last executing test programs: 1m7.416592151s ago: executing program 1 (id=1290): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r2, 0x27, 0x2, r2}) eventfd2(0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x100000f, 0x10, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="375ae04fceeb298d3b07d73b3e9aac00", 0x0, 0x18) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x111b80, 0x0) r7 = eventfd2(0xfffffffb, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000002c0)={0x6, 0xeeef0000, 0x4, r7, 0x6}) r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="14000000000000002000000000000000e3dc"], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x3800003, 0x11, r11, 0x0) 53.186154289s ago: executing program 1 (id=1291): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8500, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0x26, 0x8}}) r5 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_CAP_ARM_USER_IRQ(r11, 0x4068aea3, 0xfffffffffffffffe) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x401054d5, 0x0) r13 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r13, 0xae80, 0x0) 47.371812551s ago: executing program 0 (id=1292): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1ff, 0x2, 0x10000, 0x2000, &(0x7f0000440000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x12712, 0x3, 0x8080000, 0x2000, &(0x7f0000249000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r2, 0x3000003, 0x1010, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7) 41.844582657s ago: executing program 0 (id=1293): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x4}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f00000001c0)=ANY=[], 0x20}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x4, 0x40) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0xe}) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c028, &(0x7f0000000000)=0xffffffffffffffff}) ioctl$KVM_INTERRUPT(r10, 0x4004ae86, 0x0) 31.446665065s ago: executing program 1 (id=1294): r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ded000/0x2000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="448e05c3a2b26fea6b71868f82b61311d51a93b36691d240c2e3f7b1e3bb9d2d983856d617a19358b48b226ea5c5a11c61e64751a1899c060b14820c32b96cd45dc21afa0f76b768", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000200)={0x7}) (async) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, 0x0) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) mmap$KVM_VCPU(&(0x7f0000ded000/0x2000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="448e05c3a2b26fea6b71868f82b61311d51a93b36691d240c2e3f7b1e3bb9d2d983856d617a19358b48b226ea5c5a11c61e64751a1899c060b14820c32b96cd45dc21afa0f76b768", 0x0, 0x48) (async) 27.123138857s ago: executing program 0 (id=1295): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000380)={0x2, 0x0, [{0x0, 0x1, 0x0, 0x0, @msi={0x0, 0x5, 0x3f0, 0x1}}, {0x0, 0x2, 0x1, 0x0, @sint={0x1000, 0x3}}]}) r2 = eventfd2(0x8, 0x80c01) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x6, 0xd000, 0x8, r2, 0xd}) 21.968042155s ago: executing program 1 (id=1296): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000180)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000080)=0x7fffffff}) r3 = eventfd2(0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f0000000140)) write$eventfd(r3, 0xffffffffffffffff, 0x0) 17.141328572s ago: executing program 0 (id=1297): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xa) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x1f}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013c00a, &(0x7f0000000040)=0x9}) (async) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000000, 0x28031, 0xffffffffffffffff, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r8, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) 11.978311151s ago: executing program 1 (id=1298): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x909483, 0x0) (async) openat$kvm(0x0, 0x0, 0x909483, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5}) (async) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013df11, &(0x7f0000000180)=0x8001}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x202, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x202, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r9 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x200) close(0x3) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r8, 0x2, 0x280) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000580)=@attr_other={0x0, 0x4, 0xc, 0x0}) r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x28, 0x100, &(0x7f0000000080)=0x8000000000000000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x28, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) close(r2) close(0x4) 7.449700449s ago: executing program 0 (id=1299): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x1, 0x8080000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x2000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x1000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) 2.296606946s ago: executing program 1 (id=1300): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40c02, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xc3) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, 0xffffffffffffffff) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x5, 0x0, '\x00', 0x1}) (async) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x5, 0x0, '\x00', 0x1}) munmap(&(0x7f00000be000/0x1000)=nil, 0xffffffffdff41fff) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000080)={0x5}) (async) ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013c2b0, &(0x7f0000000000)=0x8000000000000000}) r12 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r3, @ANYRESHEX=r12, @ANYBLOB="f82cf9188e6de57527c965f7ff8f4a460f3bd22df7d852642d7078b99478b4566febae30c8dfb66690644ef3e477c6470cb2502547b9d7a45a269ebc72a7f928663a064fb9eaac6817f26c986a400bb3df605e329271b8297bbe0b1d3f7723bafd99accd92d24859c002731614b84ced72f6089b887530c8a3704928173ec2898708598f406287fedd0222c370b5a3eaaa1b6db2206dfad65ce09a64aa0908a73fadd81d124f0512171a88a687fa71354453118a31e8d89c09efbeb5"], 0x28}, 0x0, 0x0) (async) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r3, @ANYRESHEX=r12, @ANYBLOB="f82cf9188e6de57527c965f7ff8f4a460f3bd22df7d852642d7078b99478b4566febae30c8dfb66690644ef3e477c6470cb2502547b9d7a45a269ebc72a7f928663a064fb9eaac6817f26c986a400bb3df605e329271b8297bbe0b1d3f7723bafd99accd92d24859c002731614b84ced72f6089b887530c8a3704928173ec2898708598f406287fedd0222c370b5a3eaaa1b6db2206dfad65ce09a64aa0908a73fadd81d124f0512171a88a687fa71354453118a31e8d89c09efbeb5"], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r13, 0xae80, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) r15 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100024, &(0x7f00000000c0)=0x4}) (async) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100024, &(0x7f00000000c0)=0x4}) 0s ago: executing program 0 (id=1301): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close(0x5) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080), &(0x7f00000000c0)=[@featur2={0x1, 0x10}], 0x1) kernel console output (not intermixed with test programs): [ 399.732944][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.683881][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:63354' (ED25519) to the list of known hosts. [ 605.591227][ T25] audit: type=1400 audit(604.720:60): avc: denied { name_bind } for pid=3300 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 607.446912][ T25] audit: type=1400 audit(606.580:61): avc: denied { execute } for pid=3301 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 607.467265][ T25] audit: type=1400 audit(606.600:62): avc: denied { execute_no_trans } for pid=3301 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 626.073421][ T25] audit: type=1400 audit(625.210:63): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 626.104938][ T25] audit: type=1400 audit(625.230:64): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 626.189837][ T3301] cgroup: Unknown subsys name 'net' [ 626.242248][ T25] audit: type=1400 audit(625.370:65): avc: denied { unmount } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 626.637276][ T3301] cgroup: Unknown subsys name 'cpuset' [ 626.738245][ T3301] cgroup: Unknown subsys name 'rlimit' [ 627.672644][ T25] audit: type=1400 audit(626.800:66): avc: denied { setattr } for pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 627.691476][ T25] audit: type=1400 audit(626.820:67): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 627.720752][ T25] audit: type=1400 audit(626.850:68): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 628.958668][ T3304] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 628.984562][ T25] audit: type=1400 audit(628.110:69): avc: denied { relabelto } for pid=3304 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 629.005164][ T25] audit: type=1400 audit(628.140:70): avc: denied { write } for pid=3304 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 629.186836][ T25] audit: type=1400 audit(628.310:71): avc: denied { read } for pid=3301 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 629.205324][ T25] audit: type=1400 audit(628.340:72): avc: denied { open } for pid=3301 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 629.252272][ T3301] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 677.554037][ T25] audit: type=1400 audit(676.690:73): avc: denied { execmem } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 681.204192][ T25] audit: type=1400 audit(680.340:74): avc: denied { read } for pid=3307 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 681.240516][ T25] audit: type=1400 audit(680.350:75): avc: denied { open } for pid=3307 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 681.303608][ T25] audit: type=1400 audit(680.440:76): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 681.555804][ T25] audit: type=1400 audit(680.690:78): avc: denied { module_request } for pid=3307 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 681.587842][ T25] audit: type=1400 audit(680.680:77): avc: denied { module_request } for pid=3308 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 682.712191][ T25] audit: type=1400 audit(681.840:79): avc: denied { sys_module } for pid=3308 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 711.117108][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.296421][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.653845][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.848494][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 724.635467][ T3307] hsr_slave_0: entered promiscuous mode [ 724.690331][ T3307] hsr_slave_1: entered promiscuous mode [ 726.043257][ T3308] hsr_slave_0: entered promiscuous mode [ 726.085411][ T3308] hsr_slave_1: entered promiscuous mode [ 726.140849][ T3308] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 726.145671][ T3308] Cannot create hsr debugfs directory [ 731.260274][ T25] audit: type=1400 audit(730.380:80): avc: denied { create } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 731.312352][ T25] audit: type=1400 audit(730.440:81): avc: denied { write } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 731.353269][ T25] audit: type=1400 audit(730.480:82): avc: denied { read } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 731.515198][ T3307] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 731.943513][ T3307] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 732.221996][ T3307] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 732.511943][ T3307] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 733.947808][ T3308] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 734.161064][ T3308] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 734.337957][ T3308] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 734.477864][ T3308] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 746.697761][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.537355][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 809.289788][ T3307] veth0_vlan: entered promiscuous mode [ 809.683994][ T3307] veth1_vlan: entered promiscuous mode [ 811.438155][ T3307] veth0_macvtap: entered promiscuous mode [ 811.768148][ T3307] veth1_macvtap: entered promiscuous mode [ 812.573798][ T3308] veth0_vlan: entered promiscuous mode [ 813.127025][ T3308] veth1_vlan: entered promiscuous mode [ 814.268429][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.292992][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.307741][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.317739][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.043105][ T3308] veth0_macvtap: entered promiscuous mode [ 816.638166][ T3308] veth1_macvtap: entered promiscuous mode [ 817.055892][ T25] audit: type=1400 audit(816.170:83): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 817.470719][ T25] audit: type=1400 audit(816.590:84): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzkaller.Sg6pN3/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 817.682314][ T25] audit: type=1400 audit(816.810:85): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 818.144942][ T25] audit: type=1400 audit(817.280:86): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzkaller.Sg6pN3/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 818.316744][ T25] audit: type=1400 audit(817.450:87): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzkaller.Sg6pN3/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 819.363952][ T25] audit: type=1400 audit(818.460:88): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 819.621653][ T25] audit: type=1400 audit(818.740:89): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 819.696499][ T3308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.710999][ T3308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.760772][ T3308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.768071][ T3308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.793937][ T25] audit: type=1400 audit(818.860:90): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="gadgetfs" ino=3266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 820.372880][ T25] audit: type=1400 audit(819.500:91): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 820.457921][ T25] audit: type=1400 audit(819.590:92): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 822.684439][ T3307] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 824.172488][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 824.180577][ T25] audit: type=1400 audit(823.300:94): avc: denied { read write } for pid=3307 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 824.214005][ T25] audit: type=1400 audit(823.330:95): avc: denied { open } for pid=3307 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 824.293562][ T25] audit: type=1400 audit(823.400:96): avc: denied { ioctl } for pid=3307 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 828.065963][ T25] audit: type=1400 audit(827.200:97): avc: denied { write } for pid=3466 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 828.153823][ T25] audit: type=1400 audit(827.250:98): avc: denied { open } for pid=3466 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 828.970703][ T25] audit: type=1400 audit(828.100:99): avc: denied { ioctl } for pid=3466 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 829.950571][ T25] audit: type=1400 audit(829.040:100): avc: denied { read } for pid=3466 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 853.791095][ T25] audit: type=1400 audit(852.910:101): avc: denied { append } for pid=3483 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.486532][ T3481] kvm [3481]: Failed to find VMA for hva 0x20c01000 [ 856.045822][ T3484] kvm [3484]: Failed to find VMA for hva 0x20000000 [ 866.093904][ T25] audit: type=1400 audit(865.220:102): avc: denied { ioctl } for pid=3489 comm="syz.1.8" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1051.768086][ T3616] kvm [3615]: Unsupported guest access at: eeef0000 [ 1051.768086][ T3616] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 1148.796277][ T25] audit: type=1400 audit(1147.920:103): avc: denied { execute } for pid=3688 comm="syz.1.71" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=7036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1282.861315][ T25] audit: type=1400 audit(1281.830:104): avc: denied { setattr } for pid=3774 comm="syz.1.97" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1302.652570][ T25] audit: type=1400 audit(1301.770:105): avc: denied { map } for pid=3790 comm="syz.1.100" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1633.547675][ T25] audit: type=1400 audit(1632.680:106): avc: denied { execute } for pid=4005 comm="syz.0.164" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1687.901714][ T25] audit: type=1400 audit(1687.030:107): avc: denied { execute } for pid=4041 comm="syz.0.176" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 1950.915961][ T4210] kvm [4210]: Failed to find VMA for hva 0x20d8d000 [ 2589.281934][ T4663] kvm [4663]: Failed to find VMA for hva 0x20d8d000 [ 2678.868294][ T4728] kvm [4728]: Failed to find VMA for hva 0x20d8d000 [ 2944.052479][ T4910] kvm [4910]: Failed to find VMA for hva 0x21016000 [ 2949.517067][ T4913] kvm [4913]: Failed to find VMA for hva 0x20d8d000 [ 3104.513329][ T5013] kvm [5013]: Failed to find VMA for hva 0x20c01000 [ 3149.342044][ T5043] kvm [5043]: Failed to find VMA for hva 0x21016000 [ 3289.181251][ T5141] kvm [5139]: Unsupported guest access at: eeef0000 [ 3289.181251][ T5141] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3377.502013][ T5187] kvm [5187]: Failed to find VMA for hva 0x20c01000 [ 3453.768157][ T5245] kvm [5245]: Failed to find VMA for hva 0x21016000 [ 3476.452893][ T5258] FAULT_INJECTION: forcing a failure. [ 3476.452893][ T5258] name failslab, interval 1, probability 0, space 0, times 1 [ 3476.483964][ T5258] CPU: 0 UID: 0 PID: 5258 Comm: syz.0.530 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3476.484674][ T5258] Hardware name: linux,dummy-virt (DT) [ 3476.485157][ T5258] Call trace: [ 3476.485566][ T5258] show_stack+0x2c/0x3c (C) [ 3476.487431][ T5258] __dump_stack+0x30/0x40 [ 3476.487744][ T5258] dump_stack_lvl+0xd8/0x12c [ 3476.487964][ T5258] dump_stack+0x1c/0x28 [ 3476.488160][ T5258] should_fail_ex+0x570/0x6e0 [ 3476.488417][ T5258] should_failslab+0xb8/0xec [ 3476.488670][ T5258] __kmalloc_noprof+0xdc/0x4b8 [ 3476.488974][ T5258] tomoyo_encode+0x27c/0x4ec [ 3476.489263][ T5258] tomoyo_realpath_from_path+0x5bc/0x628 [ 3476.489551][ T5258] tomoyo_path_number_perm+0x13c/0x33c [ 3476.489848][ T5258] tomoyo_file_ioctl+0x2c/0x3c [ 3476.490141][ T5258] security_file_ioctl+0xe8/0x2f0 [ 3476.490440][ T5258] __arm64_sys_ioctl+0xd0/0x244 [ 3476.490703][ T5258] invoke_syscall+0x90/0x2b4 [ 3476.491001][ T5258] el0_svc_common+0x180/0x2f4 [ 3476.491289][ T5258] do_el0_svc+0x58/0x74 [ 3476.491618][ T5258] el0_svc+0x58/0x160 [ 3476.491887][ T5258] el0t_64_sync_handler+0x78/0x108 [ 3476.492133][ T5258] el0t_64_sync+0x198/0x19c [ 3476.646939][ T5258] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3498.025487][ T5275] FAULT_INJECTION: forcing a failure. [ 3498.025487][ T5275] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 3498.050270][ T5275] CPU: 0 UID: 0 PID: 5275 Comm: syz.0.536 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3498.050672][ T5275] Hardware name: linux,dummy-virt (DT) [ 3498.050791][ T5275] Call trace: [ 3498.050883][ T5275] show_stack+0x2c/0x3c (C) [ 3498.051248][ T5275] __dump_stack+0x30/0x40 [ 3498.051490][ T5275] dump_stack_lvl+0xd8/0x12c [ 3498.051736][ T5275] dump_stack+0x1c/0x28 [ 3498.051945][ T5275] should_fail_ex+0x570/0x6e0 [ 3498.052198][ T5275] should_fail+0x14/0x24 [ 3498.052435][ T5275] should_fail_usercopy+0x20/0x30 [ 3498.052732][ T5275] _inline_copy_from_user+0x3c/0x18c [ 3498.052994][ T5275] do_vfs_ioctl+0xaa0/0x219c [ 3498.053232][ T5275] __arm64_sys_ioctl+0x10c/0x244 [ 3498.053464][ T5275] invoke_syscall+0x90/0x2b4 [ 3498.053794][ T5275] el0_svc_common+0x180/0x2f4 [ 3498.054089][ T5275] do_el0_svc+0x58/0x74 [ 3498.054377][ T5275] el0_svc+0x58/0x160 [ 3498.054657][ T5275] el0t_64_sync_handler+0x78/0x108 [ 3498.054910][ T5275] el0t_64_sync+0x198/0x19c [ 3524.001467][ T5293] FAULT_INJECTION: forcing a failure. [ 3524.001467][ T5293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3524.007804][ T5293] CPU: 0 UID: 0 PID: 5293 Comm: syz.1.542 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3524.008139][ T5293] Hardware name: linux,dummy-virt (DT) [ 3524.008273][ T5293] Call trace: [ 3524.008372][ T5293] show_stack+0x2c/0x3c (C) [ 3524.008791][ T5293] __dump_stack+0x30/0x40 [ 3524.009015][ T5293] dump_stack_lvl+0xd8/0x12c [ 3524.009226][ T5293] dump_stack+0x1c/0x28 [ 3524.009444][ T5293] should_fail_ex+0x570/0x6e0 [ 3524.009706][ T5293] should_fail+0x14/0x24 [ 3524.009939][ T5293] should_fail_usercopy+0x20/0x30 [ 3524.010187][ T5293] simple_read_from_buffer+0xd0/0x298 [ 3524.010495][ T5293] proc_fail_nth_read+0x114/0x178 [ 3524.010791][ T5293] vfs_read+0x220/0x958 [ 3524.011048][ T5293] ksys_read+0x100/0x1f4 [ 3524.011316][ T5293] __arm64_sys_read+0x98/0xcc [ 3524.011606][ T5293] invoke_syscall+0x90/0x2b4 [ 3524.011904][ T5293] el0_svc_common+0x180/0x2f4 [ 3524.012194][ T5293] do_el0_svc+0x58/0x74 [ 3524.012535][ T5293] el0_svc+0x58/0x160 [ 3524.012814][ T5293] el0t_64_sync_handler+0x78/0x108 [ 3524.013065][ T5293] el0t_64_sync+0x198/0x19c [ 3689.264374][ T5402] kvm [5402]: Failed to find VMA for hva 0x21016000 [ 3748.443150][ T5441] kvm [5441]: Failed to find VMA for hva 0x20bfe000 [ 3944.614781][ T5577] kvm [5577]: Failed to find VMA for hva 0x20c01000 [ 3945.292471][ T5577] kvm [5577]: Failed to find VMA for hva 0x20c01000 [ 4237.917636][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 4237.917636][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.041606][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.041606][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.084518][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.084518][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.131976][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.131976][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.171893][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.171893][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.226612][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.226612][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.251997][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.251997][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.294273][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.294273][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.348154][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.348154][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4238.465845][ T5767] kvm [5766]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4238.465845][ T5767] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4419.111839][ T5884] kvm [5884]: Failed to find VMA for hva 0x20c01000 [ 4559.348448][ T5981] kvm [5981]: Failed to find VMA for hva 0x21016000 [ 5245.575752][ T6463] print_sys_reg_msg: 320 callbacks suppressed [ 5245.606196][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 5245.606196][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.650807][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.650807][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.685510][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.685510][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.790675][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.790675][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.831248][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.831248][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.893100][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.893100][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.943606][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.943606][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5245.983165][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5245.983165][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5246.032368][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5246.032368][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5246.101685][ T6463] kvm [6462]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5246.101685][ T6463] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5248.878248][ T6467] kvm [6467]: Failed to find VMA for hva 0x208a1000 [ 5273.361212][ T6483] kvm [6483]: Failed to find VMA for hva 0x20c01000 [ 5394.416844][ T6570] kvm [6570]: Failed to find VMA for hva 0x20c01000 [ 5420.475685][ T6583] debugfs: File 'vgic-its-state@8080000' in directory '6583-6' already present! [ 5523.471128][ T6653] kvm [6653]: Failed to find VMA for hva 0x20d8d000 [ 5721.988414][ T6792] KVM: debugfs: duplicate directory 6792-9 [ 5741.365257][ T25] audit: type=1400 audit(5740.490:108): avc: denied { map } for pid=6802 comm="syz.1.973" path="pipe:[2422]" dev="pipefs" ino=2422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 5748.815004][ T6808] kvm [6808]: Failed to find VMA for hva 0x20c01000 [ 5794.302678][ T6835] kvm [6835]: Failed to find VMA for hva 0x20c01000 [ 5794.511325][ T6837] debugfs: File 'vgic-its-state@8080000' in directory '6837-8' already present! [ 5925.227903][ T6925] kvm [6925]: Failed to find VMA for hva 0x20c01000 [ 5925.516593][ T6925] kvm [6925]: Failed to find VMA for hva 0x20c01000 [ 5962.984796][ T6951] kvm [6950]: Unsupported guest access at: eeef0000 [ 5962.984796][ T6951] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 5989.968380][ T6970] debugfs: File 'vgic-its-state@8080000' in directory '6970-9' already present! [ 6007.973459][ T6979] kvm [6978]: Unsupported guest access at: eeef0000 [ 6007.973459][ T6979] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 6020.823971][ T6984] kvm [6984]: Failed to find VMA for hva 0x20c01000 [ 6097.611663][ T7043] kvm [7043]: Failed to find VMA for hva 0x20d8d000 [ 6968.836009][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6970.090202][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6971.288275][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6972.425251][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6990.465698][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6990.775083][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6990.953154][ T49] bond0 (unregistering): Released all slaves [ 6993.422835][ T49] hsr_slave_0: left promiscuous mode [ 6993.731715][ T49] hsr_slave_1: left promiscuous mode [ 6994.420433][ T49] veth1_macvtap: left promiscuous mode [ 6994.433767][ T49] veth0_macvtap: left promiscuous mode [ 6994.474402][ T49] veth1_vlan: left promiscuous mode [ 6994.491423][ T49] veth0_vlan: left promiscuous mode [ 7055.526220][ T7430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7055.693877][ T7430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7076.777964][ T7430] hsr_slave_0: entered promiscuous mode [ 7076.844959][ T7430] hsr_slave_1: entered promiscuous mode [ 7076.882123][ T7430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7076.885967][ T7430] Cannot create hsr debugfs directory [ 7097.763783][ T7430] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7098.212750][ T7430] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7098.584999][ T7430] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7098.896435][ T7430] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7123.088017][ T7430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7194.487358][ T7430] veth0_vlan: entered promiscuous mode [ 7194.801119][ T7430] veth1_vlan: entered promiscuous mode [ 7196.308150][ T7430] veth0_macvtap: entered promiscuous mode [ 7196.726940][ T7430] veth1_macvtap: entered promiscuous mode [ 7198.674825][ T7430] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7198.690933][ T7430] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7198.710629][ T7430] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7198.718359][ T7430] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7201.290538][ T25] audit: type=1400 audit(7200.370:109): avc: denied { mounton } for pid=7430 comm="syz-executor" path="/syzkaller.smYOxT/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 7233.463959][ T7432] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7235.096257][ T7432] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7236.481616][ T7432] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7237.823158][ T7432] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7255.155935][ T7432] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7255.402154][ T7432] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7255.562453][ T7432] bond0 (unregistering): Released all slaves [ 7257.892207][ T7432] hsr_slave_0: left promiscuous mode [ 7258.031800][ T7432] hsr_slave_1: left promiscuous mode [ 7258.833151][ T7432] veth1_macvtap: left promiscuous mode [ 7258.850346][ T7432] veth0_macvtap: left promiscuous mode [ 7258.872545][ T7432] veth1_vlan: left promiscuous mode [ 7258.891316][ T7432] veth0_vlan: left promiscuous mode [ 7337.997107][ T7601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7338.403423][ T7601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7370.265362][ T7601] hsr_slave_0: entered promiscuous mode [ 7370.335110][ T7601] hsr_slave_1: entered promiscuous mode [ 7395.472173][ T7601] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7396.006925][ T7601] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7396.428411][ T7601] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7396.868139][ T7601] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7426.313642][ T7601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7478.387879][ T7786] debugfs: File 'vgic-its-state@8080000' in directory '7786-7' already present! [ 7489.786059][ T7796] kvm [7796]: Failed to find VMA for hva 0x20c01000 [ 7520.464621][ T7601] veth0_vlan: entered promiscuous mode [ 7521.184396][ T7601] veth1_vlan: entered promiscuous mode [ 7523.819566][ T7601] veth0_macvtap: entered promiscuous mode [ 7524.305335][ T7601] veth1_macvtap: entered promiscuous mode [ 7527.265960][ T7601] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7527.290738][ T7601] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7527.304085][ T7601] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7527.305037][ T7601] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7674.760515][ T7909] kvm [7909]: Failed to find VMA for hva 0x20d8d000 [ 7846.908085][ T8023] ------------[ cut here ]------------ [ 7846.908974][ T8023] WARNING: CPU: 0 PID: 8023 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac [ 7846.911641][ T8023] Modules linked in: [ 7846.913616][ T8023] CPU: 0 UID: 0 PID: 8023 Comm: syz.1.1300 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 7846.915153][ T8023] Hardware name: linux,dummy-virt (DT) [ 7846.916387][ T8023] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 7846.917821][ T8023] pc : pend_serror_exception+0x19c/0x5ac [ 7846.918932][ T8023] lr : pend_serror_exception+0x19c/0x5ac [ 7846.919955][ T8023] sp : ffff80008cdd7930 [ 7846.920877][ T8023] x29: ffff80008cdd7930 x28: f9f000001d57bb28 x27: 0000000000000001 [ 7846.922904][ T8023] x26: 0000000000000000 x25: 0000000000000001 x24: 00000000000000f9 [ 7846.924701][ T8023] x23: f9f000001d57bda8 x22: 00000000000000f9 x21: f9f000001d57c981 [ 7846.926375][ T8023] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 7846.928089][ T8023] x17: 000000000000000d x16: ffff800080011d9c x15: 0000000020000000 [ 7846.929693][ T8023] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000003 [ 7846.931373][ T8023] x11: 03f0000011e1ede4 x10: 0000000000ff0100 x9 : 0000000000000000 [ 7846.933221][ T8023] x8 : 03f0000011e1d880 x7 : ffff800080b08704 x6 : ffff80008cdd7a88 [ 7846.934928][ T8023] x5 : ffff80008cdd7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 7846.936669][ T8023] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 7846.938449][ T8023] Call trace: [ 7846.939366][ T8023] pend_serror_exception+0x19c/0x5ac (P) [ 7846.940492][ T8023] kvm_inject_serror_esr+0x274/0xe40 [ 7846.941546][ T8023] __kvm_arm_vcpu_set_events+0x1d4/0x238 [ 7846.942659][ T8023] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 7846.943778][ T8023] kvm_vcpu_ioctl+0x5c4/0xc2c [ 7846.944751][ T8023] __arm64_sys_ioctl+0x18c/0x244 [ 7846.945828][ T8023] invoke_syscall+0x90/0x2b4 [ 7846.946867][ T8023] el0_svc_common+0x180/0x2f4 [ 7846.947905][ T8023] do_el0_svc+0x58/0x74 [ 7846.948903][ T8023] el0_svc+0x58/0x160 [ 7846.949814][ T8023] el0t_64_sync_handler+0x78/0x108 [ 7846.950859][ T8023] el0t_64_sync+0x198/0x19c [ 7846.952033][ T8023] irq event stamp: 3162 [ 7846.952912][ T8023] hardirqs last enabled at (3161): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 7846.954454][ T8023] hardirqs last disabled at (3162): [] el1_dbg+0x24/0x80 [ 7846.955904][ T8023] softirqs last enabled at (3144): [] local_bh_enable+0x10/0x34 [ 7846.957210][ T8023] softirqs last disabled at (3142): [] local_bh_disable+0x10/0x34 [ 7846.958820][ T8023] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7864.708115][ T5597] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7865.393383][ T5597] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7865.792944][ T5597] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7866.317528][ T5597] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 10:47:47 Registers: info registers vcpu 0 CPU#0 PC=ffff800080453100 X00=0000000000000001 X01=03f0000011e1e3b0 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008cdd6f80 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047dbdc X08=ffff800087d979e0 X09=ffff800087d9a410 X10=0000000000010fc5 X11=0000000000000025 X12=0000000000000010 X13=0000000000000036 X14=00000000000000c8 X15=0000000000008004 X16=ffff800080011d9c X17=000000000000000d X18=0000000000000000 X19=03f0000011e1d880 X20=03f0000011e1e3d8 X21=03f0000011e1e3d8 X22=b947dd0367883487 X23=ffff800088141e68 X24=0000000000000005 X25=ffff8000876c0000 X26=00000000000003cd X27=03f0000011e1e3b0 X28=ffff800088a164c0 X29=ffff80008cdd7090 X30=ffff800080452d38 SP=ffff80008cdd6fc0 PSTATE=004023c9 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000006 Z01=0000000000274000:0000000000000000 Z02=0000ffffd88412c0:ffffff80ffffffd8 Z03=0000ffffd8841370:0000ffffd8841370 Z04=0000ffffd8841370:0000ffffabb36d08 Z05=0000ffffd8841340:0000ffffd8841370 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd8841590:0000ffffd8841590 Z17=ffffff80ffffffd0:0000ffffd8841560 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000