last executing test programs: 1m10.708944238s ago: executing program 0 (id=1159): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x89, 0x2}}, @irq_setup={0x46, 0x18, {0x2, 0x2000db}}, @hvc={0x32, 0x40, {0xc5000020, [0x3, 0x10, 0xf, 0x7, 0x9]}}, @uexit={0x0, 0x18, 0x9}, @memwrite={0x6e, 0x30, @generic={0xdddd0000, 0x7ea, 0x5, 0xd}}], 0xd0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x100000, 0x1, 0x1}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x109901, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xbb) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x8) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_sve_vls={0x606000000015ffff, 0x0}) r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000080)={0x2, 0x3}) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000100)=@arm64_ccsidr={0x602000000011000a, &(0x7f0000000040)=0x3}) ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000000)=@x86={0x8, 0x6, 0xc0, 0x0, 0x1, 0x0, 0x9, 0x7f, 0x5, 0x9, 0xa, 0x8, 0x0, 0x4, 0x8, 0x6, 0x4, 0x6, 0x8, '\x00', 0xf8, 0x1ff}) 56.996536716s ago: executing program 0 (id=1162): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000580)=[{0x0, &(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000780)={0x0, &(0x7f0000000680)=[@code={0xa, 0x84, {"00fc209b000008d5e0888dd20060b8f2c10080d2620080d2a30180d2440080d2020000d4000000130000002b000008d50084202ea0a483d20000b8f2010080d2020080d2630180d2040180d2020000d4004d8fd200c0b0f2e10080d2e20080d2030180d2040180d2020000d4007008d5"}}], 0x84}, &(0x7f00000007c0)=[@featur2={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 42.56987309s ago: executing program 0 (id=1165): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000000000001000000000010000002"]) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000100)={0x1, 0x1ffc01, 0x400, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x10001, 0x0, 0x8000000, 0x1000, &(0x7f0000007000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000380)={0x10200, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) 37.693622663s ago: executing program 1 (id=1166): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x88) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000180)=@arm64_fw={0x6030000000140002}) 30.689715457s ago: executing program 1 (id=1167): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000001100000000000000aa00000000000000280000000000000009", @ANYRES64=r2], 0x50}, 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4) mmap$KVM_VCPU(&(0x7f00006b5000/0x2000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x300000f, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async) close(r10) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) close(r10) (async) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521c180c7f93448c9114707cd24b7eebb20700", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0) 27.678456244s ago: executing program 0 (id=1168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000c8e000/0x2000)=nil, r1, 0x1000006, 0x1010, r2, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x65a480, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xef) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) r9 = eventfd2(0x0, 0x0) close(r9) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) write$eventfd(r9, &(0x7f0000000000), 0xfffffe1e) close(r3) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) syz_kvm_vgic_v3_setup(r3, 0x4, 0x100) 20.15585659s ago: executing program 1 (id=1169): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x1, 0x1) openat$kvm(0x0, &(0x7f0000000080), 0x20200, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000000c0)={r2, 0x4, 0x0, r2}) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000300000002"]) r5 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r5, &(0x7f0000000200)=0x8, 0x8) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000040)={r2, 0x3, 0x2, r2}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x8, 0x0, 0x0, 0xffffffffffffffff, 0x20}) 13.635902233s ago: executing program 0 (id=1170): openat$kvm(0x0, &(0x7f0000000040), 0x4080, 0x0) mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x8, 0x401}) 13.488935654s ago: executing program 1 (id=1171): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x20010, 0xffffffffffffffff, 0x1000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x49e840, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x1000006, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000c85000/0x1000)=nil, 0x1000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000cd6000/0x1000)=nil, 0x1000) munmap(&(0x7f0000dff000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x180000d, 0x5c1fd1b6565d2f1, r3, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4208ae9b, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x5452, &(0x7f00000000c0)={0xf, 0xeeee0000, 0x8, 0xffffffffffffffff, 0xc}) 7.096942158s ago: executing program 1 (id=1172): r0 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000040)={0xb, 0x8001}) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000080)={0x2, 0x0, 0x6000, 0x2000, &(0x7f000000c000/0x2000)=nil, 0x3, r3}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7) r4 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x40, &(0x7f0000000080)=0x800}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) 3.141745276s ago: executing program 1 (id=1173): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0x4b47, 0xfffffffffffffffe) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xb701, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xb704, 0x20000002) openat$kvm(0xffffffffffffff9c, 0x0, 0x8100, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8100, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f00000000c0)=@arm64_sys={0x603000000013df12, &(0x7f0000000100)=0x80}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async) r10 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) (async) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) 0s ago: executing program 0 (id=1174): munmap(&(0x7f000049b000/0x400000)=nil, 0x400000) munmap(&(0x7f000065b000/0x1000)=nil, 0x1000) kernel console output (not intermixed with test programs): [ 383.482664][ T3131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.639743][ T3131] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:1869' (ED25519) to the list of known hosts. [ 599.403075][ T25] audit: type=1400 audit(598.530:61): avc: denied { name_bind } for pid=3286 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 600.409147][ T25] audit: type=1400 audit(599.540:62): avc: denied { execute } for pid=3287 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 600.434634][ T25] audit: type=1400 audit(599.550:63): avc: denied { execute_no_trans } for pid=3287 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 621.111521][ T25] audit: type=1400 audit(620.240:64): avc: denied { mounton } for pid=3287 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 621.144747][ T25] audit: type=1400 audit(620.270:65): avc: denied { mount } for pid=3287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 621.228588][ T3287] cgroup: Unknown subsys name 'net' [ 621.278425][ T25] audit: type=1400 audit(620.400:66): avc: denied { unmount } for pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 621.863338][ T3287] cgroup: Unknown subsys name 'cpuset' [ 622.052922][ T3287] cgroup: Unknown subsys name 'rlimit' [ 623.030796][ T25] audit: type=1400 audit(622.160:67): avc: denied { setattr } for pid=3287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 623.051307][ T25] audit: type=1400 audit(622.170:68): avc: denied { mounton } for pid=3287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 623.079667][ T25] audit: type=1400 audit(622.200:69): avc: denied { mount } for pid=3287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 624.245021][ T3290] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 624.269535][ T25] audit: type=1400 audit(623.390:70): avc: denied { relabelto } for pid=3290 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.290613][ T25] audit: type=1400 audit(623.410:71): avc: denied { write } for pid=3290 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 624.472773][ T25] audit: type=1400 audit(623.600:72): avc: denied { read } for pid=3287 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.499329][ T25] audit: type=1400 audit(623.620:73): avc: denied { open } for pid=3287 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 624.535182][ T3287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 672.649578][ T25] audit: type=1400 audit(671.740:74): avc: denied { execmem } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 676.277914][ T25] audit: type=1400 audit(675.400:75): avc: denied { read } for pid=3293 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 676.319953][ T25] audit: type=1400 audit(675.430:76): avc: denied { open } for pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 676.389452][ T25] audit: type=1400 audit(675.510:77): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 676.640306][ T25] audit: type=1400 audit(675.770:78): avc: denied { module_request } for pid=3293 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 677.791515][ T25] audit: type=1400 audit(676.910:79): avc: denied { sys_module } for pid=3293 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 705.402862][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 705.603693][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 707.984930][ T3293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.238547][ T3293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.037873][ T3294] hsr_slave_0: entered promiscuous mode [ 720.104243][ T3294] hsr_slave_1: entered promiscuous mode [ 721.792383][ T3293] hsr_slave_0: entered promiscuous mode [ 721.821915][ T3293] hsr_slave_1: entered promiscuous mode [ 721.834128][ T3293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.849797][ T3293] Cannot create hsr debugfs directory [ 726.889866][ T25] audit: type=1400 audit(726.020:80): avc: denied { create } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 726.911605][ T25] audit: type=1400 audit(726.030:81): avc: denied { write } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 726.977720][ T25] audit: type=1400 audit(726.100:82): avc: denied { read } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 727.168368][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 727.601524][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 727.831853][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 728.025079][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 729.813502][ T3293] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 730.059200][ T3293] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 730.290002][ T3293] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 730.510424][ T3293] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 742.578214][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.432097][ T3293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 801.701089][ T3294] veth0_vlan: entered promiscuous mode [ 802.142008][ T3294] veth1_vlan: entered promiscuous mode [ 803.886193][ T3294] veth0_macvtap: entered promiscuous mode [ 804.204819][ T3294] veth1_macvtap: entered promiscuous mode [ 805.317903][ T3293] veth0_vlan: entered promiscuous mode [ 806.158571][ T3293] veth1_vlan: entered promiscuous mode [ 806.595163][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.611554][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.624696][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.634504][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.089113][ T25] audit: type=1400 audit(808.210:83): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 809.191131][ T3293] veth0_macvtap: entered promiscuous mode [ 809.261325][ T25] audit: type=1400 audit(808.370:84): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.kdJ8dr/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 809.449733][ T25] audit: type=1400 audit(808.570:85): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 809.494780][ T3293] veth1_macvtap: entered promiscuous mode [ 809.805170][ T25] audit: type=1400 audit(808.930:86): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.kdJ8dr/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 809.981869][ T25] audit: type=1400 audit(809.080:87): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.kdJ8dr/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 810.460838][ T25] audit: type=1400 audit(809.570:88): avc: denied { unmount } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 810.744344][ T25] audit: type=1400 audit(809.860:89): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 810.832137][ T25] audit: type=1400 audit(809.960:90): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3240 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 811.198373][ T25] audit: type=1400 audit(810.320:91): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 811.322196][ T25] audit: type=1400 audit(810.430:92): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 811.420300][ T3293] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.424601][ T3293] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.448563][ T3293] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.460181][ T3293] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.230359][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 814.487889][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 814.517639][ T25] audit: type=1400 audit(813.610:94): avc: denied { read write } for pid=3294 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 814.533942][ T25] audit: type=1400 audit(813.630:95): avc: denied { open } for pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 814.591932][ T25] audit: type=1400 audit(813.690:96): avc: denied { ioctl } for pid=3294 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 817.908624][ T25] audit: type=1400 audit(816.980:97): avc: denied { read } for pid=3445 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.959174][ T25] audit: type=1400 audit(817.030:98): avc: denied { open } for pid=3445 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 818.790987][ T25] audit: type=1400 audit(817.840:99): avc: denied { ioctl } for pid=3445 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 821.945093][ T25] audit: type=1400 audit(821.070:100): avc: denied { write } for pid=3447 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 887.970143][ T25] audit: type=1400 audit(887.100:101): avc: denied { append } for pid=3496 comm="syz.1.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 900.366980][ T25] audit: type=1400 audit(899.480:102): avc: denied { setattr } for pid=3502 comm="syz.1.17" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 914.497144][ T25] audit: type=1400 audit(913.450:103): avc: denied { execute } for pid=3505 comm="syz.0.18" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4279 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 914.772489][ T3506] kvm [3506]: Failed to find VMA for hva 0x20d8d000 [ 997.582822][ T3570] kvm [3570]: Failed to find VMA for hva 0x20c01000 [ 1322.008984][ T25] audit: type=1400 audit(1321.130:104): avc: denied { ioctl } for pid=3727 comm="syz.1.99" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1344.518462][ T3741] debugfs: File 'vgic-its-state@0' in directory '3740-5' already present! [ 1396.218156][ T3763] kvm [3763]: Failed to find VMA for hva 0x20d8d000 [ 1930.101445][ T4026] kvm [4026]: Failed to find VMA for hva 0x20c01000 [ 1951.738796][ T4034] KVM: debugfs: duplicate directory 4034-9 [ 1951.994178][ T4034] KVM: debugfs: duplicate directory 4034-9 [ 2022.624288][ T4075] kvm [4075]: Failed to find VMA for hva 0x20c01000 [ 2129.631238][ T25] audit: type=1400 audit(2128.750:105): avc: denied { map } for pid=4131 comm="syz.1.259" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2324.322925][ T4239] kvm [4239]: Failed to find VMA for hva 0x21016000 [ 3121.497901][ T4625] kvm [4625]: Failed to find VMA for hva 0x20d8d000 [ 3121.590531][ T4626] kvm [4626]: Failed to find VMA for hva 0x20d8d000 [ 3150.922415][ T4637] irq bypass consumer (token 00000000382c849f) registration fails: -16 [ 3180.240652][ T25] audit: type=1400 audit(3179.370:106): avc: denied { map } for pid=4653 comm="syz.1.466" path="pipe:[2401]" dev="pipefs" ino=2401 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3367.387896][ T4735] kvm [4735]: Failed to find VMA for hva 0x20c01000 [ 3627.072274][ T4874] kvm [4874]: Failed to find VMA for hva 0x21016000 [ 3671.512416][ T4893] kvm [4893]: Failed to find VMA for hva 0x20c01000 [ 4063.237896][ T5065] debugfs: File 'vgic-its-state@8080000' in directory '5066-18' already present! [ 4174.897795][ T5119] kvm [5119]: Failed to find VMA for hva 0x20d8d000 [ 4174.912432][ T5118] kvm [5118]: Failed to find VMA for hva 0x20d8d000 [ 4391.719142][ T5220] irq bypass consumer (token 00000000e0ab62cb) registration fails: -16 [ 4599.453049][ T5327] kvm [5327]: Failed to find VMA for hva 0x20d8d000 [ 4787.433487][ T5417] kvm [5417]: Failed to find VMA for hva 0x20c00000 [ 5177.090641][ T5611] kvm [5611]: Failed to find VMA for hva 0x20d8d000 [ 5230.398527][ T5642] kvm [5642]: Failed to find VMA for hva 0x20c01000 [ 5423.441089][ T5746] kvm [5746]: Failed to find VMA for hva 0x20c01000 [ 5506.033621][ T5788] kvm [5788]: Failed to find VMA for hva 0x20c01000 [ 5660.974509][ T25] audit: type=1400 audit(5660.100:107): avc: denied { execute } for pid=5866 comm="syz.1.939" path=2F3539312F10FBFF67525673312B0104 dev="tmpfs" ino=2993 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 5747.864493][ T5368] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5748.905190][ T5368] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5749.814152][ T5368] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5750.938276][ T5368] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5768.764469][ T5368] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5768.972976][ T5368] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5769.148845][ T5368] bond0 (unregistering): Released all slaves [ 5771.693432][ T5368] hsr_slave_0: left promiscuous mode [ 5771.910504][ T5368] hsr_slave_1: left promiscuous mode [ 5772.600916][ T5368] veth1_macvtap: left promiscuous mode [ 5772.637957][ T5368] veth0_macvtap: left promiscuous mode [ 5772.671829][ T5368] veth1_vlan: left promiscuous mode [ 5772.690161][ T5368] veth0_vlan: left promiscuous mode [ 5835.463361][ T5913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5835.851224][ T5913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5857.882227][ T5913] hsr_slave_0: entered promiscuous mode [ 5857.970295][ T5913] hsr_slave_1: entered promiscuous mode [ 5858.060138][ T5913] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 5858.066757][ T5913] Cannot create hsr debugfs directory [ 5878.999110][ T5913] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 5879.325175][ T5913] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 5879.765137][ T5913] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 5880.219564][ T5913] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 5904.530148][ T5913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5985.731587][ T5913] veth0_vlan: entered promiscuous mode [ 5986.090083][ T5913] veth1_vlan: entered promiscuous mode [ 5988.054426][ T5913] veth0_macvtap: entered promiscuous mode [ 5988.242718][ T5913] veth1_macvtap: entered promiscuous mode [ 5989.782093][ T5913] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5989.790833][ T5913] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5989.833296][ T5913] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5989.861159][ T5913] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6203.222964][ T6186] kvm [6186]: Failed to find VMA for hva 0x20c01000 [ 6272.480016][ T6219] kvm [6219]: Failed to find VMA for hva 0x20d8d000 [ 6272.757601][ T6219] kvm [6219]: Failed to find VMA for hva 0x208a1000 [ 6324.064228][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.173205][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.270826][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.343667][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.451816][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.501396][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.712594][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6324.762326][ T6242] kvm [6242]: Failed to find VMA for hva 0x2101a000 [ 6514.753791][ T25] audit: type=1400 audit(6513.860:108): avc: denied { execute } for pid=6332 comm="syz.1.1069" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 6610.079386][ T6376] debugfs: File 'vgic-its-state@8080000' in directory '6376-4' already present! [ 6649.570519][ T6394] kvm [6394]: Failed to find VMA for hva 0x20d8d000 [ 6739.723294][ T6436] KVM: debugfs: duplicate directory 6436-5 [ 6816.358578][ T6477] kvm [6477]: Failed to find VMA for hva 0x20d8a000 [ 6927.820204][ T6537] kvm [6537]: Failed to find VMA for hva 0x20d8d000 [ 6993.799956][ T6569] kvm [6569]: Failed to find VMA for hva 0x20c01000 [ 7039.157578][ T6590] KVM: debugfs: duplicate directory 6590-14 [ 7064.181112][ T6603] ------------[ cut here ]------------ [ 7064.182423][ T6603] WARNING: CPU: 0 PID: 6603 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [ 7064.186595][ T6603] Modules linked in: [ 7064.189513][ T6603] CPU: 0 UID: 0 PID: 6603 Comm: syz.1.1173 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 7064.191397][ T6603] Hardware name: linux,dummy-virt (DT) [ 7064.192930][ T6603] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 7064.194464][ T6603] pc : pend_sync_exception+0x198/0x5ac [ 7064.195663][ T6603] lr : pend_sync_exception+0x198/0x5ac [ 7064.196839][ T6603] sp : ffff80008e7978c0 [ 7064.197812][ T6603] x29: ffff80008e7978c0 x28: 0000000000000083 x27: 83f00000185f3da8 [ 7064.199976][ T6603] x26: 0000000000000083 x25: 0000000000000000 x24: 0000000000000000 [ 7064.201751][ T6603] x23: 0000000000000000 x22: 0000000000000083 x21: 83f00000185f4981 [ 7064.203537][ T6603] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 7064.205323][ T6603] x17: 00000000000000de x16: ffff800080011d9c x15: 0000000020000880 [ 7064.207143][ T6603] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000f6 [ 7064.208986][ T6603] x11: f6f00000168aede4 x10: 0000000000ff0100 x9 : 0000000000000000 [ 7064.210954][ T6603] x8 : f6f00000168ad880 x7 : ffff800080b08704 x6 : ffff80008e797a88 [ 7064.212802][ T6603] x5 : ffff80008e797a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 7064.214564][ T6603] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 7064.216632][ T6603] Call trace: [ 7064.217789][ T6603] pend_sync_exception+0x198/0x5ac (P) [ 7064.219271][ T6603] __kvm_inject_sea+0x268/0x96c [ 7064.220607][ T6603] kvm_inject_sea+0x98/0x72c [ 7064.221711][ T6603] __kvm_arm_vcpu_set_events+0x134/0x238 [ 7064.222891][ T6603] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 7064.224061][ T6603] kvm_vcpu_ioctl+0x5c4/0xc2c [ 7064.225152][ T6603] __arm64_sys_ioctl+0x18c/0x244 [ 7064.226169][ T6603] invoke_syscall+0x90/0x2b4 [ 7064.227294][ T6603] el0_svc_common+0x180/0x2f4 [ 7064.228513][ T6603] do_el0_svc+0x58/0x74 [ 7064.229715][ T6603] el0_svc+0x58/0x160 [ 7064.230667][ T6603] el0t_64_sync_handler+0x78/0x108 [ 7064.231875][ T6603] el0t_64_sync+0x198/0x19c [ 7064.233222][ T6603] irq event stamp: 58 [ 7064.234100][ T6603] hardirqs last enabled at (57): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 7064.235716][ T6603] hardirqs last disabled at (58): [] el1_dbg+0x24/0x80 [ 7064.237058][ T6603] softirqs last enabled at (38): [] local_bh_enable+0x10/0x34 [ 7064.238525][ T6603] softirqs last disabled at (36): [] local_bh_disable+0x10/0x34 [ 7064.240206][ T6603] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7079.201755][ T6350] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7080.607261][ T6350] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7081.730476][ T6350] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7082.297998][ T6350] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7093.394055][ T6350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7093.501358][ T6350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7093.573212][ T6350] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 20:56:20 Registers: info registers vcpu 0 CPU#0 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008e797000 X05=0000000000000020 X06=0000000000000000 X07=ffff80008652e834 X08=00000000000003c0 X09=0000000000000000 X10=00000000000000f6 X11=0000000000000144 X12=0000000000000044 X13=0000000000000002 X14=00000000000000c8 X15=ffff800087f39a30 X16=0000000000000000 X17=00000000000000de X18=0000000000000000 X19=0000000000000000 X20=0000000000000000 X21=ffff80008652e834 X22=ffff8000877e66a8 X23=0000000000000000 X24=0000000000000001 X25=0000000000000000 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff80008e7971c0 X30=ffff800080451698 SP=ffff80008e797170 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffce9156e0:32bf5635106fe100 Z02=0000ffffce9156c0:ffffff80ffffffd8 Z03=0000ffffce915770:0000ffffce915770 Z04=0000ffffce915770:0000ffffb7936d08 Z05=0000ffffce915740:0000ffffce915770 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffce915990:0000ffffce915990 Z17=ffffff80ffffffd0:0000ffffce915960 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000