last executing test programs: 1m30.788376675s ago: executing program 0 (id=334): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) openat$kvm(0xffffffffffffff9c, 0x0, 0x141000, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000400)=@arm64_sys={0x603000000013c000, &(0x7f00000003c0)=0x3a5}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r10 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x2, 0x7fffffff, &(0x7f0000000000)=0x5}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r14, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r15, 0x2000003, 0x11, r13, 0x0) r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r15, 0x2000009, 0x11, r13, 0x0) r18 = ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r18, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) 1m1.66085179s ago: executing program 0 (id=336): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x6, 0xd000, 0x2000, &(0x7f0000fdc000/0x2000)=nil}) (async) r3 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r6, 0x3}) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) close(r8) (async) close(r9) (async) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r6, 0xf}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x27) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9}) r14 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x4, 0xba}}], 0x18}, 0x0, 0x0) (async) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x84000009, [0xfffffffffffffffb, 0x1, 0x8, 0x200, 0x8000000000000000]}}], 0x40}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20240, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) 1m0.950439035s ago: executing program 1 (id=337): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f000067b000/0x4000)=nil, 0x4000) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000}) 54.581616032s ago: executing program 1 (id=338): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0}) ioctl$KVM_CREATE_VM(r4, 0x401c5820, 0x20000001) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffbfffc) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0xc}) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000200)={0xdddd1000, 0x0, 0xfffffffc, 0x1, 0x7}) 52.626382224s ago: executing program 0 (id=339): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@uexit={0x0, 0x18, 0xa}, @svc={0x122, 0x40, {0x8600ff01, [0xffffffff, 0x8, 0x8777, 0x9, 0x1]}}, @hvc={0x32, 0x40, {0xc400000d, [0xd9, 0x0, 0x3a, 0xff, 0x3]}}, @smc={0x1e, 0x40, {0x8400000f, [0x9, 0x6, 0x9, 0x80000000]}}, @smc={0x1e, 0x40, {0x80, [0x7, 0x6, 0x7fffffffffffffff, 0x2, 0x4]}}, @msr={0x14, 0x20, {0x4657, 0xd}}, @irq_setup={0x46, 0x18, {0x3, 0x45}}, @smc={0x1e, 0x40, {0x80000000, [0x61, 0x4, 0x9, 0x0, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x290}}, @smc={0x1e, 0x40, {0xc4000053, [0x5, 0xbd9a, 0x9, 0xc, 0x41ea]}}, @irq_setup={0x46, 0x18, {0x3, 0x1f}}, @irq_setup={0x46, 0x18, {0x4, 0x24d}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x5f}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c0, 0xe0000000000, 0x9}}, @code={0xa, 0x54, {"000028d5a0ad99d200e0b0f2a10080d2c20080d2230180d2840180d2020000d40000439e007008d50008200e007008d5bf3003d5000008d5007008d50000209b"}}, @smc={0x1e, 0x40, {0xc5000020, [0x8, 0x3ff, 0x7fff, 0x0, 0x254000]}}, @hvc={0x32, 0x40, {0x84000007, [0x2b5dbd2e, 0x4a7, 0x401, 0x4, 0x3]}}, @hvc={0x32, 0x40, {0x2000, [0x0, 0x9, 0x7fffffffffffffff, 0x400, 0x5]}}, @code={0xa, 0x84, {"0000601e406d88d20020b0f2610080d2020180d2830180d2640180d2020000d4008008d5000400780020800c0000406c60e78ed20020b0f2c10080d2420180d2630180d2240180d2020000d400d4a02e601696d200a0b8f2210080d2020080d2630080d2840180d2020000d40004000e"}}, @msr={0x14, 0x20, {0x603000000013e663, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xc0, 0x1000, 0x4}}, @code={0xa, 0x84, {"c09490d20060b0f2410080d2420180d2430180d2e40080d2020000d40040611e007008d560c489d200a0b8f2a10180d2820180d2230080d2040180d2020000d40084800d606a80d20020b8f2610180d2e20180d2030180d2640180d2020000d4000cc03c0048210e007008d5008008d5"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x0, 0x10, 0x1, 0x0, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013deac}}, @code={0xa, 0x84, {"007008d540a281d20020b0f2c10080d2c20180d2830180d2240080d2020000d4008008d500fc9bd20080b8f2410080d2220180d2630180d2040180d2020000d40054202e007008d50094004f007008d5007008d5c0769fd200e0b0f2810180d2e20080d2630080d2c40080d2020000d4"}}, @code={0xa, 0x6c, {"007008d500c789d20000b8f2a10180d2420180d2e30080d2640080d2020000d4000008d580c796d20040b0f2210080d2c20080d2a30080d2e40080d2020000d40060600d008008d5008008d500008092008008d5008008d5"}}, @code={0xa, 0x84, {"007008d5800a84d20000b0f2610080d2420080d2230180d2840080d2020000d40010c05ac06e83d20020b0f2810180d2220180d2e30180d2840080d2020000d4007008d500e78ad20020b0f2810080d2420080d2630080d2640180d2020000d4000028d5007008d5007008d5008008d5"}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x7b}}, @smc={0x1e, 0x40, {0x84000002, [0xd, 0xdd39, 0x8000000000000000, 0x3, 0x80000000]}}, @irq_setup={0x46, 0x18, {0x4, 0x95}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x6, 0x9, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013e293}}], 0x760}, &(0x7f0000000800)=[@featur2={0x1, 0x30}], 0x1) ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f0000000840)) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 45.988172732s ago: executing program 1 (id=340): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40a480, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f00000001c0), 0x1, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f00009ab000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140002, &(0x7f00000000c0)=0x20}) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r9, 0x541b, 0x10000000000000) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x39) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r11, 0x4010aeb5, &(0x7f0000000000)={0x9, 0xfffffffffffffffc}) 44.786922794s ago: executing program 0 (id=341): mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x9, 0xffffffffffffffff, 0x1}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x0, 0x1}}) write$eventfd(r2, &(0x7f00000001c0)=0x7ffffff, 0xfdef) 34.788362058s ago: executing program 1 (id=342): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xb2, 0x7, '\x00', 0x10}) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000780)={0x0, &(0x7f0000000140)=[@msr={0x14, 0x20, {0x603000000013e100, 0x200}}, @code={0xa, 0x6c, {"007008d500d8a02e0090204e00000034000008d5007008d5000080a9008008d580d388d20020b0f2210180d2220180d2230180d2040080d2020000d4209483d20040b0f2a10080d2c20180d2c30080d2240080d2020000d4"}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x37a}}, @svc={0x122, 0x40, {0x80000001, [0xffffffffffffffff, 0x1, 0x5, 0x78f8, 0x6]}}, @code={0xa, 0x84, {"801382d20060b8f2810180d2c20180d2e30080d2a40080d2020000d480259ed20000b0f2810180d2820080d2630180d2640180d2020000d4008008d5007008d5007008d5a0d791d200c0b0f2e10080d2e20080d2c30180d2a40080d2020000d4000080da000028d500eca07e008008d5"}}, @code={0xa, 0xb4, {"e08d9cd200c0b0f2a10180d2c20180d2630080d2840180d2020000d4e0bb9ad200c0b8f2810080d2620080d2c30180d2240180d2020000d4007008d500f4006f00a4200d204f93d20020b0f2610080d2620180d2830180d2240180d2020000d40080bf0dc0bd87d20060b8f2210180d2620080d2230180d2e40080d2020000d440ab8fd20000b0f2210080d2e20180d2a30180d2240180d2020000d40000799e"}}, @smc={0x1e, 0x40, {0x80000001, [0x1, 0x2, 0x38000000, 0xde2, 0x100000000]}}, @hvc={0x32, 0x40, {0x2, [0x1, 0x9, 0xd, 0x7fffffffffffffff, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x3, 0xe, 0x6, 0x80000000, 0x3}}, @msr={0x14, 0x20, {0x603000000013df06, 0xfffffffffffffffe}}, @smc={0x1e, 0x40, {0x8400000e, [0x2, 0x902, 0x6, 0xffff, 0x3ff]}}, @irq_setup={0x46, 0x18, {0x4, 0x104}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x2, 0x6, 0x8, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0xfe}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x1ff10, 0x0, 0x3}}, @hvc={0x32, 0x40, {0xc5000021, [0x9, 0xd11b, 0x763, 0x4, 0xafd0]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x2ec}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x1c7}}, @msr={0x14, 0x20, {0x603000000013c028, 0x800}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x78, 0xf}}, @msr={0x14, 0x20, {0x0, 0xfffffffffffffffa}}, @hvc={0x32, 0x40, {0x84000003, [0x1, 0x8, 0x8, 0x2, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x233}}, @hvc={0x32, 0x40, {0x4, [0x6, 0xff, 0x29c, 0x87, 0x40]}}, @msr={0x14, 0x20, {0x603000000013dea2, 0x7cc}}, @hvc={0x32, 0x40, {0x3000000, [0x7, 0x7, 0x0, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0x3f000000, [0xeb, 0xb, 0xf342, 0x0, 0x2a3]}}, @msr={0x14, 0x20, {0x603000000013801c, 0x9}}], 0x634}, &(0x7f00000007c0)=[@featur1={0x1, 0xf0}], 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000800)) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c038, &(0x7f0000000200)=0x3}) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000740)=@attr_other={0x0, 0x1, 0x1, &(0x7f0000000180)=0x4000000008}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c024, &(0x7f00000000c0)}) 30.609893912s ago: executing program 0 (id=343): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x11) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, 0x0, 0x100000c, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r2, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x4002, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0x40086602, 0x8000000400000004) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r7 = ioctl$KVM_CREATE_VM(r6, 0x400454c9, 0x110c230008) syz_kvm_vgic_v3_setup(r0, 0x1, 0x220) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r9, 0x8040ae9f, 0xffffffffffffffff) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffff0004) 18.922073133s ago: executing program 1 (id=344): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000) close(r2) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0x40049409, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x3, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000010001d4638f770e3e6b6c0b5a13a5e958699d55ddb5e4bb93f529b425488e492d8d2b853e8756886ae770ce953521042236daece0ba5fc5cec76299c9154b014bfbed65da8341a15ed6a45c43d564271a36c10ed0a7883f6adb04702ae1c4b6e159dc28bfa3cc3cd2220d1997a77e51d18dfc821a0ce8feb5cc5fe410fb75b2db6d1a0020ae163584edc96cb8dae5d75a61677403808d23ec9d262686d3064f9f308ea7b5aa9e55e4e658eed06a5fd5002ad63b3177f37c93b26487ef68d4c0b943fc1bfbc843aabd7db6fc56c9f"]) r8 = eventfd2(0x8803, 0x801) r9 = eventfd2(0xe75, 0x1) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r8, 0x4, 0x1, r9}) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r11 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r10, 0x2000001, 0x12, r11, 0x0) r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x12) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r12, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0xa000}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x80000000, 0xa5}) 480.178584ms ago: executing program 1 (id=345): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x8440, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x8600ff01, [0x7, 0x9, 0x8, 0xfffffffffffffff8, 0x100]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e00000000000000400000000000000000000084000000000c00000000000000050000000000000002000000000000000e0c000000000000c851000000000000e6000000000000001800000000000000bdc6000000000000e6000000000000001800000000ed79c0fd6a46f63a000000140000000000000020000000000000008de01300000030600010000000000000"], 0x90}], 0x1, 0x0, &(0x7f0000000200)=[@featur1={0x1, 0x48}], 0x1) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 0s ago: executing program 0 (id=346): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r0, 0x2000002, 0x110, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) r3 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil) r5 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80180, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0x5450, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) kernel console output (not intermixed with test programs): [ 399.536742][ T3143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.342179][ T3143] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:48027' (ED25519) to the list of known hosts. [ 621.260976][ T25] audit: type=1400 audit(620.450:60): avc: denied { name_bind } for pid=3301 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 622.294568][ T25] audit: type=1400 audit(621.460:61): avc: denied { execute } for pid=3302 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 622.325517][ T25] audit: type=1400 audit(621.510:62): avc: denied { execute_no_trans } for pid=3302 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 650.620799][ T25] audit: type=1400 audit(649.810:63): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 650.658458][ T25] audit: type=1400 audit(649.850:64): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 650.741224][ T3302] cgroup: Unknown subsys name 'net' [ 650.791835][ T25] audit: type=1400 audit(649.980:65): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 651.213962][ T3302] cgroup: Unknown subsys name 'cpuset' [ 651.321239][ T3302] cgroup: Unknown subsys name 'rlimit' [ 652.317281][ T25] audit: type=1400 audit(651.510:66): avc: denied { setattr } for pid=3302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 652.336380][ T25] audit: type=1400 audit(651.520:67): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 652.368179][ T25] audit: type=1400 audit(651.550:68): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 653.589516][ T3305] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 653.612729][ T25] audit: type=1400 audit(652.800:69): avc: denied { relabelto } for pid=3305 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 653.631578][ T25] audit: type=1400 audit(652.810:70): avc: denied { write } for pid=3305 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 653.809357][ T25] audit: type=1400 audit(653.000:71): avc: denied { read } for pid=3302 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 653.837560][ T25] audit: type=1400 audit(653.020:72): avc: denied { open } for pid=3302 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 653.877576][ T3302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 709.857069][ T25] audit: type=1400 audit(709.010:73): avc: denied { execmem } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 714.470848][ T25] audit: type=1400 audit(713.660:74): avc: denied { read } for pid=3313 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 714.495885][ T25] audit: type=1400 audit(713.680:75): avc: denied { open } for pid=3313 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 714.574675][ T25] audit: type=1400 audit(713.750:76): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 714.812327][ T25] audit: type=1400 audit(714.000:77): avc: denied { module_request } for pid=3314 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 714.832268][ T25] audit: type=1400 audit(714.020:78): avc: denied { module_request } for pid=3313 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 716.006068][ T25] audit: type=1400 audit(715.170:79): avc: denied { sys_module } for pid=3313 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 740.770294][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.157840][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.541514][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 741.839598][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.596750][ T3314] hsr_slave_0: entered promiscuous mode [ 754.645891][ T3314] hsr_slave_1: entered promiscuous mode [ 755.920882][ T3313] hsr_slave_0: entered promiscuous mode [ 755.972078][ T3313] hsr_slave_1: entered promiscuous mode [ 756.017542][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 756.024606][ T3313] Cannot create hsr debugfs directory [ 761.371751][ T25] audit: type=1400 audit(760.560:80): avc: denied { create } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 761.420245][ T25] audit: type=1400 audit(760.610:81): avc: denied { write } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 761.476704][ T25] audit: type=1400 audit(760.630:82): avc: denied { read } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 761.602000][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 762.297206][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 762.562217][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 763.220784][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 765.911481][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 766.160748][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 766.416062][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 766.650464][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 783.737914][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 786.202765][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 845.101919][ T3314] veth0_vlan: entered promiscuous mode [ 845.638038][ T3314] veth1_vlan: entered promiscuous mode [ 847.582152][ T3313] veth0_vlan: entered promiscuous mode [ 847.808514][ T3314] veth0_macvtap: entered promiscuous mode [ 848.217635][ T3314] veth1_macvtap: entered promiscuous mode [ 848.451177][ T3313] veth1_vlan: entered promiscuous mode [ 850.669291][ T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.694503][ T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.698397][ T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.705331][ T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.238673][ T3313] veth0_macvtap: entered promiscuous mode [ 851.979742][ T3313] veth1_macvtap: entered promiscuous mode [ 853.376116][ T25] audit: type=1400 audit(852.480:83): avc: denied { mount } for pid=3314 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 853.606997][ T25] audit: type=1400 audit(852.780:84): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/syzkaller.HIZT3t/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 853.759645][ T25] audit: type=1400 audit(852.950:85): avc: denied { mount } for pid=3314 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 854.219757][ T25] audit: type=1400 audit(853.410:86): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/syzkaller.HIZT3t/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 854.397355][ T25] audit: type=1400 audit(853.550:87): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/syzkaller.HIZT3t/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3777 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 854.827020][ T51] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.842387][ T51] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.856442][ T51] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.865950][ T51] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 855.248260][ T25] audit: type=1400 audit(854.440:88): avc: denied { unmount } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 855.501993][ T25] audit: type=1400 audit(854.690:89): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 855.665358][ T25] audit: type=1400 audit(854.830:90): avc: denied { mount } for pid=3314 comm="syz-executor" name="/" dev="gadgetfs" ino=3786 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 855.965395][ T25] audit: type=1400 audit(855.150:91): avc: denied { mount } for pid=3314 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 856.042278][ T25] audit: type=1400 audit(855.230:92): avc: denied { mounton } for pid=3314 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 857.487117][ T3314] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 858.567030][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 858.567852][ T25] audit: type=1400 audit(857.730:94): avc: denied { read write } for pid=3314 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 858.568758][ T25] audit: type=1400 audit(857.750:95): avc: denied { open } for pid=3314 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 858.665895][ T25] audit: type=1400 audit(857.840:96): avc: denied { ioctl } for pid=3314 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 868.311519][ T25] audit: type=1400 audit(867.500:97): avc: denied { read } for pid=3467 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 868.320157][ T25] audit: type=1400 audit(867.500:98): avc: denied { open } for pid=3467 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 870.588404][ T25] audit: type=1400 audit(869.750:99): avc: denied { ioctl } for pid=3469 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 888.810947][ T25] audit: type=1400 audit(888.000:100): avc: denied { append } for pid=3484 comm="syz.0.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 897.216075][ T25] audit: type=1400 audit(896.400:101): avc: denied { write } for pid=3490 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 932.968748][ T25] audit: type=1400 audit(932.110:102): avc: denied { execute } for pid=3511 comm="syz.1.13" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4439 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 949.316265][ T3519] kvm [3519]: Failed to find VMA for hva 0x20d8d000 [ 1047.472493][ T3574] kvm [3574]: Failed to find VMA for hva 0x20d8d000 [ 1054.365021][ T25] audit: type=1400 audit(1053.550:103): avc: denied { map } for pid=3576 comm="syz.0.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1095.194880][ T25] audit: type=1400 audit(1094.350:104): avc: denied { setattr } for pid=3599 comm="syz.0.42" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1530.928175][ T3861] kvm [3861]: Failed to find VMA for hva 0x20e8b000 [ 1560.828026][ T3877] kvm [3877]: Failed to find VMA for hva 0x20c01000 [ 1588.548519][ T25] audit: type=1400 audit(1587.710:105): avc: denied { execute } for pid=3896 comm="syz.0.126" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1786.396272][ T25] audit: type=1400 audit(1785.570:106): avc: denied { ioctl } for pid=4017 comm="syz.1.160" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1865.279734][ T25] audit: type=1400 audit(1864.460:107): avc: denied { map } for pid=4058 comm="syz.1.173" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 2247.597097][ T25] audit: type=1400 audit(2246.730:108): avc: denied { map } for pid=4260 comm="syz.1.236" path="pipe:[2799]" dev="pipefs" ino=2799 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 2868.740332][ T4617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ef36 [ 2868.766348][ T4617] flags: 0x1ffca4000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x29) [ 2868.779670][ T4617] raw: 01ffca4000000000 ffffc1ffc07f3748 ffffc1ffc07f2d88 0000000000000000 [ 2868.816404][ T4617] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2868.832019][ T4617] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 2868.842517][ T4617] ------------[ cut here ]------------ [ 2868.842802][ T4617] kernel BUG at ./include/linux/mm.h:1036! [ 2868.844566][ T4617] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 2868.849755][ T4617] Modules linked in: [ 2868.851849][ T4617] CPU: 0 UID: 0 PID: 4617 Comm: syz.1.345 Not tainted syzkaller #0 PREEMPT [ 2868.853447][ T4617] Hardware name: linux,dummy-virt (DT) [ 2868.854725][ T4617] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2868.856084][ T4617] pc : kvm_s2_put_page+0x374/0x3a0 [ 2868.858326][ T4617] lr : kvm_s2_put_page+0x374/0x3a0 [ 2868.859322][ T4617] sp : ffff8000a8c77570 [ 2868.860100][ T4617] x29: ffff8000a8c77570 x28: 1bf000001fcb6000 x27: 1bf000001fcb6000 [ 2868.861651][ T4617] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 2868.863118][ T4617] x23: ffffc1ffc07bcd88 x22: 0000000000000000 x21: ffffc1ffc07bcdb4 [ 2868.864514][ T4617] x20: 0000000000000000 x19: ffffc1ffc07bcd80 x18: 00000000b52b6aa3 [ 2868.865821][ T4617] x17: 00000000048e2f1e x16: 00000000b52b3673 x15: 00000000998652b2 [ 2868.867223][ T4617] x14: ffffffffffffffff x13: fff000001e195888 x12: 0000000000000001 [ 2868.868610][ T4617] x11: 0000000000080000 x10: 0000000000040e12 x9 : 02e5e1bb1a1ac600 [ 2868.870158][ T4617] x8 : 02e5e1bb1a1ac600 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 2868.871513][ T4617] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008074b7f8 [ 2868.872873][ T4617] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 2868.874486][ T4617] Call trace: [ 2868.875382][ T4617] kvm_s2_put_page+0x374/0x3a0 (P) [ 2868.876703][ T4617] stage2_free_walker+0x1b0/0x264 [ 2868.877800][ T4617] __kvm_pgtable_walk+0x7d8/0xa68 [ 2868.878874][ T4617] kvm_pgtable_walk+0x294/0x468 [ 2868.879891][ T4617] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 2868.881032][ T4617] kvm_free_stage2_pgd+0x198/0x28c [ 2868.882042][ T4617] kvm_uninit_stage2_mmu+0x20/0x38 [ 2868.883076][ T4617] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 2868.884134][ T4617] kvm_mmu_notifier_release+0x48/0xa8 [ 2868.885111][ T4617] mmu_notifier_unregister+0x128/0x42c [ 2868.886132][ T4617] kvm_put_kvm+0x6a0/0xfa8 [ 2868.887009][ T4617] kvm_vcpu_release+0x70/0x9c [ 2868.887992][ T4617] __fput+0x4ac/0x980 [ 2868.888816][ T4617] ____fput+0x20/0x58 [ 2868.889625][ T4617] task_work_run+0x1bc/0x254 [ 2868.890387][ T4617] get_signal+0x13ec/0x1554 [ 2868.891361][ T4617] do_signal+0x23c/0x4dd0 [ 2868.892286][ T4617] do_notify_resume+0xb0/0x270 [ 2868.893213][ T4617] el0_svc+0xb8/0x164 [ 2868.893939][ T4617] el0t_64_sync_handler+0x84/0x12c [ 2868.894948][ T4617] el0t_64_sync+0x198/0x19c [ 2868.896470][ T4617] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 2868.898295][ T4617] ---[ end trace 0000000000000000 ]--- [ 2868.899914][ T4617] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 2868.901916][ T4617] Kernel Offset: disabled [ 2868.902666][ T4617] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 2868.903791][ T4617] Memory Limit: none [ 2868.905442][ T4617] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:19:46 Registers: info registers vcpu 0 CPU#0 PC=ffff80008049067c X00=0000000000000001 X01=0000000000000000 X02=0000000000000001 X03=ffff80008048d0ac X04=0000000000000000 X05=0000000000000000 X06=ffff80008048b334 X07=ffff800080015834 X08=00000000000420cb X09=9cff80008f46a000 X10=00000000000420ca X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000 X17=00000000048e2f1e X18=00000000b52b6aa3 X19=00000000000003d1 X20=efff800000000000 X21=ffff80008795f110 X22=00000000000003d0 X23=00000000000000ff X24=ffff80008795f110 X25=00000000000003d0 X26=6df000001e195890 X27=00000000000003c0 X28=ffff800087735000 X29=ffff8000a8c76fd0 X30=ffff80008049067c SP=ffff8000a8c76f90 PSTATE=804023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0a0a0a0a0a0a0a0a:0a0a0a0a0a0a0a0a Z01=3030303030300000:2930203d3d202965 Z02=635f6665725f6567:617028454741505f Z03=000000000000ffff:0000000000000000 Z04=0000000000000000:000000ff00000000 Z05=5f65676170284547:41505f4e4f5f4755 Z06=3a746e756f637061:6d20303a746e756f Z07=3030303030303a67:6e697070616d2030 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffda93b320:0000ffffda93b320 Z17=ffffff80ffffffd8:0000ffffda93b2f0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000