1142.575756]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.584695]  0
[ 1142.590844]  ? trace_hardirqs_on+0x10/0x10
[ 1142.590863]  ? trace_hardirqs_on+0x10/0x10
[ 1142.590875]  ? __might_fault+0x110/0x1d0
[ 1142.590884]  ? save_trace+0x290/0x290
[ 1142.590893]  ? __might_fault+0x110/0x1d0
[ 1142.590904]  ? __fget+0x210/0x370
[ 1142.590913]  ? find_held_lock+0x35/0x130
[ 1142.590925]  ? __fget+0x210/0x370
[ 1142.598825]  0
[ 1142.606149]  ? kvm_vcpu_release+0xa0/0xa0
[ 1142.606161]  do_vfs_ioctl+0x7ae/0x1060
[ 1142.606174]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1142.606183]  ? lock_downgrade+0x740/0x740
[ 1142.606193]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1142.606208]  ? __fget+0x237/0x370
[ 1142.613879]  0
[ 1142.621193]  ? security_file_ioctl+0x89/0xb0
[ 1142.621208]  SyS_ioctl+0x8f/0xc0
[ 1142.621219]  ? do_vfs_ioctl+0x1060/0x1060
[ 1142.621232]  do_syscall_64+0x1e8/0x640
[ 1142.621245]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1142.625520]  0
[ 1142.627406]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1142.627416] RIP: 0033:0x45c429
[ 1142.627421] RSP: 002b:00007f0403acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1142.629484]  0
[ 1142.631485] RAX: ffffffffffffffda RBX: 00007f0403ace6d4 RCX: 000000000045c429
[ 1142.631491] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1142.631496] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1142.631501] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1142.631506] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1143.275305] Node 1 Normal free:1841872kB min:53504kB low:66880kB high:80256kB active_anon:1429548kB inactive_anon:18540kB active_file:55448kB inactive_file:25660kB unevictable:0kB writepending:1116kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13696kB pagetables:27784kB bounce:0kB free_pcp:1048kB local_pcp:408kB free_cma:0kB
[ 1143.275330] lowmem_reserve[]: 0 0 0 0 0
[ 1143.275350] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1143.326835] Node 0 DMA32: 732*4kB (UME) 671*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31416kB
[ 1143.341727] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1143.352694] Node 1 Normal: 261*4kB (UME) 189*8kB (UME) 770*16kB (UME) 334*32kB (UME) 148*64kB (UME) 20*128kB (UM) 21*256kB (UME) 13*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1843676kB
[ 1143.370687] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1143.379565] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1143.388253] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1143.397666] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1143.406299] 21777 total pagecache pages
[ 1143.410484] 0 pages in swap cache
[ 1143.413964] Swap cache stats: add 0, delete 0, find 0/0
[ 1143.419349] Free swap  = 0kB
[ 1143.422445] Total swap = 0kB
[ 1143.425468] 1965979 pages RAM
[ 1143.428595] 0 pages HighMem/MovableOnly
[ 1143.432639] 335854 pages reserved
[ 1143.436099] 0 pages cma reserved
05:09:31 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:31 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:31 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:31 executing program 3:

05:09:31 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:31 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x1}, {0x6}, {0x0, 0x0, 0x4}, {0x0, 0x8}, {}, {}, {}, {0xfc}, {}, {}, {}, {0x0, 0x2}, {0x0, 0x80}, {0x0, 0x9}]}})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

05:09:31 executing program 3:

05:09:31 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:31 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:31 executing program 3:

[ 1143.637705] syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1143.676113] syz-executor.1 cpuset=syz1 mems_allowed=0-1
[ 1143.696978] CPU: 1 PID: 12156 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
[ 1143.705980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1143.715483] Call Trace:
[ 1143.718106]  dump_stack+0x142/0x197
[ 1143.721869]  warn_alloc.cold+0x96/0x1af
[ 1143.725966]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1143.730850]  ? wait_for_completion+0x420/0x420
[ 1143.735457]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1143.740350]  ? warn_alloc+0xf0/0xf0
[ 1143.744003]  ? __might_sleep+0x93/0xb0
[ 1143.748072]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1143.752766]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1143.758061]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1143.763105]  alloc_pages_current+0xec/0x1e0
[ 1143.767451]  kvm_mmu_create+0xdf/0x1e0
[ 1143.771372]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1143.775725]  kvm_vcpu_init+0x272/0x360
[ 1143.779640]  vmx_create_vcpu+0xfc/0x2aa0
[ 1143.783731]  ? mutex_trylock+0x1c0/0x1c0
[ 1143.787810]  ? handle_rdmsr+0x6e0/0x6e0
[ 1143.791818]  ? wait_for_completion+0x420/0x420
[ 1143.796402]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1143.800841]  kvm_vm_ioctl+0x501/0x1600
[ 1143.804742]  ? __lock_acquire+0x5f7/0x4620
[ 1143.809064]  ? kvm_vcpu_release+0xa0/0xa0
[ 1143.813227]  ? trace_hardirqs_on+0x10/0x10
[ 1143.817627]  ? trace_hardirqs_on+0x10/0x10
[ 1143.823127]  ? __might_fault+0x110/0x1d0
[ 1143.827222]  ? save_trace+0x290/0x290
[ 1143.831022]  ? __might_fault+0x110/0x1d0
[ 1143.835157]  ? __fget+0x210/0x370
[ 1143.838609]  ? find_held_lock+0x35/0x130
[ 1143.843007]  ? __fget+0x210/0x370
[ 1143.846594]  ? kvm_vcpu_release+0xa0/0xa0
[ 1143.850745]  do_vfs_ioctl+0x7ae/0x1060
[ 1143.854650]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1143.859429]  ? lock_downgrade+0x740/0x740
[ 1143.863615]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1143.868044]  ? __fget+0x237/0x370
[ 1143.871514]  ? security_file_ioctl+0x89/0xb0
[ 1143.876029]  SyS_ioctl+0x8f/0xc0
[ 1143.879615]  ? do_vfs_ioctl+0x1060/0x1060
[ 1143.883891]  do_syscall_64+0x1e8/0x640
[ 1143.887786]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1143.892765]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
05:09:31 executing program 3:

05:09:31 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:31 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:31 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1143.898158] RIP: 0033:0x45c429
[ 1143.901713] RSP: 002b:00007f39eeb7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1143.910284] RAX: ffffffffffffffda RBX: 00007f39eeb7f6d4 RCX: 000000000045c429
[ 1143.917760] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[ 1143.925104] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1143.932484] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1143.939754] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1143.988955] warn_alloc_show_mem: 3 callbacks suppressed
[ 1143.988959] Mem-Info:
[ 1144.021325] active_anon:837646 inactive_anon:4835 isolated_anon:0
[ 1144.021325]  active_file:14326 inactive_file:7189 isolated_file:0
[ 1144.021325]  unevictable:0 dirty:318 writeback:0 unstable:0
[ 1144.021325]  slab_reclaimable:17876 slab_unreclaimable:153069
[ 1144.021325]  mapped:59455 shmem:255 pagetables:16893 bounce:0
[ 1144.021325]  free:470470 free_pcp:388 free_cma:0
05:09:31 executing program 3:

[ 1144.084360] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1144.125757] Node 1 active_anon:1429804kB inactive_anon:18556kB active_file:55448kB inactive_file:25660kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26984kB dirty:1152kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1144.165745] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1144.195024] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1144.206353] Node 0 DMA32 free:31392kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3096kB unevictable:0kB writepending:120kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:748kB local_pcp:508kB free_cma:0kB
[ 1144.245038] lowmem_reserve[]: 0 0 0 0 0
[ 1144.253992] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1144.288106] lowmem_reserve[]: 0 0 0 0 0
[ 1144.292885] Node 1 Normal free:1841144kB min:53504kB low:66880kB high:80256kB active_anon:1429804kB inactive_anon:18556kB active_file:55448kB inactive_file:25660kB unevictable:0kB writepending:1152kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13856kB pagetables:27956kB bounce:0kB free_pcp:924kB local_pcp:344kB free_cma:0kB
[ 1144.324696] lowmem_reserve[]: 0 0 0 0 0
[ 1144.328859] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1144.343917] Node 0 DMA32: 732*4kB (UME) 671*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31416kB
[ 1144.359354] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1144.370312] Node 1 Normal: 226*4kB (UME) 73*8kB (UME) 703*16kB (UME) 332*32kB (UME) 149*64kB (UME) 17*128kB (UM) 21*256kB (UME) 13*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1841152kB
[ 1144.389143] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1144.399298] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1144.410289] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1144.425646] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1144.435428] 21778 total pagecache pages
05:09:32 executing program 1:

05:09:32 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:32 executing program 3:

05:09:32 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

05:09:32 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:32 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1144.439646] 0 pages in swap cache
[ 1144.448394] Swap cache stats: add 0, delete 0, find 0/0
[ 1144.454030] Free swap  = 0kB
[ 1144.457359] Total swap = 0kB
[ 1144.462044] 1965979 pages RAM
[ 1144.465943] 0 pages HighMem/MovableOnly
[ 1144.469919] 335854 pages reserved
[ 1144.474214] 0 pages cma reserved
05:09:32 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:32 executing program 3:

05:09:32 executing program 3:

05:09:32 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:32 executing program 1:

05:09:32 executing program 3:

05:09:32 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:32 executing program 1:

05:09:32 executing program 3:

05:09:32 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[ 1144.903529] warn_alloc: 2 callbacks suppressed
[ 1144.903559] syz-executor.5: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1144.925327] syz-executor.5 cpuset=syz5 mems_allowed=0-1
[ 1144.931467] CPU: 0 PID: 12202 Comm: syz-executor.5 Not tainted 4.14.171-syzkaller #0
[ 1144.939403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.948765] Call Trace:
[ 1144.951362]  dump_stack+0x142/0x197
[ 1144.955013]  warn_alloc.cold+0x96/0x1af
[ 1144.958998]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1144.963864]  ? wait_for_completion+0x420/0x420
[ 1144.968471]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1144.973352]  ? warn_alloc+0xf0/0xf0
[ 1144.977021]  ? __might_sleep+0x93/0xb0
[ 1144.980981]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1144.985765]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1144.990822]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1144.996133]  alloc_pages_current+0xec/0x1e0
[ 1145.001021]  kvm_mmu_create+0xdf/0x1e0
[ 1145.004929]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1145.009274]  kvm_vcpu_init+0x272/0x360
[ 1145.013177]  vmx_create_vcpu+0xfc/0x2aa0
[ 1145.017246]  ? check_preemption_disabled+0x3c/0x250
[ 1145.022280]  ? retint_kernel+0x2d/0x2d
[ 1145.026189]  ? handle_rdmsr+0x6e0/0x6e0
[ 1145.030879]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1145.032039] syz-executor.2: 
[ 1145.035231]  kvm_vm_ioctl+0x501/0x1600
[ 1145.035244]  ? __lock_acquire+0x5f7/0x4620
[ 1145.035255]  ? get_unused_fd_flags+0xd0/0xd0
[ 1145.035268]  ? kvm_vcpu_release+0xa0/0xa0
[ 1145.035278]  ? trace_hardirqs_on+0x10/0x10
[ 1145.035293]  ? trace_hardirqs_on+0x10/0x10
[ 1145.035305]  ? __might_fault+0x110/0x1d0
[ 1145.035315]  ? save_trace+0x290/0x290
[ 1145.035329]  ? __might_fault+0x110/0x1d0
[ 1145.038540] page allocation failure: order:0
[ 1145.042346]  ? __fget+0x210/0x370
[ 1145.042359]  ? find_held_lock+0x35/0x130
[ 1145.042368]  ? __fget+0x210/0x370
[ 1145.042389]  ? kvm_vcpu_release+0xa0/0xa0
[ 1145.042401]  do_vfs_ioctl+0x7ae/0x1060
[ 1145.042414]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1145.042421]  ? lock_downgrade+0x740/0x740
[ 1145.042431]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1145.042441]  ? __fget+0x237/0x370
[ 1145.042456]  ? security_file_ioctl+0x89/0xb0
[ 1145.042468]  SyS_ioctl+0x8f/0xc0
[ 1145.042477]  ? do_vfs_ioctl+0x1060/0x1060
[ 1145.042493]  do_syscall_64+0x1e8/0x640
[ 1145.047456] , mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=
[ 1145.051233]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1145.051251]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1145.051260] RIP: 0033:0x45c429
[ 1145.051265] RSP: 002b:00007f7d63f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1145.051277] RAX: ffffffffffffffda RBX: 00007f7d63f6e6d4 RCX: 000000000045c429
[ 1145.051283] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[ 1145.051289] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1145.051294] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1145.051299] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1145.062315] Mem-Info:
[ 1145.078119] (null)
[ 1145.081374] active_anon:837623 inactive_anon:4836 isolated_anon:0
[ 1145.081374]  active_file:14326 inactive_file:7183 isolated_file:0
[ 1145.081374]  unevictable:0 dirty:219 writeback:0 unstable:0
[ 1145.081374]  slab_reclaimable:17842 slab_unreclaimable:152801
[ 1145.081374]  mapped:59424 shmem:255 pagetables:16909 bounce:0
[ 1145.081374]  free:470776 free_pcp:474 free_cma:0
[ 1145.088757] syz-executor.2 cpuset=
[ 1145.093578] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3068kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:120kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1145.097407] syz2
[ 1145.101606] Node 1 active_anon:1429812kB inactive_anon:18560kB active_file:55448kB inactive_file:25664kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26960kB dirty:756kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1145.111573]  mems_allowed=0-1
[ 1145.115867] Node 0 
[ 1145.119190] CPU: 1 PID: 12230 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1145.124073] DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1145.126887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1145.126892] Call Trace:
[ 1145.126913]  dump_stack+0x142/0x197
[ 1145.126929]  warn_alloc.cold+0x96/0x1af
[ 1145.132154] lowmem_reserve[]:
[ 1145.135093]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1145.135113]  ? wait_for_completion+0x420/0x420
[ 1145.135130]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1145.135154]  ? warn_alloc+0xf0/0xf0
[ 1145.135178]  ? __might_sleep+0x93/0xb0
[ 1145.141825]  0
[ 1145.145945]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1145.145959]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1145.145969]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1145.145991]  alloc_pages_current+0xec/0x1e0
[ 1145.146013]  kvm_mmu_create+0xdf/0x1e0
[ 1145.151404]  2569
[ 1145.154481]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1145.154496]  kvm_vcpu_init+0x272/0x360
[ 1145.154513]  vmx_create_vcpu+0xfc/0x2aa0
[ 1145.163021]  2569
[ 1145.169509]  ? mutex_trylock+0x1c0/0x1c0
[ 1145.169525]  ? __might_fault+0x110/0x1d0
[ 1145.169540]  ? handle_rdmsr+0x6e0/0x6e0
[ 1145.169550]  ? wait_for_completion+0x420/0x420
[ 1145.169565]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1145.169583]  kvm_vm_ioctl+0x501/0x1600
[ 1145.177139]  2569
[ 1145.184237]  ? __lock_acquire+0x5f7/0x4620
[ 1145.184246]  ? mark_held_locks+0xb1/0x100
[ 1145.184260]  ? kvm_vcpu_release+0xa0/0xa0
[ 1145.184269]  ? trace_hardirqs_on+0x10/0x10
[ 1145.184284]  ? trace_hardirqs_on+0x10/0x10
[ 1145.184297]  ? __might_fault+0x110/0x1d0
[ 1145.184308]  ? save_trace+0x290/0x290
[ 1145.184317]  ? __might_fault+0x110/0x1d0
[ 1145.184330]  ? __fget+0x210/0x370
[ 1145.184340]  ? find_held_lock+0x35/0x130
[ 1145.184350]  ? __fget+0x210/0x370
[ 1145.184467]  ? kvm_vcpu_release+0xa0/0xa0
[ 1145.184488]  do_vfs_ioctl+0x7ae/0x1060
[ 1145.184503]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1145.184513]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1145.184524]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1145.184534]  ? check_preemption_disabled+0x3c/0x250
[ 1145.184546]  ? retint_kernel+0x2d/0x2d
[ 1145.184564]  ? security_file_ioctl+0x89/0xb0
[ 1145.184577]  SyS_ioctl+0x8f/0xc0
[ 1145.184587]  ? do_vfs_ioctl+0x1060/0x1060
[ 1145.184612]  do_syscall_64+0x1e8/0x640
[ 1145.184622]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1145.184638]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1145.184646] RIP: 0033:0x45c429
[ 1145.184651] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1145.184663] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1145.184669] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1145.184675] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1145.184681] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1145.184693] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1145.195956]  2569
[ 1145.624754] Node 0 DMA32 free:31440kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:80kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:788kB local_pcp:544kB free_cma:0kB
[ 1145.656672] lowmem_reserve[]: 0 0 0 0 0
[ 1145.660792] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1145.686363] lowmem_reserve[]: 0 0 0 0 0
[ 1145.690631] Node 1 Normal free:1842056kB min:53504kB low:66880kB high:80256kB active_anon:1429500kB inactive_anon:18552kB active_file:55448kB inactive_file:25708kB unevictable:0kB writepending:868kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13664kB pagetables:27692kB bounce:0kB free_pcp:1280kB local_pcp:624kB free_cma:0kB
[ 1145.721339] lowmem_reserve[]: 0 0 0 0 0
[ 1145.725351] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1145.739985] Node 0 DMA32: 732*4kB (UME) 674*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31440kB
[ 1145.755204] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1145.766085] Node 1 Normal: 219*4kB (UME) 26*8kB (UME) 578*16kB (UME) 340*32kB (UME) 149*64kB (UME) 25*128kB (UM) 23*256kB (UME) 16*512kB (UM) 2*1024kB (M) 3*2048kB (UME) 436*4096kB (M) = 1842076kB
[ 1145.786794] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1145.796036] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
05:09:33 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:33 executing program 1:

05:09:33 executing program 3:

05:09:33 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:33 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:33 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 1145.805176] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1145.814103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1145.822855] 21797 total pagecache pages
[ 1145.826975] 0 pages in swap cache
[ 1145.830508] Swap cache stats: add 0, delete 0, find 0/0
[ 1145.836031] Free swap  = 0kB
[ 1145.839070] Total swap = 0kB
[ 1145.842239] 1965979 pages RAM
[ 1145.845381] 0 pages HighMem/MovableOnly
[ 1145.849372] 335854 pages reserved
[ 1145.852865] 0 pages cma reserved
05:09:33 executing program 3:

05:09:33 executing program 1:

05:09:33 executing program 3:

[ 1146.056638] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1146.068933] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1146.075051] CPU: 0 PID: 12238 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1146.082979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1146.092352] Call Trace:
[ 1146.095076]  dump_stack+0x142/0x197
[ 1146.098733]  warn_alloc.cold+0x96/0x1af
05:09:33 executing program 3:

05:09:33 executing program 3:

[ 1146.102737]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1146.107826]  ? wait_for_completion+0x420/0x420
[ 1146.112536]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1146.117420]  ? warn_alloc+0xf0/0xf0
[ 1146.121103]  ? __might_sleep+0x93/0xb0
[ 1146.125032]  __alloc_pages_nodemask+0x62c/0x7a0
[ 1146.129818]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1146.134852]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1146.140135]  alloc_pages_current+0xec/0x1e0
[ 1146.144478]  kvm_mmu_create+0xdf/0x1e0
[ 1146.148399]  kvm_arch_vcpu_init+0x29c/0x8e0
[ 1146.152813]  kvm_vcpu_init+0x272/0x360
05:09:33 executing program 3:

[ 1146.156719]  vmx_create_vcpu+0xfc/0x2aa0
[ 1146.160884]  ? check_preemption_disabled+0x3c/0x250
[ 1146.165921]  ? retint_kernel+0x2d/0x2d
[ 1146.169842]  ? handle_rdmsr+0x6e0/0x6e0
[ 1146.173922]  kvm_arch_vcpu_create+0x8c/0xc0
[ 1146.178623]  kvm_vm_ioctl+0x501/0x1600
[ 1146.182532]  ? __lock_acquire+0x5f7/0x4620
[ 1146.186871]  ? mark_held_locks+0xb1/0x100
[ 1146.191050]  ? kvm_vcpu_release+0xa0/0xa0
[ 1146.195222]  ? retint_kernel+0x2d/0x2d
[ 1146.199148]  ? trace_hardirqs_on_caller+0x400/0x590
05:09:33 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:33 executing program 3:

[ 1146.204186]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1146.208968]  ? check_preemption_disabled+0x3c/0x250
[ 1146.214145]  ? retint_kernel+0x2d/0x2d
[ 1146.218247]  ? selinux_file_ioctl+0x19a/0x560
[ 1146.222762]  ? selinux_file_ioctl+0x22c/0x560
[ 1146.227309]  ? kvm_vcpu_release+0xa0/0xa0
[ 1146.231585]  do_vfs_ioctl+0x7ae/0x1060
[ 1146.235835]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1146.240771]  ? lock_downgrade+0x740/0x740
[ 1146.244946]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1146.249390]  ? __fget+0x237/0x370
05:09:33 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

[ 1146.252910]  ? security_file_ioctl+0x89/0xb0
[ 1146.258363]  SyS_ioctl+0x8f/0xc0
[ 1146.261754]  ? do_vfs_ioctl+0x1060/0x1060
[ 1146.265938]  do_syscall_64+0x1e8/0x640
[ 1146.269859]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1146.274741]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1146.280071] RIP: 0033:0x45c429
[ 1146.283453] RSP: 002b:00007f8362eebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1146.291367] RAX: ffffffffffffffda RBX: 00007f8362eec6d4 RCX: 000000000045c429
[ 1146.298652] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[ 1146.305942] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1146.313354] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1146.320776] R13: 000000000000038f R14: 00000000004c5c1b R15: 000000000076bf2c
[ 1146.385417] warn_alloc_show_mem: 1 callbacks suppressed
[ 1146.385455] Mem-Info:
[ 1146.394863] active_anon:837627 inactive_anon:4830 isolated_anon:0
[ 1146.394863]  active_file:14326 inactive_file:7220 isolated_file:0
[ 1146.394863]  unevictable:0 dirty:273 writeback:0 unstable:0
[ 1146.394863]  slab_reclaimable:17870 slab_unreclaimable:152679
[ 1146.394863]  mapped:59432 shmem:255 pagetables:16877 bounce:0
[ 1146.394863]  free:470786 free_pcp:509 free_cma:0
[ 1146.429962] Node 0 active_anon:1920680kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210736kB dirty:100kB writeback:0kB shmem:988kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1302528kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1146.460441] Node 1 active_anon:1429756kB inactive_anon:18548kB active_file:55448kB inactive_file:25756kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26960kB dirty:992kB writeback:0kB shmem:32kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1146.489590] Node 0 DMA free:10384kB min:216kB low:268kB high:320kB active_anon:4988kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:64kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1146.516786] lowmem_reserve[]: 0 2569 2569 2569 2569
[ 1146.522500] Node 0 DMA32 free:31440kB min:36384kB low:45480kB high:54576kB active_anon:1915692kB inactive_anon:784kB active_file:1856kB inactive_file:3124kB unevictable:0kB writepending:100kB present:3129332kB managed:2634400kB mlocked:0kB kernel_stack:12128kB pagetables:39616kB bounce:0kB free_pcp:804kB local_pcp:244kB free_cma:0kB
[ 1146.553214] lowmem_reserve[]: 0 0 0 0 0
[ 1146.557339] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1146.585122] lowmem_reserve[]: 0 0 0 0 0
[ 1146.589339] Node 1 Normal free:1842592kB min:53504kB low:66880kB high:80256kB active_anon:1429756kB inactive_anon:18548kB active_file:55448kB inactive_file:25756kB unevictable:0kB writepending:1000kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:13984kB pagetables:27820kB bounce:0kB free_pcp:1328kB local_pcp:688kB free_cma:0kB
[ 1146.620994] lowmem_reserve[]: 0 0 0 0 0
[ 1146.625329] Node 0 DMA: 12*4kB (UM) 6*8kB (UM) 1*16kB (U) 1*32kB (U) 2*64kB (UM) 1*128kB (U) 1*256kB (U) 3*512kB (UM) 0*1024kB 0*2048kB 2*4096kB (M) = 10384kB
[ 1146.640452] Node 0 DMA32: 732*4kB (UME) 674*8kB (UMH) 367*16kB (UMH) 327*32kB (UM) 86*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31440kB
[ 1146.655967] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1146.667238] Node 1 Normal: 294*4kB (UME) 251*8kB (UME) 414*16kB (UE) 326*32kB (UME) 149*64kB (UME) 25*128kB (UM) 23*256kB (UME) 17*512kB (UM) 3*1024kB (UM) 3*2048kB (UME) 436*4096kB (M) = 1842640kB
[ 1146.685758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1146.694816] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1146.703797] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1146.712877] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1146.722981] 21804 total pagecache pages
[ 1146.727092] 0 pages in swap cache
[ 1146.740227] Swap cache stats: add 0, delete 0, find 0/0
[ 1146.745770] Free swap  = 0kB
[ 1146.748921] Total swap = 0kB
[ 1146.756962] 1965979 pages RAM
[ 1146.760377] 0 pages HighMem/MovableOnly
[ 1146.764487] 335854 pages reserved
[ 1146.768129] 0 pages cma reserved
05:09:34 executing program 2:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

05:09:34 executing program 3:

05:09:34 executing program 1:

05:09:34 executing program 5:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
inotify_init1(0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x7ff, 0x97e3]})
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000400))

05:09:34 executing program 0:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f000095dffc))
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

05:09:34 executing program 4:
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x4, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

05:09:34 executing program 3:

05:09:34 executing program 1:

05:09:34 executing program 3:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000002d40)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000000f650000000000006507f9ff01000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955ccefa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a6730000000000000003e431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r0 = gettid()
tkill(r0, 0x3c)

05:09:34 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)

05:09:34 executing program 3:
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000000)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='afs\x00', 0x0, 0x0)

05:09:34 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1147.203723] syz-executor.2: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
[ 1147.216514] syz-executor.2 cpuset=syz2 mems_allowed=0-1
[ 1147.222929] CPU: 1 PID: 12286 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0
[ 1147.230849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1147.240909] Call Trace:
[ 1147.243519]  dump_stack+0x142/0x197
[ 1147.247159]  warn_alloc.cold+0x96/0x1af
[ 1147.251135]  ? zone_watermark_ok_safe+0x2b0/0x2b0
[ 1147.256012]  ? wait_for_completion+0x420/0x420
[ 1147.260814]  __alloc_pages_slowpath+0x23c6/0x2930
[ 1147.264581] syz-executor.3: 
[ 1147