last executing test programs: 1m21.193105202s ago: executing program 0 (id=1953): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000040)=@other={0x7fffffffffffffff, &(0x7f0000000000)=0x4}) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000080)=[@irq_setup={0x46, 0x18, {0x1, 0x341}}, @eret={0xe6, 0x18, 0x4}, @mrs={0xbe, 0x18, {0x6030000000138047}}, @msr={0x14, 0x20, {0x603000000013e65b}}, @svc={0x122, 0x40, {0x4200f70d, [0x1, 0xc9, 0x2, 0x8, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0x200}}, @code={0xa, 0xcc, {"80fb99d200c0b0f2e10080d2420180d2e30080d2a40180d2020000d400a8a10e0000029ec00399d200e0b8f2e10180d2820080d2c30080d2c40180d2020000d4007008d5e0ea9ed20040b8f2c10180d2c20180d2230180d2a40180d2020000d400ca9dd20020b0f2610180d2020080d2230080d2640080d2020000d4000008d580129bd20040b0f2810080d2020180d2630080d2240180d2020000d4a0479ed20020b0f2c10080d2e20080d2230180d2240180d2020000d4"}}, @code={0xa, 0xb4, {"807a86d20020b0f2210180d2220080d2830080d2840080d2020000d4007008d5c0039cd20040b8f2210080d2420080d2630080d2640080d2020000d4007008d50000699ea0ba91d20060b8f2a10080d2e20080d2e30080d2240180d2020000d460af8dd200a0b0f2010180d2c20180d2c30180d2640180d2020000d4007008d5000008d5004b95d20000b0f2610180d2e20080d2230080d2640180d2020000d4"}}, @svc={0x122, 0x40, {0xc4000015, [0x8, 0x3, 0x1, 0xffffffff, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x0, 0x4, 0x2, 0x1}}, @irq_setup={0x46, 0x18, {0x4, 0x9c}}, @smc={0x1e, 0x40, {0xc400000d, [0x7, 0x9, 0xfffffffffffff800, 0x4, 0x3]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1c0}}, @hvc={0x32, 0x40, {0x84000005, [0x4, 0x10, 0xffffffffffffffff, 0x8, 0x3]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x52}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0xc, 0x8, 0x6, 0x4}}, @mrs={0xbe, 0x18}, @svc={0x122, 0x40, {0x84000052, [0xf60, 0x7fffffffffffffff, 0x3, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0xc, 0x6, 0xc, 0x4}}, @eret={0xe6, 0x18, 0x9}, @smc={0x1e, 0x40, {0x84000011, [0x2, 0x80000001, 0x13, 0x5, 0x9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1400, 0x8, 0xa}}, @code={0xa, 0xb4, {"007008d500000033a02699d200e0b8f2a10180d2020180d2030080d2440080d2020000d40060000c00bc97d200c0b8f2410180d2a20180d2c30080d2240180d2020000d4a0c38ed20060b0f2e10180d2020180d2030080d2240180d2020000d4008008d50060000c20cd89d20000b0f2010180d2820180d2630180d2440180d2020000d420439cd20060b8f2010080d2a20080d2630080d2440180d2020000d4"}}, @eret={0xe6, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013805d, 0x5}}, @svc={0x122, 0x40, {0x84000009, [0x863, 0x8000000000000000, 0x8, 0x3, 0x2]}}, @uexit={0x0, 0x18}, @smc={0x1e, 0x40, {0x40000000, [0x10000, 0xdba, 0x2, 0x9, 0x101]}}, @uexit={0x0, 0x18, 0x68dda2c}], 0x674}, &(0x7f0000000740)=[@featur2={0x1, 0x5a}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f00000007c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000780)=0x100}) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000800), 0x280002, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0xe, 0x80001) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000840)={0x7, 0x4000, 0x8, r4, 0x8}) write$eventfd(r4, &(0x7f0000000880)=0x3, 0x8) r5 = syz_kvm_vgic_v3_setup(r3, 0x0, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000900)=@attr_other={0x0, 0x2, 0x3, &(0x7f00000008c0)=0x80000000}) write$eventfd(r4, &(0x7f0000000940)=0x51af, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000980), 0x9240, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f00000009c0)={0xb, 0x8}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000a00)={0x1, 0xeeee8001, 0x8, r4, 0x2}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000a80)=@attr_other={0x0, 0xfff, 0x1, &(0x7f0000000a40)=0x3}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000b00)=@attr_other={0x0, 0x5, 0x5, &(0x7f0000000ac0)=0x8001}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000b40)={0x9, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000bc0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000b80)=0x1}) ioctl$KVM_SET_REGS(r6, 0x4360ae82, &(0x7f0000000c00)={[0x1, 0x10001, 0x6a, 0x101, 0x9, 0x10000, 0x5, 0x7, 0x4, 0x0, 0x6, 0x8, 0x40, 0x4, 0x5, 0x56b], 0xf000, 0x11400}) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000cc0)={0x1d, 0x80a0000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000d00)={0xf000, 0x104000, 0x1}) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000d40)={0x2, 0x0, [{0x8, 0x1, 0x0, 0x0, @adapter={0x2, 0xffffffff, 0x8000000000000000, 0x10, 0x8}}, {0xba, 0x1, 0x1, 0x0, @adapter={0x5, 0x4, 0x44bc, 0x3, 0x80000001}}]}) r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000011c0)={0x0, &(0x7f0000000dc0)=[@hvc={0x32, 0x40, {0x30000000, [0x9dd0, 0x4, 0x0, 0x7, 0x9]}}, @msr={0x14, 0x20, {0x603000000013f667, 0x3739}}, @uexit={0x0, 0x18, 0x5}, @hvc={0x32, 0x40, {0x8000, [0xe5c8, 0x0, 0xe492, 0x0, 0x8001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x50, 0x4}}, @hvc={0x32, 0x40, {0x84000053, [0x0, 0x2, 0x5, 0x7, 0x6]}}, @smc={0x1e, 0x40, {0x80000002, [0xfffffffffffffbff, 0x4, 0x7, 0x7ff, 0x3]}}, @memwrite={0x6e, 0x30, @generic={0x10000, 0xc, 0x81, 0x2}}, @hvc={0x32, 0x40, {0x10, [0xe2, 0x9, 0x7, 0xfffffffffffffffc, 0x100000001]}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0xe}, @msr={0x14, 0x20, {0x603000000013e64a, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x5, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x3, 0xf}}, @smc={0x1e, 0x40, {0x84000053, [0x2, 0x8, 0x5, 0x2, 0x200]}}, @eret={0xe6, 0x18, 0x8}, @eret={0xe6, 0x18, 0x6}, @eret={0xe6, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x4, 0xffffffffffff40a9, 0x5}}, @mrs={0xbe, 0x18, {0x603000000013e000}}, @smc={0x1e, 0x40, {0x400, [0x6, 0xfffffffffffffffa, 0x1, 0xff, 0x8]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x34b}}], 0x3d0}, &(0x7f0000001200)=[@featur1={0x1, 0x42}], 0x1) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000016c0)=[{0x0, &(0x7f0000001240)=[@svc={0x122, 0x40, {0xc4000001, [0x8, 0x5, 0x2, 0x3, 0x2]}}, @irq_setup={0x46, 0x18, {0x4, 0x1c3}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x200, 0x100000000, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013e609}}, @irq_setup={0x46, 0x18, {0x4, 0x3cd}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x2, 0x9, 0x7, 0x35e4}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x3de}}, @smc={0x1e, 0x40, {0x80000002, [0x4, 0xfffffffffffffffc, 0x3a, 0x9, 0x2]}}, @eret={0xe6, 0x18, 0xffffffff}, @smc={0x1e, 0x40, {0x10, [0xfffffffffffffffd, 0x8000, 0x8, 0x4, 0x6]}}, @code={0xa, 0xb4, {"0034005f40eb9dd20060b0f2810080d2620180d2230080d2c40080d2020000d4a06d94d20080b0f2c10080d2820080d2030180d2040180d2020000d440849fd20060b0f2610180d2620180d2e30080d2e40180d2020000d40004003c00e4002f408d99d20060b0f2e10180d2a20180d2430180d2640080d2020000d40000719e80aa8ed200e0b8f2810180d2e20080d2030080d2040080d2020000d400809f0c"}}, @irq_setup={0x46, 0x18, {0x4, 0x10b}}, @eret={0xe6, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x1, 0x27b}}, @msr={0x14, 0x20, {0x603000000013df7c, 0x40}}, @svc={0x122, 0x40, {0x84000052, [0x6c, 0x1, 0xff, 0x6, 0x8000000000000000]}}, @smc={0x1e, 0x40, {0xc4000053, [0x7, 0x4, 0x4, 0xfffffffffffffffb, 0x10000]}}, @hvc={0x32, 0x40, {0x84000014, [0x9, 0x800, 0x7c, 0x9, 0xe0]}}, @mrs={0xbe, 0x18, {0x603000000013deea}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x6, 0xfff, 0x3, 0x2}}, @irq_setup={0x46, 0x18, {0x4, 0x175}}, @hvc={0x32, 0x40, {0x4000, [0x0, 0x8000, 0x9, 0xa, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013f687}}, @irq_setup={0x46, 0x18, {0x480, 0x126}}, @eret={0xe6, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013df60, 0x8}}], 0x47c}], 0x1, 0x0, &(0x7f0000001700), 0x1) ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f0000001740)={0x6, 0x9}) 1m7.303263252s ago: executing program 0 (id=1956): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x40) r4 = eventfd2(0x80005ff, 0x1) r5 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000180)={r5, 0x27, 0x2, r5}) r6 = eventfd2(0x0, 0x0) r7 = eventfd2(0xffff, 0x80801) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000002c0)={r6, 0x40fff, 0x2, r7}) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000001c0)={r4, 0x6d, 0x0, r4}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r8, &(0x7f00000001c0)=0xffffff7f, 0xfdef) 52.753400989s ago: executing program 0 (id=1959): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x101ff, 0x0, &(0x7f0000ffc000/0x3000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000}) eventfd2(0xffffffff, 0x1000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000400000000000000aa000046f0efeae5c0380800000000000b0500000000080000000000000002000000000000000000"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0xfffffffffffffffd, 0x140) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r11 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r15, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r16, 0x4020aeae, &(0x7f0000000080)={0x5, 0x3}) ioctl$KVM_SET_ONE_REG(r16, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x1b}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r17, 0x8004b706, 0x0) 43.980749716s ago: executing program 1 (id=1960): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000dce000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000dce000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000fd7000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000fd7000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000dfc000/0x4000)=nil, r4, 0x300000d, 0x110, r3, 0x0) munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) (async) munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa001, 0x0) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa001, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4208ae9b, 0xfffffffffffffffe) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) 38.61639899s ago: executing program 0 (id=1961): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000180000000000000002000000000000006e0000000000000030000000000000000000000800000000000000000000000004000000000000000600000000000000be000000000000001800000000f19fbd08f958f73d000000ce831300000030601400000000000000200000000000000018c51300000030609501000000000000000000000000000018000000000000000900000000000000aa000000000000002800000000000000030104000000020000000600000001040000000000000000be0000000000000018000000000000005bc613000000306046000000000000001800000000000000030000004100000082000000000000002800000000000000030000000000000003000000000000008a01001e1fe55d82581f4631f703d91c9f434f07cb631e3c8256cefa826c44ab58f2fd5baa87fe4f0a1914bc329135096f458532ab1daf6afaa5c0a0f9c30400000000000000b6a02ca0d6e24939fd6111f14e1862742aa14c47b2c4a9e52efed3be72a543b7df2a4670fbb1085a6105c877696813a44e1909fe25369aa9c6c6e141984549f78df1f99cc165f8a850db3e8c77d62bfc3f1751fe158d263cc4beb44e342fdbbf3acfb79ea81cf660a4e26f0579c789012d2d9543da158317f513411ad08ab4001a0c4f9dd6c6909a48ab569ceab922e4a14bf42749949ba65e04e7"], 0x36c}], 0x1, 0x0, 0x0, 0x0) r3 = eventfd2(0x1, 0x1) openat$kvm(0x0, &(0x7f0000000080), 0x20200, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000300000002"]) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r3, 0x2, 0x2, r3}) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000280)={0x0, 0x2c}) syz_kvm_vgic_v3_setup(r2, 0x1, 0xc0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f00000006c0)={0x10002, 0x40, 0x200, &(0x7f00000002c0)=[0x1, 0x2, 0x3, 0x7f, 0x9, 0xf, 0x4, 0x4, 0x1f, 0x1, 0x5, 0x10000, 0x8, 0xf, 0x6, 0x100, 0x2e, 0x7, 0x8, 0x4, 0x400, 0xef52, 0x7f, 0x800000000000, 0x163, 0x7, 0x3, 0x0, 0x87, 0x900, 0x7, 0xfffffffffffffffe, 0xe, 0xb5e, 0xfffffffffffffffd, 0xdef9, 0xd73, 0x6, 0x77b, 0x3, 0x1ff, 0x7c990ed0, 0x0, 0xfffffffffffffff9, 0xe939, 0x2, 0xffffffffffffffff, 0x100, 0x9, 0x6, 0xfffffffffffff948, 0x4, 0x3, 0x7, 0x8, 0x8, 0x511, 0x5, 0x0, 0xfffffffffffffff8, 0x9, 0x0, 0x7, 0x7, 0x80, 0x80000000, 0x7ff, 0x8, 0x8000000000000001, 0x2, 0x400, 0x5, 0xfffffffffffffeff, 0x2, 0x8, 0x7, 0xdaa, 0xee0c, 0x9, 0x5, 0x9, 0xf, 0xe, 0xffffffffffff8000, 0x8, 0x800000000000, 0x4d2, 0x8, 0xaa, 0x8dc, 0x3, 0x3, 0x1c0000000000000, 0x0, 0x1, 0xb3b, 0x6334, 0x0, 0x7, 0x8, 0xd8ce, 0x0, 0x0, 0xa, 0x4bd, 0x9, 0x3d1, 0x9, 0x3, 0x4, 0xfe1, 0x80000001, 0xffffffffffffffff, 0xb02e, 0x7, 0x2, 0xf, 0x5, 0x9, 0xc6, 0x0, 0x5, 0x2, 0x2, 0x4, 0x3, 0xffffffffffff3c33, 0x1ff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) eventfd2(0x7fff, 0x80001) 33.34576517s ago: executing program 1 (id=1962): r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x10200, 0x6, 0x100002, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x2, 0x3c0) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) 24.69749912s ago: executing program 0 (id=1963): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000140)=@arm64_core={0x6030000000100028, &(0x7f0000000100)=0xfffffffffffffbff}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000f500000000000000000200000000000000aa0000000000000028000000000000000f"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) r12 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r14 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x120) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000040)=0x4f}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 19.755476297s ago: executing program 1 (id=1964): munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r2, &(0x7f00000001c0)=0xffffff7f, 0xff25) 16.237400444s ago: executing program 1 (id=1965): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_extra={0x6030000000160002, &(0x7f0000000140)=0x5}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100040, &(0x7f00000001c0)=0x2}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_extra={0x6030000000160002, &(0x7f0000000140)=0x5}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) (async) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100040, &(0x7f00000001c0)=0x2}) (async) 10.514945084s ago: executing program 0 (id=1966): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dcdf, &(0x7f0000000000)=0x3ff}) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffa) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0x4004aec2, &(0x7f0000000040)=0x4) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xaa) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(r8, r4, &(0x7f0000ba4000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1e000000000000004000000000000000010000860000000007000000000000002080000000000000e85700000000000002000000000000007c08000000000000460000000000000018000000000000000100000035000000220100000000000040000000000000000600008400000000050000000000000006000000000000000200000000000000830c00000000000003000000000000006e0000000000000030000000000000000000000000000000d80600000000000004000000000000006d4237ff2f501c34e600000000001b001800000000000000f8ffffffffffffff82000000000000002800000000000000030000000000000004000000000000004603000000000000460000000000000018000000000000000400000098010000220100000000000040000000000000000040000000000000feffffffffffffff080000000000000009000000000000005e0f0000000000000100000001000000e600000000000000180000000000000001000000000000000a000000000000009c00000000000000c0b384d200c0b8f2210180d2020080d2c30080d2040080d2020000d4008008d5008008d5007008d500f987d20060b0f2010180d2e20180d2630180d2e40180d2020000d4007008d50080209ba0b69fd20000b8f2a10080d2a20180d2c30080d2840080d2020000d400d0000f205883d20000b8f2610180d2220180d2230180d2c40080d2020000d4c0035fd62201000000000000400000000000000000000004000000000000000000000000cf00000000000000ff01000000000000080000000000000007000000000000000a000000000000009c00000000000000008008d5007008d5000008d5801686d200c0b0f2610080d2820180d2630180d2040080d2020000d4204f96d200e0b8f2210180d2620080d2230080d2440080d2020000d4007008d5004887d200c0b0f2a10080d2620180d2430080d2a40180d2020000d40100a0d4000b93d200e0b8f2a10080d2020180d2430180d2440080d2020000d4008008d5c0035fd60a000000000000005400000000000000007008d5000008d5007008d5007008d5c0648cd20020b8f2010180d2c20080d2030180d2840080d2020000d40040400d007008d50068203c0004000f003c202ec0035fd61e0000000000000040000000000000000f0000840000000001000000000000000300000000000000080000000000000001000000000000000900000000000000e60000000000000018000000000000000f000000000000001e0000000000000040000000000000000000003200000000010000000000008002000000000000000100000000000000060000000000000000000100000000001400000000000000200000000000000000000000000000000c00000000000000aa0000000000000028000000000000000301000000000a00000004000000060000000300000000000a00000000000000b400000000000000c0ea87d20080b0f2610080d2220180d2030180d2c40080d2020000d40000219e00800008007008d5a03588d200a0b0f2c10180d2c20080d2630080d2240180d2020000d40060400da07691d20020b8f2410080d2a20180d2030180d2c40180d2020000d4000028d5402982d20040b8f2010080d2e20080d2830080d2040180d2020000d400d791d20020b8f2810180d2420080d2230180d2840080d2020000d4c0035fd614000000000000002000000000000000abc213000000306001000100000000001400000000000000200000000000000062e6130000003060000000000000000022010000000000004000000000000000ff7f0080000000000100000000000000020000000000000000010000000000000800000000000000ffffffff00000000e6000000000000001800000000000000ff070000000000001e0000000000000040000000000000005000008400000000a1160000000000000a0000000000000002000000000000000000000000000000ff000000000000000a00000000000000b400000000000000403e9dd20060b0f2010080d2e20080d2830080d2c40080d2020000d4000028d5000008d5802985d200e0b8f2610180d2820180d2430080d2e40080d2020000d4607885d200e0b8f2c10080d2a20080d2430080d2a40080d2020000d400809f0d804d93d200a0b8f2a10080d2020080d2c30180d2a40080d2020000d4000028d50000229ea04d9ed200c0b0f2410080d2420080d2c30180d2a40080d2020000d4c0035fd6000000000000000018000000000000001000000000000000e6000000000000001800000000000000010100000000000046000000000000001800000000000000000000009c0000006e0000000000000030000000000000000000080800000000040000000000000000080000000000000c00000000000000"], 0x6dc}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x80}], 0x1) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x541803, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x1000009, 0x12, r5, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000080)={0xeeef0000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r10, 0x4010ae68, &(0x7f0000000240)={0x22224000, 0x118000, 0xffffffff}) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000e48000/0x4000)=nil, 0x0, 0x2000004, 0x30, r4, 0x0) 8.689846486s ago: executing program 1 (id=1967): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x86000006, [0xfffffffffffff001, 0x3, 0x6, 0x1, 0x6]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x309}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xd, 0x80, 0x5, 0x1}}, @code={0xa, 0x6c, {"000028d50094200e0004403c0000291e00a4004f007008d5c04299d200c0b8f2c10080d2820180d2230180d2640180d2020000d40020200ee02183d20040b8f2610080d2e20080d2c30080d2240180d2020000d4008008d5"}}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x3, 0x5, 0x3, 0x2]}}, @hvc={0x32, 0x40, {0xc400000c, [0x3, 0x0, 0x3, 0x0, 0x8]}}, @smc={0x1e, 0x40, {0x6000000, [0x0, 0x7f, 0x8, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0xc4000004, [0x9, 0x5, 0x7, 0x1, 0x8001]}}, @svc={0x122, 0x40, {0xffc40d124389b2aa, [0x8, 0x4, 0x0, 0x8, 0xfffffffffffffffc]}}, @svc={0x122, 0x40, {0x84000002, [0x8, 0x8001, 0x0, 0x3]}}, @msr={0x14, 0x20, {0x603000000013802f, 0xbe82}}, @uexit={0x0, 0x18, 0xe55b}, @svc={0x122, 0x40, {0xc4000001, [0x1, 0xe6, 0x566b, 0xe, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xd00, 0x5efd8558, 0xe}}, @eret={0xe6, 0x18, 0xee87}, @code={0xa, 0x6c, {"0054000fe05c8bd200c0b8f2610080d2420180d2630080d2a40180d2020000d4007008d5000008d5007008d5007008d500c0671e000008d5609c96d200c0b0f2e10180d2620180d2030080d2e40080d2020000d40054c01a"}}, @msr={0x14, 0x20, {0x603000000013def2, 0x7}}, @msr={0x14, 0x20, {0x4bd, 0x4800000000000}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xd, 0x3, 0x0, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x3ca}}, @msr={0x14, 0x20, {0x603000000013c608, 0xe61}}, @irq_setup={0x46, 0x18, {0x4, 0x37a}}], 0x478}, &(0x7f0000000080)=[@featur2={0x1, 0x81}], 0x1) ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4208ae9b, &(0x7f00000000c0)={0x0, 0x0, [0x6, 0xfffffffffffff000, 0x5, 0x4, 0x4, 0x9, 0x0, 0x1]}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_GET_ONE_REG(r4, 0xc018ae85, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000140)=@arm64={0x3, 0x8, 0x5, '\x00', 0x9e34}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r6, 0x2000005, 0x100010, r0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x8040aeb6, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x86000006, [0xfffffffffffff001, 0x3, 0x6, 0x1, 0x6]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x309}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xd, 0x80, 0x5, 0x1}}, @code={0xa, 0x6c, {"000028d50094200e0004403c0000291e00a4004f007008d5c04299d200c0b8f2c10080d2820180d2230180d2640180d2020000d40020200ee02183d20040b8f2610080d2e20080d2c30080d2240180d2020000d4008008d5"}}, @svc={0x122, 0x40, {0x8400000d, [0x6, 0x3, 0x5, 0x3, 0x2]}}, @hvc={0x32, 0x40, {0xc400000c, [0x3, 0x0, 0x3, 0x0, 0x8]}}, @smc={0x1e, 0x40, {0x6000000, [0x0, 0x7f, 0x8, 0x3, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0xc4000004, [0x9, 0x5, 0x7, 0x1, 0x8001]}}, @svc={0x122, 0x40, {0xffc40d124389b2aa, [0x8, 0x4, 0x0, 0x8, 0xfffffffffffffffc]}}, @svc={0x122, 0x40, {0x84000002, [0x8, 0x8001, 0x0, 0x3]}}, @msr={0x14, 0x20, {0x603000000013802f, 0xbe82}}, @uexit={0x0, 0x18, 0xe55b}, @svc={0x122, 0x40, {0xc4000001, [0x1, 0xe6, 0x566b, 0xe, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xd00, 0x5efd8558, 0xe}}, @eret={0xe6, 0x18, 0xee87}, @code={0xa, 0x6c, {"0054000fe05c8bd200c0b8f2610080d2420180d2630080d2a40180d2020000d4007008d5000008d5007008d5007008d500c0671e000008d5609c96d200c0b0f2e10180d2620180d2030080d2e40080d2020000d40054c01a"}}, @msr={0x14, 0x20, {0x603000000013def2, 0x7}}, @msr={0x14, 0x20, {0x4bd, 0x4800000000000}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xd, 0x3, 0x0, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x3ca}}, @msr={0x14, 0x20, {0x603000000013c608, 0xe61}}, @irq_setup={0x46, 0x18, {0x4, 0x37a}}], 0x478}, &(0x7f0000000080)=[@featur2={0x1, 0x81}], 0x1) (async) ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4208ae9b, &(0x7f00000000c0)={0x0, 0x0, [0x6, 0xfffffffffffff000, 0x5, 0x4, 0x4, 0x9, 0x0, 0x1]}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) (async) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) ioctl$KVM_GET_ONE_REG(r4, 0xc018ae85, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000140)=@arm64={0x3, 0x8, 0x5, '\x00', 0x9e34}) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r6, 0x2000005, 0x100010, r0, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x8040aeb6, 0x0) (async) 0s ago: executing program 1 (id=1968): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) (async, rerun: 32) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (rerun: 32) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013df40}}], 0x18}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_assert_syzos_uexit$arm64(r8, 0xffffffffffffffff) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xeefffffc, 0x1000, 0x2}}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x2, 0x3000}) (async) r12 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r13 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x400454cd, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) kernel console output (not intermixed with test programs): [ 382.366505][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 436.024575][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:63868' (ED25519) to the list of known hosts. [ 595.315389][ T25] audit: type=1400 audit(594.460:60): avc: denied { name_bind } for pid=3290 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 596.936655][ T25] audit: type=1400 audit(596.090:61): avc: denied { execute } for pid=3291 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 596.957908][ T25] audit: type=1400 audit(596.100:62): avc: denied { execute_no_trans } for pid=3291 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 618.029812][ T25] audit: type=1400 audit(617.180:63): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 618.067031][ T25] audit: type=1400 audit(617.210:64): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.154614][ T3291] cgroup: Unknown subsys name 'net' [ 618.205760][ T25] audit: type=1400 audit(617.350:65): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.594902][ T3291] cgroup: Unknown subsys name 'cpuset' [ 618.697403][ T3291] cgroup: Unknown subsys name 'rlimit' [ 619.597617][ T25] audit: type=1400 audit(618.750:66): avc: denied { setattr } for pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 619.625017][ T25] audit: type=1400 audit(618.770:67): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 619.640377][ T25] audit: type=1400 audit(618.790:68): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 620.881716][ T3294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 620.905004][ T25] audit: type=1400 audit(620.050:69): avc: denied { relabelto } for pid=3294 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 620.925803][ T25] audit: type=1400 audit(620.070:70): avc: denied { write } for pid=3294 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 621.097601][ T25] audit: type=1400 audit(620.250:71): avc: denied { read } for pid=3291 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.121124][ T25] audit: type=1400 audit(620.260:72): avc: denied { open } for pid=3291 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.164376][ T3291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 668.977618][ T25] audit: type=1400 audit(668.100:73): avc: denied { execmem } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 672.558148][ T25] audit: type=1400 audit(671.710:74): avc: denied { read } for pid=3297 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.584810][ T25] audit: type=1400 audit(671.730:75): avc: denied { open } for pid=3297 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.657692][ T25] audit: type=1400 audit(671.810:76): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 672.907639][ T25] audit: type=1400 audit(672.050:77): avc: denied { module_request } for pid=3297 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 672.921404][ T25] audit: type=1400 audit(672.070:78): avc: denied { module_request } for pid=3298 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 674.057771][ T25] audit: type=1400 audit(673.200:79): avc: denied { sys_module } for pid=3297 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 699.584192][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.071785][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.294301][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.757082][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.977803][ T3298] hsr_slave_0: entered promiscuous mode [ 716.005890][ T3298] hsr_slave_1: entered promiscuous mode [ 716.889069][ T3297] hsr_slave_0: entered promiscuous mode [ 716.930530][ T3297] hsr_slave_1: entered promiscuous mode [ 716.965552][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 716.970207][ T3297] Cannot create hsr debugfs directory [ 722.405164][ T25] audit: type=1400 audit(721.550:80): avc: denied { create } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.436509][ T25] audit: type=1400 audit(721.570:81): avc: denied { write } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.484776][ T25] audit: type=1400 audit(721.630:82): avc: denied { read } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.620919][ T3298] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 722.947456][ T3298] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 723.326128][ T3298] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 723.650592][ T3298] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 725.081762][ T3297] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 725.255378][ T3297] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 725.391051][ T3297] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 725.595432][ T3297] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 738.265694][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 740.288028][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 801.061330][ T3298] veth0_vlan: entered promiscuous mode [ 801.571671][ T3298] veth1_vlan: entered promiscuous mode [ 803.618724][ T3298] veth0_macvtap: entered promiscuous mode [ 803.678623][ T3297] veth0_vlan: entered promiscuous mode [ 804.031192][ T3298] veth1_macvtap: entered promiscuous mode [ 804.459216][ T3297] veth1_vlan: entered promiscuous mode [ 806.150087][ T3298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.159251][ T3298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.170269][ T3298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.193781][ T3298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.439807][ T3297] veth0_macvtap: entered promiscuous mode [ 808.085140][ T3297] veth1_macvtap: entered promiscuous mode [ 808.854238][ T25] audit: type=1400 audit(808.000:83): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 809.060429][ T25] audit: type=1400 audit(808.210:84): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.vVECY2/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 809.170905][ T25] audit: type=1400 audit(808.310:85): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 809.456777][ T25] audit: type=1400 audit(808.570:86): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.vVECY2/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 809.608830][ T25] audit: type=1400 audit(808.760:87): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.vVECY2/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3255 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 810.127350][ T3297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.154052][ T3297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.165629][ T3297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.166626][ T3297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.360585][ T25] audit: type=1400 audit(809.460:88): avc: denied { unmount } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 810.568583][ T25] audit: type=1400 audit(809.700:89): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 810.661647][ T25] audit: type=1400 audit(809.810:90): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 810.921452][ T25] audit: type=1400 audit(810.070:91): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 811.037307][ T25] audit: type=1400 audit(810.180:92): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 812.546723][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 813.888344][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 813.899653][ T25] audit: type=1400 audit(813.030:96): avc: denied { ioctl } for pid=3298 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 817.153778][ T25] audit: type=1400 audit(816.290:97): avc: denied { read } for pid=3450 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.214234][ T25] audit: type=1400 audit(816.350:98): avc: denied { open } for pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.617432][ T25] audit: type=1400 audit(816.710:99): avc: denied { ioctl } for pid=3450 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 831.534996][ T25] audit: type=1400 audit(830.680:100): avc: denied { setattr } for pid=3461 comm="syz.1.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 842.899108][ T25] audit: type=1400 audit(842.000:101): avc: denied { append } for pid=3469 comm="syz.0.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 849.534492][ T25] audit: type=1400 audit(848.670:102): avc: denied { map } for pid=3474 comm="syz.1.7" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 861.445202][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 861.445202][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.469323][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.469323][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.520442][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.520442][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.578092][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.578092][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.687444][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.687444][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.699901][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.699901][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.781773][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.781773][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.845455][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.845455][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.920669][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.920669][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 861.960117][ T3483] kvm [3481]: Unsupported guest CP15 access at: 00000100 [000001db] [ 861.960117][ T3483] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 868.375467][ T25] audit: type=1400 audit(867.510:103): avc: denied { write } for pid=3490 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 962.820703][ T3557] kvm [3557]: Failed to find VMA for hva 0x21016000 [ 1005.248853][ T3585] kvm [3585]: Failed to find VMA for hva 0x20c00000 [ 1052.974111][ T25] audit: type=1400 audit(1052.090:104): avc: denied { ioctl } for pid=3619 comm="syz.0.48" path="net:[4026532626]" dev="nsfs" ino=4026532626 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1076.765520][ T25] audit: type=1400 audit(1075.910:105): avc: denied { execute } for pid=3635 comm="syz.1.52" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=6505 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1102.875867][ T3656] kvm [3656]: Failed to find VMA for hva 0x20d8d000 [ 1322.824932][ T3794] irq bypass consumer (token 00000000b61825d2) registration fails: -16 [ 1398.450233][ T3855] kvm [3855]: Failed to find VMA for hva 0x20c01000 [ 1668.049407][ T4050] kvm [4050]: Failed to find VMA for hva 0x20c01000 [ 2026.341471][ T4286] kvm [4286]: Failed to find VMA for hva 0x20c00000 [ 2148.754560][ T4365] kvm [4365]: Failed to find VMA for hva 0x20c01000 [ 2168.354349][ T4379] kvm [4379]: Failed to find VMA for hva 0x20d8d000 [ 2373.148773][ T4536] kvm [4535]: Unsupported guest access at: eeef0000 [ 2373.148773][ T4536] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 2553.171240][ T4656] FAULT_INJECTION: forcing a failure. [ 2553.171240][ T4656] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 2553.215125][ T4656] CPU: 0 UID: 0 PID: 4656 Comm: syz.1.348 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2553.215779][ T4656] Hardware name: linux,dummy-virt (DT) [ 2553.216250][ T4656] Call trace: [ 2553.216677][ T4656] show_stack+0x2c/0x3c (C) [ 2553.218529][ T4656] __dump_stack+0x30/0x40 [ 2553.218814][ T4656] dump_stack_lvl+0xd8/0x12c [ 2553.219052][ T4656] dump_stack+0x1c/0x28 [ 2553.219273][ T4656] should_fail_ex+0x570/0x6e0 [ 2553.219544][ T4656] should_fail+0x14/0x24 [ 2553.219768][ T4656] should_fail_usercopy+0x20/0x30 [ 2553.220011][ T4656] kvm_arch_vm_ioctl+0x224/0x520 [ 2553.220260][ T4656] kvm_vm_ioctl+0x620/0x944 [ 2553.220513][ T4656] __arm64_sys_ioctl+0x18c/0x244 [ 2553.220742][ T4656] invoke_syscall+0x90/0x2b4 [ 2553.221017][ T4656] el0_svc_common+0x180/0x2f4 [ 2553.221333][ T4656] do_el0_svc+0x58/0x74 [ 2553.221612][ T4656] el0_svc+0x58/0x160 [ 2553.221845][ T4656] el0t_64_sync_handler+0x78/0x108 [ 2553.222079][ T4656] el0t_64_sync+0x198/0x19c [ 2562.586654][ T4659] kvm [4659]: Failed to find VMA for hva 0x20c01000 [ 2579.988020][ T4669] FAULT_INJECTION: forcing a failure. [ 2579.988020][ T4669] name failslab, interval 1, probability 0, space 0, times 1 [ 2580.034229][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: syz.1.354 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2580.034590][ T4669] Hardware name: linux,dummy-virt (DT) [ 2580.034699][ T4669] Call trace: [ 2580.034781][ T4669] show_stack+0x2c/0x3c (C) [ 2580.035174][ T4669] __dump_stack+0x30/0x40 [ 2580.035398][ T4669] dump_stack_lvl+0xd8/0x12c [ 2580.035599][ T4669] dump_stack+0x1c/0x28 [ 2580.035794][ T4669] should_fail_ex+0x570/0x6e0 [ 2580.036030][ T4669] should_failslab+0xb8/0xec [ 2580.036255][ T4669] __kmalloc_noprof+0xdc/0x4b8 [ 2580.036561][ T4669] tomoyo_realpath_from_path+0xdc/0x628 [ 2580.036865][ T4669] tomoyo_path_number_perm+0x13c/0x33c [ 2580.037123][ T4669] tomoyo_file_ioctl+0x2c/0x3c [ 2580.037421][ T4669] security_file_ioctl+0xe8/0x2f0 [ 2580.037722][ T4669] __arm64_sys_ioctl+0xd0/0x244 [ 2580.037952][ T4669] invoke_syscall+0x90/0x2b4 [ 2580.038254][ T4669] el0_svc_common+0x180/0x2f4 [ 2580.038552][ T4669] do_el0_svc+0x58/0x74 [ 2580.038826][ T4669] el0_svc+0x58/0x160 [ 2580.039101][ T4669] el0t_64_sync_handler+0x78/0x108 [ 2580.039370][ T4669] el0t_64_sync+0x198/0x19c [ 2580.144034][ T4669] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2603.004191][ T4693] FAULT_INJECTION: forcing a failure. [ 2603.004191][ T4693] name failslab, interval 1, probability 0, space 0, times 0 [ 2603.030803][ T4693] CPU: 0 UID: 0 PID: 4693 Comm: syz.1.360 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2603.031176][ T4693] Hardware name: linux,dummy-virt (DT) [ 2603.031296][ T4693] Call trace: [ 2603.031379][ T4693] show_stack+0x2c/0x3c (C) [ 2603.031753][ T4693] __dump_stack+0x30/0x40 [ 2603.031962][ T4693] dump_stack_lvl+0xd8/0x12c [ 2603.032168][ T4693] dump_stack+0x1c/0x28 [ 2603.032369][ T4693] should_fail_ex+0x570/0x6e0 [ 2603.032628][ T4693] should_failslab+0xb8/0xec [ 2603.032843][ T4693] __kmalloc_noprof+0xdc/0x4b8 [ 2603.033130][ T4693] tomoyo_encode+0x27c/0x4ec [ 2603.033411][ T4693] tomoyo_realpath_from_path+0x5bc/0x628 [ 2603.033704][ T4693] tomoyo_path_number_perm+0x13c/0x33c [ 2603.033954][ T4693] tomoyo_file_ioctl+0x2c/0x3c [ 2603.034239][ T4693] security_file_ioctl+0xe8/0x2f0 [ 2603.034538][ T4693] __arm64_sys_ioctl+0xd0/0x244 [ 2603.034764][ T4693] invoke_syscall+0x90/0x2b4 [ 2603.035061][ T4693] el0_svc_common+0x180/0x2f4 [ 2603.035352][ T4693] do_el0_svc+0x58/0x74 [ 2603.035641][ T4693] el0_svc+0x58/0x160 [ 2603.035878][ T4693] el0t_64_sync_handler+0x78/0x108 [ 2603.036113][ T4693] el0t_64_sync+0x198/0x19c [ 2603.143871][ T4693] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2673.026771][ T4733] kvm [4733]: Failed to find VMA for hva 0x20c01000 [ 3001.530935][ T4963] FAULT_INJECTION: forcing a failure. [ 3001.530935][ T4963] name failslab, interval 1, probability 0, space 0, times 0 [ 3001.580231][ T4963] CPU: 0 UID: 0 PID: 4963 Comm: syz.1.443 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3001.580653][ T4963] Hardware name: linux,dummy-virt (DT) [ 3001.580767][ T4963] Call trace: [ 3001.580850][ T4963] show_stack+0x2c/0x3c (C) [ 3001.581218][ T4963] __dump_stack+0x30/0x40 [ 3001.581425][ T4963] dump_stack_lvl+0xd8/0x12c [ 3001.581619][ T4963] dump_stack+0x1c/0x28 [ 3001.581822][ T4963] should_fail_ex+0x570/0x6e0 [ 3001.582057][ T4963] should_failslab+0xb8/0xec [ 3001.582286][ T4963] __kmalloc_noprof+0xdc/0x4b8 [ 3001.582585][ T4963] tomoyo_realpath_from_path+0xdc/0x628 [ 3001.582863][ T4963] tomoyo_path_number_perm+0x13c/0x33c [ 3001.583158][ T4963] tomoyo_file_ioctl+0x2c/0x3c [ 3001.583461][ T4963] security_file_ioctl+0xe8/0x2f0 [ 3001.583755][ T4963] __arm64_sys_ioctl+0xd0/0x244 [ 3001.583982][ T4963] invoke_syscall+0x90/0x2b4 [ 3001.584273][ T4963] el0_svc_common+0x180/0x2f4 [ 3001.584560][ T4963] do_el0_svc+0x58/0x74 [ 3001.584830][ T4963] el0_svc+0x58/0x160 [ 3001.585059][ T4963] el0t_64_sync_handler+0x78/0x108 [ 3001.585309][ T4963] el0t_64_sync+0x198/0x19c [ 3001.730097][ T4963] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3435.819794][ T5231] kvm [5231]: Failed to find VMA for hva 0x20d8d000 [ 3435.930946][ T5234] kvm [5234]: Failed to find VMA for hva 0x20d8d000 [ 3619.820928][ T5350] irq bypass consumer (token 000000007618e6fe) registration fails: -16 [ 3808.166016][ T5469] kvm [5469]: Failed to find VMA for hva 0x20d8d000 [ 3823.915069][ T5477] irq bypass consumer (token 000000002c1e961f) registration fails: -16 [ 3870.737425][ T25] audit: type=1400 audit(3869.870:106): avc: denied { execute } for pid=5507 comm="syz.0.607" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 3871.181726][ T25] audit: type=1400 audit(3870.300:107): avc: denied { map } for pid=5507 comm="syz.0.607" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 3911.599497][ T5530] KVM: debugfs: duplicate directory 5530-11 [ 4156.406041][ T5705] kvm [5705]: Failed to find VMA for hva 0x208a1000 [ 4285.430794][ T5798] kvm [5798]: Failed to find VMA for hva 0x208a1000 [ 4745.308592][ T6100] kvm [6100]: Failed to find VMA for hva 0x21016000 [ 4835.899064][ T6167] debugfs: File 'vgic-its-state@8080000' in directory '6167-12' already present! [ 4875.056298][ T6197] KVM: debugfs: duplicate directory 6197-5 [ 4922.707612][ T6234] kvm [6234]: Failed to find VMA for hva 0x21016000 [ 4994.980865][ T6293] FAULT_INJECTION: forcing a failure. [ 4994.980865][ T6293] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 4995.038390][ T6293] CPU: 0 UID: 0 PID: 6293 Comm: syz.1.833 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 4995.038750][ T6293] Hardware name: linux,dummy-virt (DT) [ 4995.038861][ T6293] Call trace: [ 4995.038945][ T6293] show_stack+0x2c/0x3c (C) [ 4995.039340][ T6293] __dump_stack+0x30/0x40 [ 4995.039543][ T6293] dump_stack_lvl+0xd8/0x12c [ 4995.039750][ T6293] dump_stack+0x1c/0x28 [ 4995.039958][ T6293] should_fail_ex+0x570/0x6e0 [ 4995.040206][ T6293] should_fail_alloc_page+0xd4/0xd8 [ 4995.040428][ T6293] prepare_alloc_pages+0x20c/0x5e0 [ 4995.040638][ T6293] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 4995.040862][ T6293] alloc_pages_mpol+0x204/0x4c8 [ 4995.041151][ T6293] alloc_pages_noprof+0x104/0x2ec [ 4995.041432][ T6293] get_free_pages_noprof+0x1c/0xc4 [ 4995.041643][ T6293] __kvm_mmu_topup_memory_cache+0x328/0x6d8 [ 4995.041979][ T6293] kvm_mmu_topup_memory_cache+0x2c/0x3c [ 4995.042194][ T6293] kvm_handle_guest_abort+0x1468/0x2f34 [ 4995.042472][ T6293] handle_exit+0x21c/0x3dc [ 4995.042673][ T6293] kvm_arch_vcpu_ioctl_run+0x11f8/0x2610 [ 4995.042922][ T6293] kvm_vcpu_ioctl+0x7dc/0xc2c [ 4995.043218][ T6293] __arm64_sys_ioctl+0x18c/0x244 [ 4995.043452][ T6293] invoke_syscall+0x90/0x2b4 [ 4995.043738][ T6293] el0_svc_common+0x180/0x2f4 [ 4995.044017][ T6293] do_el0_svc+0x58/0x74 [ 4995.044299][ T6293] el0_svc+0x58/0x160 [ 4995.044532][ T6293] el0t_64_sync_handler+0x78/0x108 [ 4995.044779][ T6293] el0t_64_sync+0x198/0x19c [ 5202.598855][ T6417] kvm [6417]: Failed to find VMA for hva 0x21016000 [ 5482.838750][ T6603] kvm [6603]: Failed to find VMA for hva 0x20d8a000 [ 6197.385979][ T7080] kvm [7080]: Failed to find VMA for hva 0x208a1000 [ 6432.266517][ T25] audit: type=1400 audit(6431.410:108): avc: denied { execute } for pid=7240 comm="syz.1.1116" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 6448.320853][ T7250] kvm [7250]: Failed to find VMA for hva 0x20c01000 [ 6476.230320][ T7277] kvm [7277]: Failed to find VMA for hva 0x21016000 [ 6701.989110][ T7428] kvm [7428]: Failed to find VMA for hva 0x2087a000 [ 6750.087062][ T7452] kvm [7452]: Failed to find VMA for hva 0x20c01000 [ 6836.801534][ T6746] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6838.308209][ T6746] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6839.961047][ T6746] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6841.398047][ T6746] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6864.026200][ T6746] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6864.376487][ T6746] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6864.531591][ T6746] bond0 (unregistering): Released all slaves [ 6866.871236][ T6746] hsr_slave_0: left promiscuous mode [ 6866.949534][ T6746] hsr_slave_1: left promiscuous mode [ 6867.649722][ T6746] veth1_macvtap: left promiscuous mode [ 6867.667190][ T6746] veth0_macvtap: left promiscuous mode [ 6867.686190][ T6746] veth1_vlan: left promiscuous mode [ 6867.737279][ T6746] veth0_vlan: left promiscuous mode [ 6938.636417][ T7513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6938.939127][ T7513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6970.491415][ T7513] hsr_slave_0: entered promiscuous mode [ 6970.569282][ T7513] hsr_slave_1: entered promiscuous mode [ 6970.644547][ T7513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 6970.648337][ T7513] Cannot create hsr debugfs directory [ 6994.728696][ T7513] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6995.126073][ T7513] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6995.470977][ T7513] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6995.798120][ T7513] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7020.725359][ T7513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7122.745356][ T7513] veth0_vlan: entered promiscuous mode [ 7123.377433][ T7513] veth1_vlan: entered promiscuous mode [ 7126.366824][ T7513] veth0_macvtap: entered promiscuous mode [ 7127.127394][ T7513] veth1_macvtap: entered promiscuous mode [ 7129.846595][ T7513] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7129.876637][ T7513] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7129.888547][ T7513] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7129.904097][ T7513] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7169.588188][ T5655] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7171.429491][ T5655] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7172.726517][ T5655] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7174.151619][ T5655] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7190.805439][ T5655] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7190.969699][ T5655] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7191.099740][ T5655] bond0 (unregistering): Released all slaves [ 7193.210816][ T5655] hsr_slave_0: left promiscuous mode [ 7193.557032][ T5655] hsr_slave_1: left promiscuous mode [ 7194.583436][ T5655] veth1_macvtap: left promiscuous mode [ 7194.585093][ T5655] veth0_macvtap: left promiscuous mode [ 7194.635450][ T5655] veth1_vlan: left promiscuous mode [ 7194.676455][ T5655] veth0_vlan: left promiscuous mode [ 7274.498406][ T7767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7274.820076][ T7767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7303.849016][ T7767] hsr_slave_0: entered promiscuous mode [ 7303.907119][ T7767] hsr_slave_1: entered promiscuous mode [ 7328.838619][ T7767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7329.320011][ T7767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7329.671711][ T7767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7330.237730][ T7767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7357.580247][ T7767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7455.686469][ T7767] veth0_vlan: entered promiscuous mode [ 7456.455465][ T7767] veth1_vlan: entered promiscuous mode [ 7459.888306][ T7767] veth0_macvtap: entered promiscuous mode [ 7460.420154][ T7767] veth1_macvtap: entered promiscuous mode [ 7463.100094][ T7767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7463.145216][ T7767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7463.165352][ T7767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7463.175703][ T7767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7717.477853][ T8162] kvm [8162]: Failed to find VMA for hva 0x20d8d000 [ 7857.545756][ T8254] kvm [8254]: Failed to find VMA for hva 0x20c01000 [ 8047.013401][ T25] audit: type=1400 audit(8046.150:109): avc: denied { map } for pid=8384 comm="syz.1.1365" path="pipe:[80317]" dev="pipefs" ino=80317 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 8136.547955][ T8447] kvm [8447]: Failed to find VMA for hva 0x20d8a000 [ 8318.053696][ T8567] kvm [8567]: Failed to find VMA for hva 0x20d8d000 [ 8392.465014][ T8623] kvm [8623]: Failed to find VMA for hva 0x20c01000 [ 8394.639413][ T8625] kvm [8625]: Failed to find VMA for hva 0x20bfe000 [ 8462.256932][ T8665] kvm [8665]: Failed to find VMA for hva 0x20c01000 [ 9053.665242][ T9079] kvm [9079]: Failed to find VMA for hva 0x2101a000 [ 9085.650079][ T9100] kvm [9100]: Failed to find VMA for hva 0x20d8d000 [ 9478.366815][ T9338] kvm [9338]: Failed to find VMA for hva 0x20c01000 [ 9595.396177][ T9413] kvm [9413]: Failed to find VMA for hva 0x20c01000 [ 9906.205259][ T9630] kvm [9630]: Failed to find VMA for hva 0x20d8d000 [10243.468989][ T9846] debugfs: File 'vgic-its-state@8080000' in directory '9846-4' already present! [10245.841266][ T9846] kvm [9846]: Failed to find VMA for hva 0x20c01000 [10269.978727][ T9866] kvm [9866]: Failed to find VMA for hva 0x20c01000 [10414.574497][ T9964] kvm [9964]: Failed to find VMA for hva 0x20d8d000 [10472.879863][ T9988] kvm [9988]: Failed to find VMA for hva 0x20d8d000 [10673.130748][T10082] kvm [10082]: Failed to find VMA for hva 0x20d8d000 [10673.147975][T10084] kvm [10084]: Failed to find VMA for hva 0x20d8d000 [11122.292335][T10295] ------------[ cut here ]------------ [11122.293213][T10295] WARNING: CPU: 0 PID: 10295 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [11122.295506][T10295] Modules linked in: [11122.297414][T10295] CPU: 0 UID: 0 PID: 10295 Comm: syz.1.1968 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [11122.298746][T10295] Hardware name: linux,dummy-virt (DT) [11122.299853][T10295] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [11122.301050][T10295] pc : pend_sync_exception+0x198/0x5ac [11122.301986][T10295] lr : pend_sync_exception+0x198/0x5ac [11122.302931][T10295] sp : ffff80008ea078c0 [11122.303760][T10295] x29: ffff80008ea078c0 x28: 000000000000000f x27: 0ff000001d703da8 [11122.305531][T10295] x26: 000000000000000f x25: 0000000000000000 x24: 0000000000000000 [11122.307015][T10295] x23: 0000000000000000 x22: 000000000000000f x21: 0ff000001d704981 [11122.308567][T10295] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [11122.310107][T10295] x17: 000000000000005e x16: ffff800080011d9c x15: 0000000020000880 [11122.311634][T10295] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000041 [11122.313153][T10295] x11: 41f000001d595064 x10: 0000000000ff0100 x9 : 0000000000000000 [11122.314821][T10295] x8 : 41f000001d593b00 x7 : ffff800080b08704 x6 : ffff80008ea07a88 [11122.316396][T10295] x5 : ffff80008ea07a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [11122.317893][T10295] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [11122.319559][T10295] Call trace: [11122.320389][T10295] pend_sync_exception+0x198/0x5ac (P) [11122.321386][T10295] __kvm_inject_sea+0x268/0x96c [11122.322360][T10295] kvm_inject_sea+0x98/0x72c [11122.323342][T10295] __kvm_arm_vcpu_set_events+0x134/0x238 [11122.324298][T10295] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [11122.325259][T10295] kvm_vcpu_ioctl+0x5c4/0xc2c [11122.326158][T10295] __arm64_sys_ioctl+0x18c/0x244 [11122.327040][T10295] invoke_syscall+0x90/0x2b4 [11122.328002][T10295] el0_svc_common+0x180/0x2f4 [11122.328968][T10295] do_el0_svc+0x58/0x74 [11122.329894][T10295] el0_svc+0x58/0x160 [11122.330799][T10295] el0t_64_sync_handler+0x78/0x108 [11122.331776][T10295] el0t_64_sync+0x198/0x19c [11122.332819][T10295] irq event stamp: 110 [11122.333582][T10295] hardirqs last enabled at (109): [] _raw_read_unlock_irqrestore+0x44/0xbc [11122.334851][T10295] hardirqs last disabled at (110): [] el1_dbg+0x24/0x80 [11122.336097][T10295] softirqs last enabled at (76): [] local_bh_enable+0x10/0x34 [11122.337322][T10295] softirqs last disabled at (74): [] local_bh_disable+0x10/0x34 [11122.338626][T10295] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [11123.167849][T10295] ------------[ cut here ]------------ [11123.168421][T10295] WARNING: CPU: 0 PID: 10295 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [11123.170453][T10295] Modules linked in: [11123.172215][T10295] CPU: 0 UID: 0 PID: 10295 Comm: syz.1.1968 Tainted: G W 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [11123.173730][T10295] Tainted: [W]=WARN [11123.174536][T10295] Hardware name: linux,dummy-virt (DT) [11123.175479][T10295] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [11123.176528][T10295] pc : pend_sync_exception+0x198/0x5ac [11123.177402][T10295] lr : pend_sync_exception+0x198/0x5ac [11123.178299][T10295] sp : ffff80008ea078c0 [11123.179100][T10295] x29: ffff80008ea078c0 x28: 000000000000000f x27: 0ff000001d703da8 [11123.180717][T10295] x26: 000000000000000f x25: 0000000000000000 x24: 0000000000000000 [11123.182333][T10295] x23: 0000000000000000 x22: 000000000000000f x21: 0ff000001d704981 [11123.183967][T10295] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [11123.185583][T10295] x17: 000000000000005e x16: ffff800080011d9c x15: 0000000020000880 [11123.187202][T10295] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000041 [11123.188745][T10295] x11: 41f000001d595064 x10: 0000000000ff0100 x9 : 0000000000000000 [11123.190327][T10295] x8 : 41f000001d593b00 x7 : ffff800080b08704 x6 : ffff80008ea07a88 [11123.191965][T10295] x5 : ffff80008ea07a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [11123.193534][T10295] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [11123.195161][T10295] Call trace: [11123.195851][T10295] pend_sync_exception+0x198/0x5ac (P) [11123.196854][T10295] __kvm_inject_sea+0x268/0x96c [11123.197867][T10295] kvm_inject_sea+0x98/0x72c [11123.198813][T10295] __kvm_arm_vcpu_set_events+0x134/0x238 [11123.199858][T10295] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [11123.200829][T10295] kvm_vcpu_ioctl+0x5c4/0xc2c [11123.201802][T10295] __arm64_sys_ioctl+0x18c/0x244 [11123.202779][T10295] invoke_syscall+0x90/0x2b4 [11123.203779][T10295] el0_svc_common+0x180/0x2f4 [11123.204791][T10295] do_el0_svc+0x58/0x74 [11123.205756][T10295] el0_svc+0x58/0x160 [11123.206634][T10295] el0t_64_sync_handler+0x78/0x108 [11123.207641][T10295] el0t_64_sync+0x198/0x19c [11123.208568][T10295] irq event stamp: 188 [11123.209329][T10295] hardirqs last enabled at (187): [] _raw_read_unlock_irqrestore+0x44/0xbc [11123.210616][T10295] hardirqs last disabled at (188): [] el1_dbg+0x24/0x80 [11123.211797][T10295] softirqs last enabled at (166): [] local_bh_enable+0x10/0x34 [11123.213049][T10295] softirqs last disabled at (164): [] local_bh_disable+0x10/0x34 [11123.214259][T10295] ---[ end trace 0000000000000000 ]--- [11124.335205][T10295] ------------[ cut here ]------------ [11124.335791][T10295] WARNING: CPU: 0 PID: 10295 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [11124.337787][T10295] Modules linked in: [11124.338934][T10295] CPU: 0 UID: 0 PID: 10295 Comm: syz.1.1968 Tainted: G W 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [11124.340323][T10295] Tainted: [W]=WARN [11124.341091][T10295] Hardware name: linux,dummy-virt (DT) [11124.341986][T10295] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [11124.343166][T10295] pc : pend_sync_exception+0x198/0x5ac [11124.344162][T10295] lr : pend_sync_exception+0x198/0x5ac [11124.345119][T10295] sp : ffff80008ea078c0 [11124.345931][T10295] x29: ffff80008ea078c0 x28: 000000000000000f x27: 0ff000001d703da8 [11124.347554][T10295] x26: 000000000000000f x25: 0000000000000000 x24: 0000000000000000 [11124.349205][T10295] x23: 0000000000000000 x22: 000000000000000f x21: 0ff000001d704981 [11124.350771][T10295] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [11124.352476][T10295] x17: 000000000000005e x16: ffff800080011d9c x15: 0000000020000880 [11124.354098][T10295] x14: ffffffffffffffff x13: 0000000000000028 x12: 0000000000000041 [11124.355726][T10295] x11: 41f000001d595064 x10: 0000000000ff0100 x9 : 0000000000000000 [11124.357336][T10295] x8 : 41f000001d593b00 x7 : ffff800080b08704 x6 : ffff80008ea07a88 [11124.358937][T10295] x5 : ffff80008ea07a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [11124.360529][T10295] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [11124.362172][T10295] Call trace: [11124.362902][T10295] pend_sync_exception+0x198/0x5ac (P) [11124.363943][T10295] __kvm_inject_sea+0x268/0x96c [11124.365031][T10295] kvm_inject_sea+0x98/0x72c [11124.366040][T10295] __kvm_arm_vcpu_set_events+0x134/0x238 [11124.367114][T10295] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [11124.368211][T10295] kvm_vcpu_ioctl+0x5c4/0xc2c [11124.369198][T10295] __arm64_sys_ioctl+0x18c/0x244 [11124.370203][T10295] invoke_syscall+0x90/0x2b4 [11124.371245][T10295] el0_svc_common+0x180/0x2f4 [11124.372330][T10295] do_el0_svc+0x58/0x74 [11124.373316][T10295] el0_svc+0x58/0x160 [11124.374284][T10295] el0t_64_sync_handler+0x78/0x108 [11124.375278][T10295] el0t_64_sync+0x198/0x19c [11124.376211][T10295] irq event stamp: 264 [11124.376994][T10295] hardirqs last enabled at (263): [] _raw_read_unlock_irqrestore+0x44/0xbc [11124.378324][T10295] hardirqs last disabled at (264): [] el1_dbg+0x24/0x80 [11124.379462][T10295] softirqs last enabled at (246): [] local_bh_enable+0x10/0x34 [11124.380669][T10295] softirqs last disabled at (244): [] local_bh_disable+0x10/0x34 [11124.381879][T10295] ---[ end trace 0000000000000000 ]--- [11138.257510][T10089] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [11139.009256][T10089] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [11139.355630][T10089] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [11139.736187][T10089] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [11147.514625][T10089] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [11147.657301][T10089] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [11147.768595][T10089] bond0 (unregistering): Released all slaves [11148.541120][T10089] hsr_slave_0: left promiscuous mode [11148.589218][T10089] hsr_slave_1: left promiscuous mode [11148.890683][T10089] veth1_macvtap: left promiscuous mode [11148.905878][T10089] veth0_macvtap: left promiscuous mode [11148.920010][T10089] veth1_vlan: left promiscuous mode [11148.937081][T10089] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 15:21:22 Registers: info registers vcpu 0 CPU#0 PC=ffff800080452f74 X00=0000000000000001 X01=41f000001d594630 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008ea06f10 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047dbdc X08=ffff800088141000 X09=0000000100000000 X10=ffff8000876c0000 X11=0000000000000001 X12=0000000000000044 X13=000000000000006c X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c X17=000000000000005e X18=0000000000000000 X19=41f000001d593b00 X20=41f000001d594658 X21=ffff8000872b1fa2 X22=ffff8000877e6618 X23=0000000000000000 X24=0000000000000001 X25=0000000000000000 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff80008ea070d0 X30=ffff800080451698 SP=ffff80008ea07080 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffcc8d6d90:c80a734bcd7a5300 Z02=0000ffffcc8d6d70:ffffff80ffffffd8 Z03=0000ffffcc8d6e20:0000ffffcc8d6e20 Z04=0000ffffcc8d6e20:0000ffffab536d08 Z05=0000ffffcc8d6df0:0000ffffcc8d6e20 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffcc8d7040:0000ffffcc8d7040 Z17=ffffff80ffffffd0:0000ffffcc8d7010 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000