last executing test programs: 43.09290962s ago: executing program 0 (id=1824): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x5, 0x1000, 0x1000, &(0x7f00003c6000/0x1000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x480, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x54e3, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x54e3, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x541b, 0x0) close(r0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r11, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, &(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000780)={0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000000000000840000000000000000fc309b0000ea4ee0888dd20060b8f2c100800180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f249c994e10080d2e20080d2030180d2040180d2020000d4007008d5c0035fd6000000000000"], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1) syz_kvm_vgic_v3_setup(r11, 0x2, 0xc0) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) ioctl$KVM_RUN(r13, 0xae80, 0x0) openat$kvm(0x0, 0x0, 0x12200, 0x0) (async) openat$kvm(0x0, 0x0, 0x12200, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) 40.369300283s ago: executing program 1 (id=1825): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a60, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9}) (async) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r2 = mmap$KVM_VCPU(&(0x7f0000f82000/0x3000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = mmap$KVM_VCPU(&(0x7f0000f82000/0x1000)=nil, r4, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) eventfd2(0x5, 0x1) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) munmap(&(0x7f0000eb0000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0xb701, 0x0) 31.707250462s ago: executing program 1 (id=1826): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r0, 0x2000000, 0x10, r1, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000000)={0x102091e}) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000200)={0x7}) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x100000, 0xeeee0000, 0xff, 0x2, 0x9}) 31.29492264s ago: executing program 0 (id=1827): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x80087601, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10200, 0x0, 0x8080000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x6, 0xffffffffffffffff}) (async, rerun: 32) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x111800, 0x0) (rerun: 32) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) (async, rerun: 32) r8 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x800002, 0x11, r7, 0x0) (rerun: 32) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x3, 0x80000001, &(0x7f0000000080)=0x7}) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r7, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x49cc81, 0x0) (async) eventfd2(0x3, 0x80001) 24.320187781s ago: executing program 0 (id=1828): r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5}) (async) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f00000000c0)={0x1, 0x2}) (async) r5 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) write$eventfd(r7, &(0x7f0000000000), 0xfffffdef) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x541b, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000180)=@arm64_core={0x603000000010003e, &(0x7f0000000100)=0xc74d}) (async) r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000bfe000/0x400000)=nil) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x69c700, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) 23.817409891s ago: executing program 1 (id=1829): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000000)=@attr_other={0x0, 0x1, 0x14000fc, 0x0}) 17.608228044s ago: executing program 1 (id=1830): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000280)={[0x9935, 0x200, 0x0, 0x7, 0x5, 0x8, 0xffff, 0x7, 0x5, 0x7f, 0xd, 0x6, 0xfffffffffffffffb, 0x800, 0xf0fa5ad], 0x5000, 0x200}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x9e) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x380) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000280)={[0x9935, 0x200, 0x0, 0x7, 0x5, 0x8, 0xffff, 0x7, 0x5, 0x7f, 0xd, 0x6, 0xfffffffffffffffb, 0x800, 0xf0fa5ad], 0x5000, 0x200}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x9e) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x380) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) 16.780672041s ago: executing program 0 (id=1831): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="6e0000000000000030000000000000000020000000000000be0b00000000000006000000000000000600000000000000000000000000000018000000000000000100000000000000e600000000000000180000000000000007000000000000001e0000000000000040000000000000000d0000c400000000050000000000000083fc0000000000000e000000000000000700000000000000930000000000000032000000000000004000000000000000000000400000000007000000000000000000000000000000070000000000000002000000000000007d88000000000000be000000000000001800000000000000d8e61300000030606e0000000000000030000000000000000000080800000000880000000000000004000000000000000a000000000000001e0000000000000040000000000000000682008000000000700000000000000006000000000000007f0000000000000000000000600e00000000000001000000460000000000000018000000000000000000000007000000e600000000000000180000000000000003000000000000001400000000000000200000000000000022e7130000003060ffff0000000000004600000000000000180000000000000004000000cc00000082000000000000002800000000000000030000000000000004000000000000002b010000000000000a000000000000008400000000000000000008d5000c96d20000b8f2210080d2820080d2230080d2e40080d2020000d40050805f0000681e006c200ec0af83d200e0b8f2e10180d2a20180d2830080d2c40080d2020000d4007008d5000008d560fc9ed200a0b0f2210180d2020180d2a30080d2e40180d2020000d4000028d5c0035fd6be0000000000000018000000000000001cc01300000030600a000000000000009c00000000000000009c200ee0f283d20020b0f2c10180d2020180d2230180d2040180d2020000d4009492d20060b8f2410080d2a20080d2830080d2c40180d2020000d40070202ee00d97d20080b8f2210180d2020080d2830180d2240080d2020000d4007008d50000406d601693d200a0b0f2c10080d2620080d2a30080d2c40180d2020000d40034005f007008d5c0035fd6be00000000000000180000000000000062e6130000003060000000000000000018000000000000009728ffffffffffff000000000000000018000000000000000d000000000000001400000000000000200000000000000064f6130000003060400000000000000022010000000000004000000000000000070000840000000004070000000000000900000000000000090000000000000005000000000000000300000000000000c52129749b7b9fd88005066ff8e24255091846156eea038ee9b74b5eb8aeea97db92d6d4c9fd0f383a3974f34bed6aadcd71"], 0x3d8}, &(0x7f0000000140)=[@featur2={0x1, 0x88}], 0x1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000140)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = eventfd2(0x1, 0x1) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x20200, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000300000002"]) ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000040)={r6, 0x3, 0x2, r6}) write$eventfd(r6, &(0x7f0000000000), 0x8) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, &(0x7f00000001c0)={0x0, 0xf}) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r11, 0x2800002, 0x911, r10, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x5}) 6.784670966s ago: executing program 1 (id=1832): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = eventfd2(0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r3, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xa) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x1f}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013c00a, &(0x7f0000000040)=0x3}) 6.111672101s ago: executing program 0 (id=1833): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40180, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000002, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x2e6902, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 270.955162ms ago: executing program 0 (id=1834): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x40842, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r3, 0x100000e, 0x8a031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000000)={0x88, 0x40}) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100026, &(0x7f00000000c0)=0x3}) mmap$KVM_VCPU(&(0x7f0000eb2000/0x2000)=nil, r3, 0x2000000, 0x10, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x6, 0x40a8012, 0xffffffffffffffff, 0x2000) 0s ago: executing program 1 (id=1835): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x9}) (async) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x9}) openat$kvm(0x0, &(0x7f0000000040), 0xa000, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0xa000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000100)={0xff, 0x7}) (async) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000100)={0xff, 0x7}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000000c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x5, 0x4, 0x0}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000200)={0x5}) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000001c0)=ANY=[]) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000280)=0x5}) (async) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000280)=0x5}) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) ioctl$KVM_CHECK_EXTENSION_VM(r11, 0xae03, 0xf1) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) (async) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x6, 0x954d, 0x1}}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x6, 0x954d, 0x1}}) ioctl$KVM_RUN(r12, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 392.366740][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.503986][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:40623' (ED25519) to the list of known hosts. [ 605.161200][ T25] audit: type=1400 audit(604.240:61): avc: denied { name_bind } for pid=3283 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 607.297792][ T25] audit: type=1400 audit(606.400:62): avc: denied { execute } for pid=3284 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 607.337907][ T25] audit: type=1400 audit(606.440:63): avc: denied { execute_no_trans } for pid=3284 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 629.863907][ T25] audit: type=1400 audit(628.960:64): avc: denied { mounton } for pid=3284 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 629.896052][ T25] audit: type=1400 audit(628.990:65): avc: denied { mount } for pid=3284 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.984535][ T3284] cgroup: Unknown subsys name 'net' [ 630.035684][ T25] audit: type=1400 audit(629.140:66): avc: denied { unmount } for pid=3284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.443934][ T3284] cgroup: Unknown subsys name 'cpuset' [ 630.547644][ T3284] cgroup: Unknown subsys name 'rlimit' [ 631.469128][ T25] audit: type=1400 audit(630.570:67): avc: denied { setattr } for pid=3284 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 631.488921][ T25] audit: type=1400 audit(630.580:68): avc: denied { mounton } for pid=3284 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 631.514943][ T25] audit: type=1400 audit(630.620:69): avc: denied { mount } for pid=3284 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.758708][ T3287] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 632.782087][ T25] audit: type=1400 audit(631.880:70): avc: denied { relabelto } for pid=3287 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.808283][ T25] audit: type=1400 audit(631.910:71): avc: denied { write } for pid=3287 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 632.985208][ T25] audit: type=1400 audit(632.090:72): avc: denied { read } for pid=3284 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.003972][ T25] audit: type=1400 audit(632.100:73): avc: denied { open } for pid=3284 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.046607][ T3284] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 682.333516][ T25] audit: type=1400 audit(681.440:74): avc: denied { execmem } for pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 685.986447][ T25] audit: type=1400 audit(685.090:75): avc: denied { read } for pid=3290 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 686.024000][ T25] audit: type=1400 audit(685.130:76): avc: denied { open } for pid=3290 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 686.133655][ T25] audit: type=1400 audit(685.220:77): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 686.387654][ T25] audit: type=1400 audit(685.480:78): avc: denied { module_request } for pid=3290 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 686.451222][ T25] audit: type=1400 audit(685.510:79): avc: denied { module_request } for pid=3291 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 687.568751][ T25] audit: type=1400 audit(686.670:80): avc: denied { sys_module } for pid=3290 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 716.902273][ T3290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.541562][ T3290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 718.021704][ T3291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 718.275830][ T3291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.392001][ T3290] hsr_slave_0: entered promiscuous mode [ 730.423219][ T3290] hsr_slave_1: entered promiscuous mode [ 731.326712][ T3291] hsr_slave_0: entered promiscuous mode [ 731.373092][ T3291] hsr_slave_1: entered promiscuous mode [ 731.403738][ T3291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 731.408635][ T3291] Cannot create hsr debugfs directory [ 737.042266][ T25] audit: type=1400 audit(736.140:81): avc: denied { create } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 737.093225][ T25] audit: type=1400 audit(736.190:82): avc: denied { write } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 737.132497][ T25] audit: type=1400 audit(736.230:83): avc: denied { read } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 737.287274][ T3290] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 737.750895][ T3290] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 738.056761][ T3290] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 738.369003][ T3290] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 739.835560][ T3291] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 740.016890][ T3291] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 740.206077][ T3291] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 740.394813][ T3291] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 756.844851][ T3290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.757953][ T3291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 818.746850][ T3290] veth0_vlan: entered promiscuous mode [ 819.518601][ T3290] veth1_vlan: entered promiscuous mode [ 822.507883][ T3290] veth0_macvtap: entered promiscuous mode [ 822.774087][ T3291] veth0_vlan: entered promiscuous mode [ 823.353491][ T3290] veth1_macvtap: entered promiscuous mode [ 823.903597][ T3291] veth1_vlan: entered promiscuous mode [ 826.553609][ T3290] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.564270][ T3290] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.594110][ T3290] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.607823][ T3290] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.678047][ T3291] veth0_macvtap: entered promiscuous mode [ 828.544258][ T3291] veth1_macvtap: entered promiscuous mode [ 830.487961][ T25] audit: type=1400 audit(829.590:84): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 830.816894][ T25] audit: type=1400 audit(829.920:85): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.IAdf5O/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 831.145093][ T25] audit: type=1400 audit(830.230:86): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 831.664406][ T25] audit: type=1400 audit(830.770:87): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.IAdf5O/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 831.679289][ T3291] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.732751][ T3291] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.753349][ T3291] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.803247][ T3291] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.927707][ T25] audit: type=1400 audit(831.020:88): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.IAdf5O/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 833.056199][ T25] audit: type=1400 audit(832.160:89): avc: denied { unmount } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 833.364593][ T25] audit: type=1400 audit(832.420:90): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 833.529322][ T25] audit: type=1400 audit(832.560:91): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="gadgetfs" ino=3270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 834.000764][ T25] audit: type=1400 audit(833.090:92): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 834.250581][ T25] audit: type=1400 audit(833.340:93): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 836.105045][ T3290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 837.712379][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 837.733427][ T25] audit: type=1400 audit(836.810:95): avc: denied { read write } for pid=3290 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 837.763729][ T25] audit: type=1400 audit(836.850:96): avc: denied { open } for pid=3290 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 837.848960][ T25] audit: type=1400 audit(836.850:97): avc: denied { ioctl } for pid=3290 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 841.366923][ T25] audit: type=1400 audit(840.460:98): avc: denied { read } for pid=3448 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 841.486618][ T25] audit: type=1400 audit(840.510:99): avc: denied { open } for pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 842.093255][ T25] audit: type=1400 audit(841.190:100): avc: denied { ioctl } for pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 842.144691][ T25] audit: type=1400 audit(841.250:101): avc: denied { write } for pid=3450 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 852.822795][ T25] audit: type=1400 audit(851.860:102): avc: denied { execute } for pid=3458 comm="syz.1.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 857.988801][ T3462] kvm [3462]: Failed to find VMA for hva 0x20c01000 [ 872.695198][ T25] audit: type=1400 audit(871.790:103): avc: denied { append } for pid=3473 comm="syz.0.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 988.756002][ T25] audit: type=1400 audit(987.770:104): avc: denied { ioctl } for pid=3549 comm="syz.1.29" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1065.982820][ T25] audit: type=1400 audit(1065.080:105): avc: denied { setattr } for pid=3601 comm="syz.1.43" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1259.287537][ T25] audit: type=1400 audit(1258.370:106): avc: denied { map } for pid=3727 comm="syz.1.82" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1259.317907][ T25] audit: type=1400 audit(1258.420:107): avc: denied { execute } for pid=3727 comm="syz.1.82" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1467.202060][ T3861] KVM: debugfs: duplicate directory 3861-6 [ 1467.496634][ T3861] KVM: debugfs: duplicate directory 3861-6 [ 1523.535559][ T3899] kvm [3899]: Failed to find VMA for hva 0x20c01000 [ 1610.844298][ T3954] kvm [3954]: Failed to find VMA for hva 0x21016000 [ 1709.084044][ T4009] kvm [4009]: Failed to find VMA for hva 0x21016000 [ 1732.659216][ T4022] FAULT_INJECTION: forcing a failure. [ 1732.659216][ T4022] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1732.732190][ T4022] CPU: 0 UID: 0 PID: 4022 Comm: syz.0.164 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1732.732912][ T4022] Hardware name: linux,dummy-virt (DT) [ 1732.733396][ T4022] Call trace: [ 1732.733836][ T4022] show_stack+0x2c/0x3c (C) [ 1732.735759][ T4022] __dump_stack+0x30/0x40 [ 1732.736037][ T4022] dump_stack_lvl+0xd8/0x12c [ 1732.736248][ T4022] dump_stack+0x1c/0x28 [ 1732.736463][ T4022] should_fail_ex+0x570/0x6e0 [ 1732.736722][ T4022] should_fail+0x14/0x24 [ 1732.736955][ T4022] should_fail_usercopy+0x20/0x30 [ 1732.737203][ T4022] simple_read_from_buffer+0xd0/0x298 [ 1732.737520][ T4022] proc_fail_nth_read+0x114/0x178 [ 1732.737796][ T4022] vfs_read+0x220/0x958 [ 1732.738043][ T4022] ksys_read+0x100/0x1f4 [ 1732.738321][ T4022] __arm64_sys_read+0x98/0xcc [ 1732.738612][ T4022] invoke_syscall+0x90/0x2b4 [ 1732.738902][ T4022] el0_svc_common+0x180/0x2f4 [ 1732.739185][ T4022] do_el0_svc+0x58/0x74 [ 1732.739492][ T4022] el0_svc+0x58/0x160 [ 1732.739751][ T4022] el0t_64_sync_handler+0x78/0x108 [ 1732.739996][ T4022] el0t_64_sync+0x198/0x19c [ 1827.525586][ T4078] kvm [4076]: Unsupported guest access at: eeef0000 [ 1827.525586][ T4078] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 1930.828172][ T4145] kvm [4145]: Failed to find VMA for hva 0x2101a000 [ 2273.236955][ T4367] kvm [4367]: Failed to find VMA for hva 0x21016000 [ 2322.527005][ T4399] kvm [4399]: Failed to find VMA for hva 0x20c01000 [ 2352.949128][ T4416] kvm [4416]: Failed to find VMA for hva 0x208a1000 [ 2429.096847][ T4466] debugfs: File 'vgic-its-state@8080000' in directory '4466-10' already present! [ 2560.717450][ T4545] kvm [4545]: Failed to find VMA for hva 0x2101a000 [ 2663.941671][ T4609] irq bypass consumer (token 000000006fb414f2) registration fails: -16 [ 2953.948940][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 2953.948940][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.055681][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.055681][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.141907][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.141907][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.182579][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.182579][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.213588][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.213588][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.268671][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.268671][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.313370][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.313370][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.392508][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.392508][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.505339][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.505339][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2954.566116][ T4806] kvm [4805]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2954.566116][ T4806] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2969.067912][ T4813] kvm [4813]: Failed to find VMA for hva 0x20c01000 [ 3040.670687][ T4865] irq bypass consumer (token 00000000c78ddb47) registration fails: -16 [ 3439.377063][ T5126] kvm [5126]: Failed to find VMA for hva 0x20c01000 [ 3461.658240][ T5146] kvm [5146]: Failed to find VMA for hva 0x21016000 [ 3465.341721][ T5146] kvm [5146]: Failed to find VMA for hva 0x20d8d000 [ 3523.093825][ T5186] kvm [5186]: Failed to find VMA for hva 0x208a1000 [ 3624.862545][ T5243] kvm [5243]: Failed to find VMA for hva 0x20d8d000 [ 3714.046161][ T5303] kvm [5303]: Failed to find VMA for hva 0x21016000 [ 3802.946924][ T5372] kvm [5372]: Failed to find VMA for hva 0x208a1000 [ 3940.955856][ T5454] kvm [5454]: Failed to find VMA for hva 0x20c01000 [ 3998.143790][ T5497] kvm [5497]: Failed to find VMA for hva 0x20c01000 [ 4055.076392][ T5535] kvm [5535]: Failed to find VMA for hva 0x20c01000 [ 4119.408749][ T5580] print_sys_reg_msg: 185 callbacks suppressed [ 4119.483148][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 4119.483148][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.507185][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.507185][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.576488][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.576488][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.585285][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.585285][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.644400][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.644400][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.672551][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.672551][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.694898][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.694898][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.727571][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.727571][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.764294][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.764294][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4119.824718][ T5580] kvm [5578]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4119.824718][ T5580] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4201.948575][ T5632] KVM: debugfs: duplicate directory 5632-4 [ 4518.483402][ T5855] debugfs: File 'vgic-its-state@0' in directory '5855-11' already present! [ 4529.977363][ T5863] kvm [5863]: Failed to find VMA for hva 0x20c01000 [ 4654.201131][ T25] audit: type=1400 audit(4653.240:108): avc: denied { map } for pid=5932 comm="syz.0.724" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 4754.723377][ T6001] kvm [6001]: Failed to find VMA for hva 0x20d8d000 [ 4882.591909][ T25] audit: type=1400 audit(4881.630:109): avc: denied { execute } for pid=6087 comm="syz.0.768" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 5186.366233][ T6278] kvm [6278]: Failed to find VMA for hva 0x21016000 [ 5373.107635][ T6404] kvm [6403]: Unsupported guest access at: eeef0000 [ 5373.107635][ T6404] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 5574.283442][ T6533] debugfs: File 'vgic-its-state@0' in directory '6533-4' already present! [ 5668.002760][ T6581] kvm [6581]: Failed to find VMA for hva 0x20d8d000 [ 5855.336282][ T6697] kvm [6697]: Failed to find VMA for hva 0x20c01000 [ 5866.739173][ T6706] kvm [6705]: Unsupported guest access at: eeef0000 [ 5866.739173][ T6706] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 6020.965312][ T6800] kvm [6800]: Failed to find VMA for hva 0x21016000 [ 6064.337547][ T6836] print_sys_reg_msg: 170 callbacks suppressed [ 6064.414472][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 6064.414472][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.453539][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.453539][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.486535][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.486535][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.562796][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.562796][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.586029][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.586029][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.667084][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.667084][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.735717][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.735717][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6064.875853][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6064.875853][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6065.004322][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6065.004322][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6065.101904][ T6836] kvm [6830]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6065.101904][ T6836] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 6146.488484][ T6882] kvm [6882]: Failed to find VMA for hva 0x20d8a000 [ 6268.655739][ T6962] kvm [6962]: Failed to find VMA for hva 0x20c01000 [ 6268.742133][ T6963] kvm [6963]: Failed to find VMA for hva 0x20c01000 [ 6592.356734][ T7177] KVM: debugfs: duplicate directory 7177-10 [ 6592.688887][ T7177] KVM: debugfs: duplicate directory 7177-10 [ 6696.533208][ T7242] kvm [7242]: Failed to find VMA for hva 0x20d8d000 [ 6705.929106][ T7254] kvm [7254]: Failed to find VMA for hva 0x21016000 [ 6938.018996][ T7415] kvm [7415]: Failed to find VMA for hva 0x20c01000 [ 6964.284927][ T7434] kvm [7434]: Failed to find VMA for hva 0x21016000 [ 7112.104554][ T7533] kvm [7533]: Failed to find VMA for hva 0x20d8d000 [ 7137.313301][ T4558] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7139.075500][ T4558] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7140.748784][ T4558] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7142.476554][ T4558] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7164.466578][ T4558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7164.803228][ T4558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7164.992288][ T4558] bond0 (unregistering): Released all slaves [ 7167.305782][ T4558] hsr_slave_0: left promiscuous mode [ 7167.402448][ T4558] hsr_slave_1: left promiscuous mode [ 7168.031749][ T4558] veth1_macvtap: left promiscuous mode [ 7168.037059][ T4558] veth0_macvtap: left promiscuous mode [ 7168.074532][ T4558] veth1_vlan: left promiscuous mode [ 7168.103644][ T4558] veth0_vlan: left promiscuous mode [ 7246.917273][ T7544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7247.268785][ T7544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7281.707460][ T7544] hsr_slave_0: entered promiscuous mode [ 7281.915308][ T7544] hsr_slave_1: entered promiscuous mode [ 7305.852529][ T7544] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7306.255700][ T7544] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7306.688825][ T7544] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7307.205311][ T7544] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7336.366810][ T7544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7434.755360][ T7544] veth0_vlan: entered promiscuous mode [ 7435.485093][ T7544] veth1_vlan: entered promiscuous mode [ 7438.414691][ T7544] veth0_macvtap: entered promiscuous mode [ 7438.803732][ T7544] veth1_macvtap: entered promiscuous mode [ 7441.904589][ T7544] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7441.952509][ T7544] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7441.971501][ T7544] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7442.012767][ T7544] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7469.158668][ T7546] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7470.558460][ T7546] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7472.068406][ T7546] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7473.337642][ T7546] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7490.995326][ T7546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7491.451863][ T7546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7491.694298][ T7546] bond0 (unregistering): Released all slaves [ 7494.046164][ T7546] hsr_slave_0: left promiscuous mode [ 7494.164094][ T7546] hsr_slave_1: left promiscuous mode [ 7494.921981][ T7546] veth1_macvtap: left promiscuous mode [ 7494.932516][ T7546] veth0_macvtap: left promiscuous mode [ 7494.946592][ T7546] veth1_vlan: left promiscuous mode [ 7494.984050][ T7546] veth0_vlan: left promiscuous mode [ 7579.903678][ T7791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7580.243573][ T7791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7608.732575][ T7791] hsr_slave_0: entered promiscuous mode [ 7608.804990][ T7791] hsr_slave_1: entered promiscuous mode [ 7608.882121][ T7791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7608.892249][ T7791] Cannot create hsr debugfs directory [ 7634.361996][ T7791] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7634.907711][ T7791] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7635.243404][ T7791] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7635.537471][ T7791] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7663.435650][ T7791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7756.847027][ T7791] veth0_vlan: entered promiscuous mode [ 7757.711603][ T7791] veth1_vlan: entered promiscuous mode [ 7760.375031][ T7791] veth0_macvtap: entered promiscuous mode [ 7760.924020][ T7791] veth1_macvtap: entered promiscuous mode [ 7764.113409][ T7791] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7764.123450][ T7791] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7764.134641][ T7791] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7764.143206][ T7791] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7956.067365][ T8137] kvm [8137]: Failed to find VMA for hva 0x21016000 [ 8083.764029][ T8224] kvm [8224]: Failed to find VMA for hva 0x20d8d000 [ 8083.768136][ T8218] kvm [8218]: Failed to find VMA for hva 0x20d8d000 [ 8236.474400][ T8313] kvm [8313]: Failed to find VMA for hva 0x21016000 [ 8236.613985][ T8313] kvm [8313]: Failed to find VMA for hva 0x21016000 [ 8242.696995][ T8315] kvm [8315]: Failed to find VMA for hva 0x208a1000 [ 8393.774279][ T8414] kvm [8414]: Failed to find VMA for hva 0x21016000 [ 8634.915015][ T8579] kvm [8579]: Failed to find VMA for hva 0x20c01000 [ 8694.953281][ T8620] kvm [8620]: Failed to find VMA for hva 0x21016000 [ 8750.943409][ T8656] kvm [8656]: Failed to find VMA for hva 0x20c01000 [ 8791.518019][ T8681] KVM: debugfs: duplicate directory 8681-7 [ 8896.524964][ T8761] kvm [8761]: Failed to find VMA for hva 0x2101a000 [ 8987.608085][ T8817] KVM: debugfs: duplicate directory 8817-9 [ 9228.613319][ T8980] kvm [8980]: Failed to find VMA for hva 0x20d8d000 [ 9237.637495][ T8990] kvm [8990]: Failed to find VMA for hva 0x21016000 [ 9402.825251][ T9108] kvm [9108]: Failed to find VMA for hva 0x20c01000 [ 9403.158897][ T9108] kvm [9108]: Failed to find VMA for hva 0x20bff000 [ 9481.992558][ T9164] kvm [9164]: Failed to find VMA for hva 0x20c01000 [ 9648.912141][ T9281] kvm [9281]: Failed to find VMA for hva 0x20d8d000 [ 9769.275950][ T9371] kvm [9371]: Failed to find VMA for hva 0x20d8a000 [10072.665300][ T9570] kvm [9569]: Unsupported guest access at: eeef0000 [10072.665300][ T9570] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [10081.007604][ T9572] KVM: debugfs: duplicate directory 9572-4 [10123.443459][ T9598] debugfs: File 'vgic-its-state@8080000' in directory '9598-8' already present! [10534.828812][ T9860] kvm [9860]: Failed to find VMA for hva 0x20c01000 [10680.572261][ T9948] kvm [9948]: Failed to find VMA for hva 0x20d8d000 [10755.756347][T10011] kvm [10010]: Unsupported guest access at: eeef0000 [10755.756347][T10011] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [10807.255625][T10057] ------------[ cut here ]------------ [10807.256492][T10057] WARNING: CPU: 0 PID: 10057 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [10807.258866][T10057] Modules linked in: [10807.260785][T10057] CPU: 0 UID: 0 PID: 10057 Comm: syz.1.1835 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [10807.262402][T10057] Hardware name: linux,dummy-virt (DT) [10807.263435][T10057] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [10807.264699][T10057] pc : pend_sync_exception+0x198/0x5ac [10807.265733][T10057] lr : pend_sync_exception+0x198/0x5ac [10807.266675][T10057] sp : ffff8000a0a578c0 [10807.267520][T10057] x29: ffff8000a0a578c0 x28: 00000000000000b8 x27: b8f0000017de3da8 [10807.269369][T10057] x26: 00000000000000b8 x25: 0000000000000000 x24: 0000000000000000 [10807.270956][T10057] x23: 0000000000000000 x22: 00000000000000b8 x21: b8f0000017de4981 [10807.272601][T10057] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [10807.274285][T10057] x17: 000000000000009c x16: ffff800080011d9c x15: 0000000020000880 [10807.275801][T10057] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000000 [10807.277419][T10057] x11: 00f000001d4f32e4 x10: 0000000000ff0100 x9 : 0000000000000000 [10807.279161][T10057] x8 : 00f000001d4f1d80 x7 : ffff800080b08704 x6 : ffff8000a0a57a88 [10807.280932][T10057] x5 : ffff8000a0a57a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [10807.282622][T10057] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [10807.284201][T10057] Call trace: [10807.285014][T10057] pend_sync_exception+0x198/0x5ac (P) [10807.286116][T10057] __kvm_inject_sea+0x268/0x96c [10807.287108][T10057] kvm_inject_sea+0x98/0x72c [10807.288102][T10057] __kvm_arm_vcpu_set_events+0x134/0x238 [10807.289210][T10057] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [10807.290146][T10057] kvm_vcpu_ioctl+0x5c4/0xc2c [10807.291282][T10057] __arm64_sys_ioctl+0x18c/0x244 [10807.292290][T10057] invoke_syscall+0x90/0x2b4 [10807.293240][T10057] el0_svc_common+0x180/0x2f4 [10807.294375][T10057] do_el0_svc+0x58/0x74 [10807.295478][T10057] el0_svc+0x58/0x160 [10807.296321][T10057] el0t_64_sync_handler+0x78/0x108 [10807.297409][T10057] el0t_64_sync+0x198/0x19c [10807.298599][T10057] irq event stamp: 56 [10807.299398][T10057] hardirqs last enabled at (55): [] _raw_read_unlock_irqrestore+0x44/0xbc [10807.301036][T10057] hardirqs last disabled at (56): [] el1_dbg+0x24/0x80 [10807.302492][T10057] softirqs last enabled at (38): [] local_bh_enable+0x10/0x34 [10807.303905][T10057] softirqs last disabled at (36): [] local_bh_disable+0x10/0x34 [10807.305320][T10057] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [10829.148996][ T7817] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10829.905930][ T7817] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10830.392929][ T7817] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10830.807814][ T7817] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 06:26:58 Registers: info registers vcpu 0 CPU#0 PC=ffff8000804530c4 X00=0000000000000001 X01=00f000001d4f28b0 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff8000a0a56f10 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047dbdc X08=ffff800087d9ee48 X09=0000000000000008 X10=0000000000000144 X11=0000000000000144 X12=0000000000000044 X13=0000000000000066 X14=00000000000000c8 X15=0000000000008004 X16=ffff800080011d9c X17=000000000000009c X18=0000000000000000 X19=00f000001d4f1d80 X20=00f000001d4f28d8 X21=00f000001d4f28d8 X22=098d7eb85dc8dcb0 X23=ffff800088141e68 X24=0000000000000005 X25=ffff8000876c0000 X26=00000000000003cd X27=00f000001d4f28b0 X28=ffff800088a06f50 X29=ffff8000a0a57020 X30=ffff800080452d38 SP=ffff8000a0a56f50 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffc5302860:23c81db674037d00 Z02=0000ffffc5302840:ffffff80ffffffd8 Z03=0000ffffc53028f0:0000ffffc53028f0 Z04=0000ffffc53028f0:0000ffffa5f36d08 Z05=0000ffffc53028c0:0000ffffc53028f0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc5302b10:0000ffffc5302b10 Z17=ffffff80ffffffd0:0000ffffc5302ae0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000