last executing test programs: 38.819304428s ago: executing program 0 (id=143): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = eventfd2(0x4, 0x1) (async) r3 = eventfd2(0x4c, 0x80000) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x5, 0x1, r3}) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async, rerun: 64) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async, rerun: 64) r5 = openat$kvm(0x0, &(0x7f0000000240), 0x580, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x4, 0x2, 0x169}}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0xa8b, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x1}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x3, 0x3, 0x101, 0x3}}, @irq_setup={0x46, 0x18, {0x4, 0x130}}, @eret={0xe6, 0x18, 0x9641}, @smc={0x1e, 0x40, {0x8400000d, [0x8, 0x1, 0x3, 0x7, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x4, 0x0, 0x4, 0x2, 0x4}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0xd1}}, @mrs={0xbe, 0x18, {0x603000000013c2e4}}, @smc={0x1e, 0x40, {0x80000000, [0x8, 0x7, 0x6a8, 0x8, 0x2]}}, @code={0xa, 0xb4, {"008008d5008008d5000028d5007008d5e08a9bd200a0b0f2c10180d2a20180d2430080d2440080d2020000d440b488d20000b0f2810180d2420080d2230180d2440180d2020000d4c06884d20000b8f2210080d2220180d2030080d2240180d2020000d4a05894d20060b0f2810080d2220180d2030180d2440080d2020000d4404a83d200c0b0f2a10080d2020080d2e30080d2e40180d2020000d40004002f"}}, @uexit={0x0, 0x18, 0x3}, @smc={0x1e, 0x40, {0x31000000, [0x8, 0x10000, 0x8000000000000001, 0x8000000000000001, 0x100000000]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x2, 0x8, 0x40, 0xfffffffa}}, @eret={0xe6, 0x18, 0xfffffffffffffffe}, @mrs={0xbe, 0x18, {0x6030000000131a02}}, @mrs={0xbe, 0x18, {0x603000000013e659}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x108}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x7, 0xc}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013e6c6}}, @eret={0xe6, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x1, 0xba}}, @smc={0x1e, 0x40, {0x80, [0x67, 0x1, 0x281e1fd9, 0xff, 0x600a]}}, @eret={0xe6, 0x18, 0x3}], 0x47c}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x9c}], 0x1) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f00008a0000/0x400000)=nil) (async) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x80001) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r7 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0x7f) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x2010040, 0x1000c53}) 37.768058765s ago: executing program 1 (id=144): openat$kvm(0x0, &(0x7f0000000100), 0x800, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x800, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x2710, 0x7, 0x2, 0x1000, &(0x7f0000e49000/0x1000)=nil}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000080)=[@its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x100, 0xf, 0x178, 0x4, 0x1}}], 0x28}, &(0x7f0000000280)=[@featur1={0x1, 0x18}], 0x1) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x401, 0x2}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) close(0x5) close(0x4) (async) close(0x4) 31.023677323s ago: executing program 0 (id=145): openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x18b400, 0x0) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000cee000/0x2000)=nil, 0x930, 0xd, 0x24132, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 30.390097406s ago: executing program 1 (id=146): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) close(r1) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160001}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x0, 0x2, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000100)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x7fffffff}) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x10000) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000140)={0x3}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000180)={0xdddd1000}) ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f00000001c0)={[0xc16, 0x83, 0x1000, 0xffffffff80000001, 0x1ff, 0xa81, 0x1b, 0x0, 0x2, 0x2, 0x400, 0x0, 0x2, 0x73d, 0x7, 0x80000001], 0x8000000}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000280)={0x10002, 0x3, 0x6000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000002c0)={0xd7, 0x100000, 0x2, 0xffffffffffffffff, 0x8}) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000340)=@other={0x0, &(0x7f0000000300)=0x6}) close(r2) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = eventfd2(0x1c, 0x800) close(r6) syz_kvm_setup_cpu$arm64(r3, r5, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000880)=[{0x0, &(0x7f0000000380)=[@eret={0xe6, 0x18, 0xf}, @memwrite={0x6e, 0x30, @generic={0x4, 0xb72, 0x7}}, @irq_setup={0x46, 0x18, {0x1, 0x111}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0xc400000d, [0x8000, 0xff, 0xf8, 0x0, 0x3ff]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0xa3}}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x80000000, [0x401, 0xf, 0x4, 0x3, 0x200]}}, @smc={0x1e, 0x40, {0x8000, [0x8, 0xffffffffffffffff, 0x101, 0x8001, 0x9]}}, @memwrite={0x6e, 0x30, @generic={0x8080002, 0xfd3, 0x9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x2, 0x1}}, @smc={0x1e, 0x40, {0x200, [0x5, 0x3, 0x100000001, 0x0, 0x63]}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0xca}}, @irq_setup={0x46, 0x18, {0x1, 0x12c}}, @uexit={0x0, 0x18, 0x76e4}, @code={0xa, 0x9c, {"000028d540e384d200a0b0f2c10080d2020080d2a30080d2c40180d2020000d40038601ec0b387d20000b8f2e10180d2c20180d2230180d2a40180d2020000d4000028d50000009160b380d20020b0f2610180d2420180d2630080d2c40080d2020000d440de92d20040b8f2210080d2420080d2c30080d2a40180d2020000d400a0204e0060004f"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x2, 0x1c}}, @uexit={0x0, 0x18, 0xde}, @mrs={0xbe, 0x18, {0x603000000013803f}}, @mrs={0xbe, 0x18, {0x603000000013e658}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0xff, 0x4}}, @svc={0x122, 0x40, {0x0, [0x8, 0x339, 0x80000001, 0x0, 0x8]}}, @irq_setup={0x46, 0x18, {0x4, 0x22d}}, @svc={0x122, 0x40, {0x84000009, [0xfffffffffffffffc, 0x0, 0x3, 0x0, 0xc7a8]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x3, 0xb, 0x8, 0xd}}, @smc={0x1e, 0x40, {0x80000001, [0x6, 0x72, 0x80000000, 0x9, 0x80]}}, @irq_setup={0x46, 0x18, {0x1, 0x15a}}], 0x4e4}], 0x1, 0x0, &(0x7f00000008c0)=[@featur2={0x1, 0x19}], 0x1) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000940)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000900)=0x4}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000980)=@attr_pmu_init) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000009c0)={0x6000, 0x1000, 0x1}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000a00)={0xdf, 0x0, 0x10000}) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000a80)=@x86={0x3, 0x0, 0x3, 0x0, 0xcba8, 0x2, 0x9, 0x4, 0x9, 0x2, 0x9, 0x9, 0x0, 0x1, 0x7, 0x7, 0x2, 0xef, 0x69, '\x00', 0x2, 0x80000001}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f0000000b00)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000ac0)={0x6, 0x6}}) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000b40)="3e353fb5476ab3948ce429b34739925ef7c6ab4588ebc758a1de90063ff11e9664a417c5c366a5e729259da27a42ca165a619f67ce4123b760f813421c2ef3ba8eaf3cd471eb81fb", 0x0, 0x48) 24.758348339s ago: executing program 0 (id=147): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="b7b9ffff09fd10000000bde04fceebac00", 0x0, 0xfffffffffffffc7e) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0x401c5820, 0x20000000) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="32000000000000004000000000000400579594a99d45493203000000000000000800000000060000e4255b4279e39d0000000000000000000000000009"], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23.74872983s ago: executing program 1 (id=148): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1, 0x4f832, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0xe}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x6030000000140000, &(0x7f00000001c0)=0x10001}) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[], 0x60}, 0x0, 0x0) munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) ioctl$KVM_GET_REG_LIST(r6, 0xc008aeb0, &(0x7f0000000000)) 16.889080803s ago: executing program 0 (id=149): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000080)={0xe1, 0x0, 0x2000}) (async) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x82, 0x28, {0x1, 0x2001, 0x1}}], 0x28}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x4, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x100000, 0x1, 0x1}) 13.582339353s ago: executing program 1 (id=150): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000bb8000/0x400000)=nil, r1, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 8.954201355s ago: executing program 0 (id=151): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xffff) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x4}) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013c4d3}}, @eret={0xe6, 0x18, 0x1}, @smc={0x1e, 0x40, {0x80003fff, [0x1, 0x7, 0x280, 0x7, 0x3]}}, @hvc={0x32, 0x40, {0x80, [0x0, 0x1, 0x1, 0x1, 0x8000]}}, @svc={0x122, 0x40, {0x84000052, [0xe3, 0x18, 0x31, 0x0, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013c112}}, @smc={0x1e, 0x40, {0x80, [0xffffffffffffffff, 0xba86fa2, 0x3b3, 0x8, 0x8]}}, @irq_setup={0x46, 0x18, {0x2, 0x28f}}, @eret={0xe6, 0x18, 0x8}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x5, 0x8, 0x3, 0x3}}], 0x1a0}, &(0x7f0000000240)=[@featur2={0x1, 0xd0}], 0x1) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000280)={0x19, "276b7fc47c1aebe900c8081f9badd4660ca3de3bf2a252f7d9"}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f00000002c0)) r3 = eventfd2(0xd, 0x801) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, r3}) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000380)=0x9) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000880)={0x0, &(0x7f00000003c0)=[@hvc={0x32, 0x40, {0x4, [0x1, 0x3, 0xde, 0x7fff, 0x40]}}, @hvc={0x32, 0x40, {0x8400000f, [0x1, 0x824, 0x4, 0x1, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x0, 0x8}}, @smc={0x1e, 0x40, {0x84000052, [0xffffffffffff7fff, 0x3, 0x10000]}}, @code={0xa, 0xb4, {"000028d500e4002f605086d20020b8f2810080d2820080d2e30080d2a40080d2020000d4006f83d20080b8f2610080d2220080d2630080d2640080d2020000d460ac85d20040b8f2610180d2420180d2030180d2040180d2020000d4007008d520268fd200e0b8f2810080d2420080d2430080d2240080d2020000d4000028d5007008d540658dd200c0b8f2210180d2020180d2e30080d2840080d2020000d4"}}, @hvc={0x32, 0x40, {0xc4000005, [0x20000000000, 0x7f, 0xc3, 0x5, 0x7]}}, @code={0xa, 0x9c, {"000008d500e4200e208089d200a0b8f2010080d2620180d2630180d2e40080d2020000d40020bf0d007008d5007008d520d585d20040b8f2810180d2620180d2c30180d2840180d2020000d4009a96d20040b0f2210080d2020080d2430180d2240180d2020000d4000008d560aa84d20040b0f2410180d2c20180d2830180d2840080d2020000d4"}}, @smc={0x1e, 0x40, {0x4000000, [0x10000, 0x100000001, 0x4, 0x9, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x14, 0x2, 0x8}}, @smc={0x1e, 0x40, {0xfb00000f, [0x197a, 0x7, 0x1, 0x7, 0x6]}}, @irq_setup={0x46, 0x18, {0x3, 0x318}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0xfb}}, @code={0xa, 0x84, {"800e90d20080b8f2c10080d2620180d2630080d2a40180d2020000d40000691e007008d5000008d50080400c007008d50044002f0000c028a04f8bd200e0b0f2c10080d2220180d2c30080d2240180d2020000d4c0d195d200a0b8f2410080d2820180d2430180d2a40080d2020000d4"}}, @hvc={0x32, 0x40, {0x1000, [0x6, 0x7, 0x8, 0x7c, 0x8001]}}, @msr={0x14, 0x20, {0x603000000013c4cc, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x2, 0x8}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0xffff}], 0x4b4}, &(0x7f00000008c0)=[@featur2={0x1, 0x96}], 0x1) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000940)=@attr_other={0x0, 0x7, 0x4, &(0x7f0000000900)=0x4}) ioctl$KVM_RUN(r0, 0xae80, 0x0) write$eventfd(r3, &(0x7f0000000980)=0x3ff, 0x8) ioctl$KVM_RUN(r1, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f00000009c0)={[0x2, 0xd43, 0x3, 0x3, 0x80, 0x5f1, 0x3, 0x0, 0x6a, 0xffffffff, 0x4, 0x200, 0x9, 0x2, 0x4, 0x6], 0x80a0000}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f0000000ac0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000a80)=0x1e}) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000b40)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000b00)={0xfd, 0xa6c, 0x1}}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000b80)={0x4000000, 0x40}) ioctl$KVM_SET_SREGS(r1, 0x4000ae84, &(0x7f0000000bc0)={{0x0, 0xffff1000, 0x3, 0x8, 0x2, 0x2, 0xfa, 0xfc, 0x0, 0x3, 0x9, 0x7f}, {0x5000, 0xeeee8000, 0xe, 0x1, 0x1, 0x4d, 0x1, 0x2, 0x0, 0xe7, 0xb, 0xf3}, {0xdddd1000, 0x0, 0x3, 0x0, 0x5e, 0xb0, 0x0, 0x6, 0x8, 0x5, 0x7, 0x9}, {0xf000, 0x4, 0x0, 0x81, 0x40, 0x20, 0x0, 0x3, 0x1b, 0x2, 0x2c, 0x1}, {0x1, 0x2000, 0x0, 0xd3, 0xd, 0x80, 0x3, 0x81, 0x0, 0x8, 0x85, 0x5}, {0x6000, 0xd000, 0xa, 0x3, 0x1, 0x2, 0x5, 0x1, 0x38, 0x1, 0x7, 0x9}, {0x1000, 0xf000, 0xd, 0x4, 0x3b, 0xb, 0x8, 0x9, 0xab, 0x0, 0x2, 0x1a}, {0xd5c70000, 0x10000, 0xa, 0x8, 0x7, 0x6, 0x1, 0x7, 0x2, 0x1, 0x2, 0x6}, {0x6000, 0x100}, {0xdddd1000, 0x5}, 0x2, 0x0, 0x10000, 0x10040, 0x3, 0x1000, 0x0, [0x7, 0x8, 0x66, 0x5]}) ioctl$KVM_SET_REGS(r0, 0x4360ae82, &(0x7f0000000d00)={[0x6, 0x4, 0x200, 0xc3, 0xfff, 0x5, 0x0, 0x8, 0x1, 0x4, 0x9, 0x3b, 0x0, 0x8, 0x9, 0xff], 0xd000, 0x10000}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000dc0)={r3, 0x1, 0x1, r3}) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4208ae9b, &(0x7f0000000e00)={0x10002, 0x0, [0x2fd, 0x80000000, 0x1, 0x3, 0x2, 0x14, 0x7fff, 0xec84]}) ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f0000000e80)={0xfd, "77409adc60dd4a7bb8887d80b839f40064675cfaed1d2c7b9a115e35851c2c717e50ea192cd447b9c96ee99c61ae11da9c28a4851327ff02187f69bdfa5aad72a6c91906f2728d031101484e66e2796a748cc92e58f65c8f60723af496187482065c265e1d6e17f6aae97e23fb2040e05532ce1800d1fcaaa68d8be198c135461a3ec01a0fa787f7c76389e988a5a34f7c8db4807c4ef25ce0398e8c36794046ae81df1d24c9df657499e2968b171904596ac3a048f1f07aa17f14c40c43f195f0cfa39ab7d5144b43ef8246af5856aab50132a18421f046fc28bd0f6690889fecde7cf2c41af9674a8a343be23c5b677fd083f01ee9181784c1dd5cc2"}) r7 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000012c0)={0x0, &(0x7f0000000fc0)=[@irq_setup={0x46, 0x18, {0x1, 0x2db}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x292}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x95c, 0x5}}, @eret={0xe6, 0x18, 0xfffffffffffff237}, @svc={0x122, 0x40, {0x84000003, [0x0, 0x3, 0x5, 0x150d, 0xeb7]}}, @smc={0x1e, 0x40, {0xc4000004, [0x10, 0xece7, 0x9, 0x7, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x195}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x1, 0x6, 0xf34, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x25a}}, @svc={0x122, 0x40, {0xc4000007, [0xfffffffffffffffb, 0x3, 0x5, 0xa64, 0x8]}}, @msr={0x14, 0x20, {0x603000000013c02d, 0x1}}, @uexit={0x0, 0x18, 0xc4a}, @hvc={0x32, 0x40, {0x80000001, [0x4, 0x4, 0xffffffffffffffff, 0x3, 0x5]}}, @irq_setup={0x46, 0x18, {0x2, 0x2d9}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0x10, 0x4, 0x6cc, 0x3}}, @smc={0x1e, 0x40, {0x84000050, [0x8, 0xf98, 0x1, 0x5, 0x8]}}, @eret={0xe6, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0xa, 0x71, 0x4, 0x4}}], 0x2f8}, &(0x7f0000001300)=[@featur2={0x1, 0x7e}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000001340), 0x240140, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000013c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000001380)=0x2}) 8.061330471s ago: executing program 1 (id=152): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x109901, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ed5000/0x3000)=nil, 0x930, 0x4, 0x1010, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f0000cc6000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0x5450, 0x0) munmap(&(0x7f00006e2000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="be00000000000000180000000000000065e6130000103060aa0000000000000028000000000000000c000000006c0100080000000e0008000200000000000000"], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) 3.802144145s ago: executing program 0 (id=153): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="fb0149dd033bac2cc4a29ea6ab8021d1dfd92f0000000001001000479610fbff67521cd66f8f1f447d3570707cd24b7eebb207000000000000000000000001000000002000", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 64) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) (async, rerun: 64) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb52456012ab8ba1286bf6cd81002000d300447c7a837fc869cba6cd30f0050003000000d0020000ffffff000000f86636544e44c404000000006abf47d900", 0x0, 0x48) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r8, &(0x7f00000001c0), 0xff3c) (async) r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000dd3000/0x4000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x8) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_sve_vls={0x606000000015ffff, 0x0}) r14 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x4242f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0xc, 0x3, '\x00', 0xf}) (async, rerun: 64) ioctl$KVM_CREATE_VM(r14, 0x401c5820, 0x20000000) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x100b31, 0x0) 0s ago: executing program 1 (id=154): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000200)=@attr_other={0x0, 0x8, 0x3d74, 0x0}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100042, &(0x7f0000000200)}) kernel console output (not intermixed with test programs): [ 426.256894][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:48582' (ED25519) to the list of known hosts. [ 610.159511][ T25] audit: type=1400 audit(609.260:60): avc: denied { name_bind } for pid=3292 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 612.101611][ T25] audit: type=1400 audit(611.230:61): avc: denied { execute } for pid=3293 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 612.141330][ T25] audit: type=1400 audit(611.240:62): avc: denied { execute_no_trans } for pid=3293 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 630.962680][ T25] audit: type=1400 audit(630.090:63): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 630.990541][ T25] audit: type=1400 audit(630.110:64): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 631.073201][ T3293] cgroup: Unknown subsys name 'net' [ 631.126188][ T25] audit: type=1400 audit(630.250:65): avc: denied { unmount } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 631.551474][ T3293] cgroup: Unknown subsys name 'cpuset' [ 631.654505][ T3293] cgroup: Unknown subsys name 'rlimit' [ 632.592083][ T25] audit: type=1400 audit(631.720:66): avc: denied { setattr } for pid=3293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 632.612604][ T25] audit: type=1400 audit(631.730:67): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 632.643836][ T25] audit: type=1400 audit(631.760:68): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 634.013099][ T3296] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 634.046241][ T25] audit: type=1400 audit(633.150:69): avc: denied { relabelto } for pid=3296 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 634.080102][ T25] audit: type=1400 audit(633.200:70): avc: denied { write } for pid=3296 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 634.381196][ T25] audit: type=1400 audit(633.500:71): avc: denied { read } for pid=3293 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 634.397093][ T25] audit: type=1400 audit(633.520:72): avc: denied { open } for pid=3293 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 634.466117][ T3293] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 683.953177][ T25] audit: type=1400 audit(683.050:73): avc: denied { execmem } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 687.519321][ T25] audit: type=1400 audit(686.640:74): avc: denied { read } for pid=3299 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 687.553333][ T25] audit: type=1400 audit(686.680:75): avc: denied { open } for pid=3299 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 687.627448][ T25] audit: type=1400 audit(686.750:76): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 687.903473][ T25] audit: type=1400 audit(687.030:77): avc: denied { module_request } for pid=3300 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 687.935197][ T25] audit: type=1400 audit(687.060:78): avc: denied { module_request } for pid=3299 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 689.106930][ T25] audit: type=1400 audit(688.230:79): avc: denied { sys_module } for pid=3300 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 717.687328][ T3299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.942673][ T3299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.297704][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 719.511548][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 731.343602][ T3299] hsr_slave_0: entered promiscuous mode [ 731.372349][ T3299] hsr_slave_1: entered promiscuous mode [ 732.252335][ T3300] hsr_slave_0: entered promiscuous mode [ 732.286505][ T3300] hsr_slave_1: entered promiscuous mode [ 732.314524][ T3300] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 732.320646][ T3300] Cannot create hsr debugfs directory [ 737.944425][ T25] audit: type=1400 audit(737.070:80): avc: denied { create } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 737.992682][ T25] audit: type=1400 audit(737.080:81): avc: denied { write } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.044499][ T25] audit: type=1400 audit(737.170:82): avc: denied { read } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.179716][ T3299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 738.550376][ T3299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 738.871559][ T3299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 739.205057][ T3299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 740.747285][ T3300] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 740.937329][ T3300] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 741.087759][ T3300] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 741.263823][ T3300] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 754.130442][ T3299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 756.770991][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.295141][ T3299] veth0_vlan: entered promiscuous mode [ 814.713405][ T3299] veth1_vlan: entered promiscuous mode [ 816.732050][ T3300] veth0_vlan: entered promiscuous mode [ 817.342940][ T3299] veth0_macvtap: entered promiscuous mode [ 817.951314][ T3300] veth1_vlan: entered promiscuous mode [ 818.074258][ T3299] veth1_macvtap: entered promiscuous mode [ 821.087489][ T3299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 821.111253][ T3299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 821.151377][ T3299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 821.170095][ T3299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 821.827555][ T3300] veth0_macvtap: entered promiscuous mode [ 822.533773][ T3300] veth1_macvtap: entered promiscuous mode [ 824.909459][ T25] audit: type=1400 audit(824.020:83): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 825.227517][ T25] audit: type=1400 audit(824.350:84): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/syzkaller.qQPfVZ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 825.513612][ T25] audit: type=1400 audit(824.620:85): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 825.973891][ T3300] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.006788][ T3300] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.041002][ T3300] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.050710][ T3300] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.103055][ T25] audit: type=1400 audit(825.150:86): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/syzkaller.qQPfVZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 826.470732][ T25] audit: type=1400 audit(825.410:87): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/syzkaller.qQPfVZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3289 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 827.552042][ T25] audit: type=1400 audit(826.670:88): avc: denied { unmount } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 827.840290][ T25] audit: type=1400 audit(826.960:89): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 827.997001][ T25] audit: type=1400 audit(827.060:90): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="gadgetfs" ino=3299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 828.694372][ T25] audit: type=1400 audit(827.820:91): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 828.853084][ T25] audit: type=1400 audit(827.970:92): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 831.386598][ T3299] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 833.516958][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 833.534017][ T25] audit: type=1400 audit(832.630:94): avc: denied { read write } for pid=3299 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 833.560461][ T25] audit: type=1400 audit(832.650:95): avc: denied { open } for pid=3299 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 833.640588][ T25] audit: type=1400 audit(832.740:96): avc: denied { ioctl } for pid=3299 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 838.299969][ T25] audit: type=1400 audit(837.410:97): avc: denied { read } for pid=3455 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 838.410563][ T25] audit: type=1400 audit(837.520:98): avc: denied { open } for pid=3455 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 839.470578][ T25] audit: type=1400 audit(838.590:99): avc: denied { ioctl } for pid=3455 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 855.005457][ T25] audit: type=1400 audit(854.130:100): avc: denied { execute } for pid=3465 comm="syz.0.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3550 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 861.240024][ T25] audit: type=1400 audit(860.350:101): avc: denied { append } for pid=3476 comm="syz.0.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 904.159629][ T25] audit: type=1400 audit(903.270:102): avc: denied { write } for pid=3497 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1112.752883][ T25] audit: type=1400 audit(1111.870:103): avc: denied { setattr } for pid=3626 comm="syz.0.50" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1410.270549][ T25] audit: type=1400 audit(1409.390:104): avc: denied { ioctl } for pid=3797 comm="syz.1.103" path="net:[4026532631]" dev="nsfs" ino=4026532631 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1459.880859][ T3833] kvm [3833]: Failed to find VMA for hva 0x20d8c000 [ 1561.211085][ T3899] KVM: debugfs: duplicate directory 3899-5 [ 1641.633606][ T3960] ------------[ cut here ]------------ [ 1641.634369][ T3960] WARNING: CPU: 0 PID: 3960 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [ 1641.638083][ T3960] Modules linked in: [ 1641.640417][ T3960] CPU: 0 UID: 0 PID: 3960 Comm: syz.0.153 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1641.642042][ T3960] Hardware name: linux,dummy-virt (DT) [ 1641.643262][ T3960] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1641.644535][ T3960] pc : pend_sync_exception+0x198/0x5ac [ 1641.645420][ T3960] lr : pend_sync_exception+0x198/0x5ac [ 1641.646177][ T3960] sp : ffff80008eed78c0 [ 1641.646892][ T3960] x29: ffff80008eed78c0 x28: 000000000000006d x27: 6df00000148502a8 [ 1641.648608][ T3960] x26: 000000000000006d x25: 0000000000000000 x24: 0000000000000000 [ 1641.650043][ T3960] x23: 0000000000000000 x22: 000000000000006d x21: 6df0000014850e81 [ 1641.651502][ T3960] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 1641.652777][ T3960] x17: 0000000000000053 x16: ffff800080011d9c x15: 0000000020000000 [ 1641.654171][ T3960] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000ac [ 1641.655591][ T3960] x11: acf000001d79b2e4 x10: 0000000000ff0100 x9 : 0000000000000000 [ 1641.657089][ T3960] x8 : acf000001d799d80 x7 : ffff800080b08704 x6 : ffff80008eed7a88 [ 1641.658377][ T3960] x5 : ffff80008eed7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 1641.659763][ T3960] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 1641.661358][ T3960] Call trace: [ 1641.662240][ T3960] pend_sync_exception+0x198/0x5ac (P) [ 1641.663512][ T3960] __kvm_inject_sea+0x268/0x96c [ 1641.664539][ T3960] kvm_inject_sea+0x98/0x72c [ 1641.665373][ T3960] __kvm_arm_vcpu_set_events+0x134/0x238 [ 1641.666248][ T3960] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 1641.667137][ T3960] kvm_vcpu_ioctl+0x5c4/0xc2c [ 1641.668007][ T3960] __arm64_sys_ioctl+0x18c/0x244 [ 1641.668878][ T3960] invoke_syscall+0x90/0x2b4 [ 1641.669771][ T3960] el0_svc_common+0x180/0x2f4 [ 1641.670689][ T3960] do_el0_svc+0x58/0x74 [ 1641.671516][ T3960] el0_svc+0x58/0x160 [ 1641.672332][ T3960] el0t_64_sync_handler+0x78/0x108 [ 1641.673188][ T3960] el0t_64_sync+0x198/0x19c [ 1641.674306][ T3960] irq event stamp: 964 [ 1641.674988][ T3960] hardirqs last enabled at (963): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 1641.676340][ T3960] hardirqs last disabled at (964): [] el1_dbg+0x24/0x80 [ 1641.677402][ T3960] softirqs last enabled at (946): [] local_bh_enable+0x10/0x34 [ 1641.678605][ T3960] softirqs last disabled at (944): [] local_bh_disable+0x10/0x34 [ 1641.680001][ T3960] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1655.882882][ T3315] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1656.735794][ T3315] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1657.511617][ T3315] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1657.965804][ T3315] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1669.782130][ T3315] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1669.942700][ T3315] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1670.061852][ T3315] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 19:26:00 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800b9cb4 X00=ffff80008707cef9 X01=0000000000000009 X02=0000000000000001 X03=ffff80008073ed78 X04=ffff80008eed7070 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047fe38 X08=acf000001d799d90 X09=00000000000000ac X10=00000000000000ac X11=0000000000000053 X12=0000000000000068 X13=000000000000001d X14=000000000000000c X15=ffff800087f39a30 X16=0000000000000000 X17=0000000000000053 X18=0000000000000000 X19=ffff80008707cef9 X20=acf000001d799d80 X21=000000000000001d X22=efff800000000000 X23=ffff8000801b9ba4 X24=ffff80008eed7878 X25=00000000000000ff X26=0000000000000000 X27=0000000000000f78 X28=00000000000000ff X29=ffff80008eed7430 X30=ffff8000800b9c8c SP=ffff80008eed7400 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffd13fc460:fd9ed9ac83907e00 Z02=0000ffffd13fc440:ffffff80ffffffd8 Z03=0000ffffd13fc4f0:0000ffffd13fc4f0 Z04=0000ffffd13fc4f0:0000ffffa4336d08 Z05=0000ffffd13fc4c0:0000ffffd13fc4f0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd13fc710:0000ffffd13fc710 Z17=ffffff80ffffffd0:0000ffffd13fc6e0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000