last executing test programs: 1m43.131393579s ago: executing program 0 (id=32): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x2000, 0x8080000, 0x103, 0x0, 0x3}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2801, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xb1) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x15}) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000000c0)=@arm64_fp={0x60400000001000f4, &(0x7f0000000180)=0x80000000}) 1m39.349823843s ago: executing program 1 (id=34): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000f22000/0x18000)=nil, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000a00)={0x0, 0x0, @pic={0xfc, 0x5, 0x0, 0x9, 0xfe, 0x0, 0x0, 0x3, 0x20, 0x6, 0x4, 0x0, 0x0, 0x4}}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0) (async) r4 = openat$kvm(0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xc0189436, 0x20004000) (async) r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0000000000000000180000000000000008000000000000000100000000000000840000000000000080c388d20020b8f2610080d2620080d2830080d2040180d2020000d4e08686d20060b0f2010180d2a20180d2a30180d2040180d2020000d400e4200e1f000072000028d5e0e098d20080b8f2810180d2e20080d2030080d2040180d2020000d40008c05a007c001b0068a038007008d5c0035fd603000000000000004000000000000000000000310000000004000000000000000000000000000000f7ffffffffffffff020000000000000004000000000000000200000000000000200000000000000001e21300000030600900000000000000030000000000000040000000000000001000000000000000f7ffffffffffffff0000000000000000010000000000000000000000000000800800000000000000030000000000000040000000000000000000003f00000000b800000000000000f7ffffffffffffff560000000000000008000000000000000e000000000000000400000000000000400000000000000080a00040000000000f00000000000000be07000000000000010400000000000069ffffffffffffff100000000000000000000000000000001800000000000000050000000000000002000000000000002000000000000000bade130000003060080000000000000004000000000000004000000000000000800000000000000009000000000000000000010000000000ffffffffffffff7f0000000020010000ffff000000000000040000000000000040000000000000004000000400000000faffffffffffffff02000000000000000500000000000000080000000000000080000000000000000300000000000000400000a500000000100000000000000005000000000000007f00000000000000100a0000000000000300000000000000fbffffffffffffff0100000000000000cc00000000000000008008d540b688d20060b8f2c10080d2c20180d2230180d2840180d2020000d4e04584d200a0b8f2610080d2620080d2830180d2240180d2020000d400ac9ed20060b8f2e10180d2420080d2c30080d2c40180d2020000d4000028d5007008d5806793d20040b0f2210080d2e20080d2a30080d2040180d2020000d480a783d20000b8f2410180d2820180d2030180d2440080d2020000d40000639ec0e081d20060b0f2410180d2420180d2430180d2040180d2020000d4c0035fd602000000000000002000000000000000dde6130000003060020000000000000001000000000000009c00000000000000e0bb9dd200c0b0f2210080d2020180d2e30180d2240080d2020000d4403f83d20080b0f2e10080d2e20080d2e30080d2840080d2020000d4c0e585d20000b8f2a10180d2a20080d2e30080d2e40080d2020000d40084202e007008d5e0ee8cd20080b0f2210080d2820080d2030180d2a40080d2020000d4007008d5008008d5008008d500048038c0035fd6000000000000000018000c000000000002000000000000000200000000000000200000000000000081f013000000306000ffffffffffffff020000000000000020000000000000008de1130000003060000000000000000004000000000000004000000000000000000000800000000008000000000000000600000000000000bb6ccc71000000000300000000000000400000000000000001000000000000009c00000000000000008008d5a01b97d20000b0f2210180d2220180d2830080d2c40180d2020000d4000028d50000806ca0219bd20020b8f2a10080d2020080d2430180d2440080d2020000d40068200e008008d5a00990d200a0b0f2810180d2020080d2430180d2c40080d2020000d4008008d5401291d20020b8f2610180d2820080d2430080d2440180d2020000d4c0035fd60200000000000000200000000000000028e7130000003060ab04000000000000000000000000000018000000000000000100000000000000030000000000000040000000000000008441803200000000040000000000000005000000000000000e0000000000000002000000000000000500000000000000"], 0x5e8}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4018aee3, &(0x7f0000000140)) (async) r6 = openat$kvm(0x0, &(0x7f0000000000), 0x131000, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0xc, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4010aeb5, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) syz_kvm_setup_cpu$arm64(r7, 0xffffffffffffffff, &(0x7f0000f2c000/0x18000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000080), 0x58}], 0x1, 0x0, 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0xa8800, 0x0) r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4018aee2, &(0x7f0000000040)={0x0, 0x2}) 1m33.119646408s ago: executing program 0 (id=35): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000080)={0x0, 0xf000, 0x3, 0x0, 0x8}) munmap(&(0x7f0000003000/0x1000)=nil, 0x1000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0) 1m5.694591095s ago: executing program 1 (id=36): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000df2000/0x18000)=nil, &(0x7f0000000340)=[{0x0, &(0x7f0000000640), 0xb8}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) ioctl$KVM_CHECK_EXTENSION(r0, 0x5451, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, 0x0, 0x113501, 0x0) (async, rerun: 32) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SMI(0xffffffffffffffff, 0xaeb7) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000080)={0x9, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, 0x0) (async) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r6, 0x0, 0x12, r5, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f00000000c0)=0x7) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) (async) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x7205c4, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async, rerun: 32) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000140)=@arm64_fp={0xbb3b9d98495c4715, &(0x7f0000000100)=0x2}) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200100, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) 1m1.88235336s ago: executing program 0 (id=37): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2640, 0x0) ioctl$KVM_CREATE_VM(r1, 0x4020940d, 0x20000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x20000000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) munmap(&(0x7f0000738000/0x3000)=nil, 0x3000) r4 = syz_kvm_add_vcpu(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000880)=[@irq_setup={0x5, 0x18, {0x1, 0x13e}}, @msr={0x2, 0x20, {0x603000000013c666, 0x5}}, @irq_setup={0x5, 0x18, {0x4, 0x194}}, @code={0x1, 0x9c, {"e003bfd6007008d5e0ee86d200e0b8f2610080d2820180d2e30080d2840180d2020000d4000c4038008008d5c03c96d20060b8f2010180d2e20080d2c30180d2040180d2020000d4a02499d200e0b8f2a10180d2c20080d2c30080d2440180d2020000d4008008d560f28ed200c0b0f2a10080d2020180d2230180d2240180d2020000d4007008d5"}}, @msr={0x2, 0x20, {0x603000000013807e, 0x4}}, @uexit={0x0, 0x18, 0x1000}, @uexit={0x0, 0x18, 0x1}, @code={0x1, 0x9c, {"e05190d20020b8f2010180d2a20180d2630080d2840080d2020000d4007008d5e03f87d200a0b8f2810080d2820180d2e30080d2e40080d2020000d4208198d20080b0f2c10080d2a20180d2630080d2e40180d2020000d40000301e0028200e0000709ea02898d20080b8f2e10080d2620180d2230080d2c40180d2020000d4001c602e000008d5"}}, @memwrite={0x6, 0x30, @generic={0x8000000, 0x86e, 0x438d, 0xa}}, @code={0x1, 0xb4, {"e0949bd200c0b0f2c10080d2820180d2830080d2e40080d2020000d4403d82d20080b0f2610180d2e20080d2a30180d2e40080d2020000d4408990d20040b0f2e10180d2220080d2830180d2e40180d2020000d400a4600dc0a295d200e0b8f2010180d2620080d2630080d2e40080d2020000d4000028d50000000e0820601e007008d5c0b682d20060b8f2a10180d2a20180d2430180d2440080d2020000d4"}}, @hvc={0x4, 0x40, {0x86000000, [0x1, 0xebb8, 0x2, 0x0, 0x2]}}, @code={0x1, 0x9c, {"a0108ad20040b8f2810080d2a20080d2c30180d2640180d2020000d4000c00f860be9bd20060b0f2a10080d2c20080d2a30180d2240180d2020000d40000806d20e68cd20080b0f2210180d2420180d2630180d2440080d2020000d440549ed20040b8f2610180d2a20180d2a30180d2a40080d2020000d400e0200e007008d5007008d5008008d5"}}], 0x398}, &(0x7f00000000c0)=[@featur2={0x1, 0x18}], 0x1) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x541b, 0x0) mmap$KVM_VCPU(&(0x7f000075e000/0x3000)=nil, r0, 0x6, 0x4043032, r4, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0189436, 0x20000000) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_extra={0x603000000013c02b, &(0x7f0000000240)}) 56.721304628s ago: executing program 1 (id=38): munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, 0x0) mmap$KVM_VCPU(&(0x7f0000ff6000/0x2000)=nil, 0x0, 0x4, 0x80010, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ff6000/0x2000)=nil, 0x0, 0x4, 0x80010, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000fe2000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000fe2000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000dc0)) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000001100)=[@featur2={0x1, 0x44}], 0x1) syz_kvm_setup_cpu$arm64(r2, 0xffffffffffffffff, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000001380)=[{0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="04000000000000004000000000000000030000c400000000ff01000000000000000000000000000000000000000000000600000000000000000200000000000001000000000000005400000000000000008008d5000008d5000020cb008008d5e01b8cd200c0b0f2410180d2a20180d2e30080d2440080d2020000d40000c00d000008d5000c40bc007008d50004601ec0035fd60100000000000000b400000000000000000028d50094005f0020a00d00a4ff0d0000204e802d97d200a0b0f2e10080d2c20180d2e30080d2e40180d2020000d420e780d200a0b0f2e10080d2820180d202ea80d2e40180d2020000d480e088d20060b0f2c10080d2e20080d2c30180d2840080d2020000d4209186d20040b8f2a10180d2e20080d2630180d2840180d2020000d440508cd20020b0f2410180d2020080d2430180d2840180d2020000d4c0035fd6"], 0x148}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000014c0)=@attr_other={0x0, 0x5501, 0xa1c, &(0x7f0000001480)=0x388}) (async) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000014c0)=@attr_other={0x0, 0x5501, 0xa1c, &(0x7f0000001480)=0x388}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000001a40)={0x2, 0x0, &(0x7f0000fea000/0x4000)=nil}) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00005da000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x8a031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x8a031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000) 51.957948179s ago: executing program 0 (id=39): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x428c01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x2}) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000f22000/0x18000)=nil, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000f2c000/0x18000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000080), 0x58}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0xa8800, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000f23000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x5) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013c021, &(0x7f00000000c0)=0x2}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) 19.13397507s ago: executing program 1 (id=40): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x448201, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r5, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000e93000/0x3000)=nil, r5, 0x0, 0x20031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20) (async) write$eventfd(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, 0x0, 0x87, 0x0, 0x0, 0xffffffffffffff99) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000340)={0x5}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000200)={0x1fe, 0x3, 0x0, 0x1000, &(0x7f0000fcc000/0x1000)=nil}) (async) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0) (async) ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000000)={0x4000, 0xf000, 0x8, 0xb, 0x6}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x8010, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x90c03, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) munmap(&(0x7f0000cd6000/0x4000)=nil, 0x4000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 15.751363616s ago: executing program 0 (id=41): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x5d) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x458503, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) munmap(&(0x7f0000731000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e76000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000df4000/0x4000)=nil, 0x4000) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ec2000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000482000/0x1000)=nil, 0x1000) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000c5d000/0x2000)=nil, 0x930, 0x2, 0x80010, r4, 0x0) ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x0, 0x80031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000f08000/0x4000)=nil, 0x4000) 9.607969852s ago: executing program 1 (id=42): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000df0000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000eb3000/0x2000)=nil, 0x2000) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000df0000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000240), 0xffffff29}], 0xaaaaaaaaaaaae85, 0x0, 0x0, 0x0) munmap(&(0x7f00005da000/0x4000)=nil, 0x4000) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x12, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f00006bc000/0x2000)=nil, 0x0, 0x8, 0x5c1fd1b6565d2f1, r2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x9, 0x30, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x28001, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) 7.131931675s ago: executing program 0 (id=43): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm(r1) syz_kvm_add_vcpu(r2, 0x0, 0x0, 0x0) (async) syz_kvm_add_vcpu(r2, 0x0, 0x0, 0x0) r3 = syz_kvm_add_vcpu(r2, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x160) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141242, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r6, 0x3000004, 0x20010, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r6, 0x3000004, 0x20010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000040)={0x7, 0x7}) (async) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000040)={0x7, 0x7}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x0, 0x2, 0x2000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) close(r5) (async) close(r5) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x3}) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) eventfd2(0x6, 0x1000) ioctl$KVM_IRQFD(r5, 0x4020ae76, 0x0) (async) ioctl$KVM_IRQFD(r5, 0x4020ae76, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x40001, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x40001, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@featur1={0x1, 0x3}], 0x1) (async) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@featur1={0x1, 0x3}], 0x1) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) 0s ago: executing program 1 (id=44): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x408e02, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100046}) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x600000000) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r9, 0x8040ae9f, 0xfffffffffffffffe) (async) mmap$KVM_VCPU(&(0x7f0000de6000/0x2000)=nil, r3, 0x3, 0x12, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r9, 0x4068aea3, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000002c0)={0x4}) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000300)={0x2}) (async) r10 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r3, 0x4, 0x10, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000c00)="4452f270620d1d70c1b60053097f802f1282e3f96f611548463c49631ac3a6fc8c25b88dca87b6435b9d7cea474116471428feab8f4a0f1e47f00303de432b28695fbe35d9b5f0df", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000e37000/0x1000)=nil, 0x930, 0x2000007, 0x30, 0xffffffffffffffff, 0x0) (async) r11 = eventfd2(0x2, 0x80801) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r11, 0x1000, 0x3, r9}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:8791' (ED25519) to the list of known hosts. [ 744.166575][ T24] audit: type=1400 audit(743.070:69): avc: denied { name_bind } for pid=3258 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 745.488863][ T24] audit: type=1400 audit(744.390:70): avc: denied { execute } for pid=3260 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 745.515787][ T24] audit: type=1400 audit(744.410:71): avc: denied { execute_no_trans } for pid=3260 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 784.426020][ T24] audit: type=1400 audit(783.330:72): avc: denied { mounton } for pid=3260 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 784.491172][ T24] audit: type=1400 audit(783.390:73): avc: denied { mount } for pid=3260 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 784.607893][ T3260] cgroup: Unknown subsys name 'net' [ 784.677273][ T24] audit: type=1400 audit(783.590:74): avc: denied { unmount } for pid=3260 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 785.481721][ T3260] cgroup: Unknown subsys name 'rlimit' [ 786.024614][ T24] audit: type=1400 audit(784.930:75): avc: denied { setattr } for pid=3260 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 786.054938][ T24] audit: type=1400 audit(784.960:76): avc: denied { mounton } for pid=3260 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 786.081231][ T24] audit: type=1400 audit(784.970:77): avc: denied { mount } for pid=3260 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 787.569800][ T3269] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 787.625316][ T24] audit: type=1400 audit(786.490:78): avc: denied { relabelto } for pid=3269 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 787.644831][ T24] audit: type=1400 audit(786.540:79): avc: denied { write } for pid=3269 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 787.946525][ T24] audit: type=1400 audit(786.850:80): avc: denied { read } for pid=3260 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 787.967521][ T24] audit: type=1400 audit(786.860:81): avc: denied { open } for pid=3260 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 788.016067][ T3260] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 840.655654][ T24] audit: type=1400 audit(839.560:82): avc: denied { execmem } for pid=3270 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 845.756102][ T24] audit: type=1400 audit(844.630:83): avc: denied { read } for pid=3272 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 845.759546][ T24] audit: type=1400 audit(844.660:84): avc: denied { open } for pid=3272 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 845.909390][ T24] audit: type=1400 audit(844.820:85): avc: denied { mounton } for pid=3272 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 849.024787][ T24] audit: type=1400 audit(847.920:86): avc: denied { mount } for pid=3273 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 849.200279][ T24] audit: type=1400 audit(848.110:87): avc: denied { mounton } for pid=3273 comm="syz-executor" path="/syzkaller.11kd5m/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 849.349614][ T24] audit: type=1400 audit(848.220:88): avc: denied { mount } for pid=3273 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 849.561603][ T24] audit: type=1400 audit(848.470:89): avc: denied { mounton } for pid=3272 comm="syz-executor" path="/syzkaller.aOFXOO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 849.659770][ T24] audit: type=1400 audit(848.570:90): avc: denied { mounton } for pid=3273 comm="syz-executor" path="/syzkaller.11kd5m/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2880 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 849.890110][ T24] audit: type=1400 audit(848.800:91): avc: denied { unmount } for pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 850.016241][ T24] audit: type=1400 audit(848.910:92): avc: denied { mounton } for pid=3272 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 852.018423][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 852.018726][ T24] audit: type=1400 audit(850.890:96): avc: denied { open } for pid=3272 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 852.019517][ T24] audit: type=1400 audit(850.920:97): avc: denied { read write } for pid=3273 comm="syz-executor" name="loop0" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 852.111080][ T24] audit: type=1400 audit(850.990:99): avc: denied { ioctl } for pid=3272 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=640 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 852.145636][ T24] audit: type=1400 audit(850.960:98): avc: denied { ioctl } for pid=3273 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 855.335169][ T24] audit: type=1400 audit(854.230:100): avc: denied { read } for pid=3274 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 855.405139][ T24] audit: type=1400 audit(854.300:101): avc: denied { open } for pid=3274 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 856.359348][ T24] audit: type=1400 audit(855.260:102): avc: denied { ioctl } for pid=3275 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 857.846054][ T24] audit: type=1400 audit(856.750:103): avc: denied { write } for pid=3274 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 873.854472][ T24] audit: type=1400 audit(872.760:104): avc: denied { execute } for pid=3296 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 899.424918][ T24] audit: type=1400 audit(898.310:105): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 990.864367][ T24] audit: type=1400 audit(989.770:106): avc: denied { append } for pid=3364 comm="syz.0.18" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1229.391815][ T3526] ================================================================== [ 1229.394335][ T3526] BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x2dc/0x97c [ 1229.397251][ T3526] Read of size 8 at addr f9f000001638b080 by task syz.0.43/3526 [ 1229.399046][ T3526] Pointer tag: [f9], memory tag: [fe] [ 1229.400219][ T3526] [ 1229.401669][ T3526] CPU: 0 UID: 0 PID: 3526 Comm: syz.0.43 Not tainted 6.11.0-rc5-syzkaller-g17a000564499 #0 [ 1229.403638][ T3526] Hardware name: linux,dummy-virt (DT) [ 1229.405214][ T3526] Call trace: [ 1229.406166][ T3526] dump_backtrace+0x1b8/0x1e4 [ 1229.407557][ T3526] show_stack+0x2c/0x3c [ 1229.408769][ T3526] dump_stack_lvl+0xe4/0x150 [ 1229.409932][ T3526] print_report+0x1b4/0x500 [ 1229.411094][ T3526] kasan_report+0xd8/0x138 [ 1229.412112][ T3526] kasan_tag_mismatch+0x28/0x3c [ 1229.413282][ T3526] __hwasan_tag_mismatch+0x30/0x60 [ 1229.414442][ T3526] kvm_put_kvm+0x2dc/0x97c [ 1229.415635][ T3526] kvm_vm_release+0x40/0x54 [ 1229.416839][ T3526] __fput+0x150/0x554 [ 1229.417846][ T3526] ____fput+0x20/0x30 [ 1229.418836][ T3526] task_work_run+0x154/0x1c4 [ 1229.419933][ T3526] do_exit+0x3bc/0x10e0 [ 1229.421094][ T3526] do_group_exit+0xfc/0x13c [ 1229.422262][ T3526] get_signal+0xd40/0xdb8 [ 1229.423191][ T3526] do_signal+0x17c/0x2bac [ 1229.424384][ T3526] do_notify_resume+0x7c/0x1b8 [ 1229.425592][ T3526] el0_svc+0xac/0x14c [ 1229.426665][ T3526] el0t_64_sync_handler+0x84/0xfc [ 1229.427917][ T3526] el0t_64_sync+0x190/0x194 [ 1229.429326][ T3526] [ 1229.430142][ T3526] Allocated by task 3527: [ 1229.431366][ T3526] kasan_save_stack+0x40/0x6c [ 1229.432550][ T3526] save_stack_info+0x34/0x144 [ 1229.433654][ T3526] kasan_save_alloc_info+0x14/0x20 [ 1229.434912][ T3526] __kasan_slab_alloc+0x90/0x94 [ 1229.436076][ T3526] kmem_cache_alloc_noprof+0x1c0/0x35c [ 1229.437375][ T3526] kvm_vm_ioctl_create_vcpu+0x114/0x588 [ 1229.438620][ T3526] kvm_vm_ioctl+0x4dc/0x11e8 [ 1229.439827][ T3526] __arm64_sys_ioctl+0x108/0x184 [ 1229.440859][ T3526] invoke_syscall+0x78/0x1b8 [ 1229.442111][ T3526] el0_svc_common+0xe8/0x1b0 [ 1229.443313][ T3526] do_el0_svc+0x40/0x50 [ 1229.444435][ T3526] el0_svc+0x54/0x14c [ 1229.445437][ T3526] el0t_64_sync_handler+0x84/0xfc [ 1229.446485][ T3526] el0t_64_sync+0x190/0x194 [ 1229.447624][ T3526] [ 1229.448426][ T3526] Freed by task 3527: [ 1229.449386][ T3526] kasan_save_stack+0x40/0x6c [ 1229.450512][ T3526] save_stack_info+0x34/0x144 [ 1229.451660][ T3526] kasan_save_free_info+0x18/0x24 [ 1229.452928][ T3526] poison_slab_object+0x19c/0x1a0 [ 1229.454137][ T3526] __kasan_slab_free+0x10/0x20 [ 1229.455092][ T3526] kmem_cache_free+0x158/0x4b8 [ 1229.456301][ T3526] kvm_vm_ioctl_create_vcpu+0x404/0x588 [ 1229.457524][ T3526] kvm_vm_ioctl+0x4dc/0x11e8 [ 1229.458499][ T3526] __arm64_sys_ioctl+0x108/0x184 [ 1229.459648][ T3526] invoke_syscall+0x78/0x1b8 [ 1229.460679][ T3526] el0_svc_common+0xe8/0x1b0 [ 1229.461766][ T3526] do_el0_svc+0x40/0x50 [ 1229.462889][ T3526] el0_svc+0x54/0x14c [ 1229.463958][ T3526] el0t_64_sync_handler+0x84/0xfc [ 1229.465211][ T3526] el0t_64_sync+0x190/0x194 [ 1229.466179][ T3526] [ 1229.466935][ T3526] The buggy address belongs to the object at fff0000016389cb0 [ 1229.466935][ T3526] which belongs to the cache kvm_vcpu of size 7344 [ 1229.468889][ T3526] The buggy address is located 5072 bytes inside of [ 1229.468889][ T3526] 7344-byte region [fff0000016389cb0, fff000001638b960) [ 1229.470706][ T3526] [ 1229.471541][ T3526] The buggy address belongs to the physical page: [ 1229.472980][ T3526] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56388 [ 1229.474841][ T3526] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1229.476250][ T3526] memcg:df0000015df5141 [ 1229.477273][ T3526] flags: 0x1ffc00000000040(head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 1229.479213][ T3526] page_type: 0xfdffffff(slab) [ 1229.480895][ T3526] raw: 01ffc00000000040 00f000000ad9d000 dead000000000122 0000000000000000 [ 1229.482415][ T3526] raw: 0000000000000000 0000000080040004 00000001fdffffff 0df0000015df5141 [ 1229.484012][ T3526] head: 01ffc00000000040 00f000000ad9d000 dead000000000122 0000000000000000 [ 1229.485481][ T3526] head: 0000000000000000 0000000080040004 00000001fdffffff 0df0000015df5141 [ 1229.486967][ T3526] head: 01ffc00000000003 ffffc1ffc058e201 ffffffffffffffff 0000000000000000 [ 1229.488397][ T3526] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1229.489634][ T3526] page dumped because: kasan: bad access detected [ 1229.490809][ T3526] [ 1229.491575][ T3526] Memory state around the buggy address: [ 1229.494796][ T3526] fff000001638ae00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1229.496251][ T3526] fff000001638af00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1229.497401][ T3526] >fff000001638b000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1229.498575][ T3526] ^ [ 1229.499853][ T3526] fff000001638b100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1229.501196][ T3526] fff000001638b200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1229.502541][ T3526] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1229.959510][ T3526] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 07:34:44 Registers: info registers vcpu 0 CPU#0 PC=ffff8000812adf5c X00=0000000000000003 X01=0000000000000002 X02=0000000000000055 X03=ffff8000812adecc X04=0000000000000001 X05=0000000000000000 X06=ffff8000812ad094 X07=205b5d3135323739 X08=4af000000f9bd7c0 X09=0000000000000000 X10=0000000000ff0100 X11=0000000000000101 X12=5b5d313532373933 X13=205d363235335420 X14=0000000000000000 X15=0000000000000000 X16=00000000000000d2 X17=0000000000000000 X18=000000000000033d X19=0000000000000020 X20=efff800000000000 X21=0000000000000002 X22=d2f000000b80917a X23=d2f000000b8092c8 X24=d2f000000b8090c8 X25=deff800089619018 X26=deff800089619000 X27=d2f000000b8092d8 X28=0000000000000f01 X29=ffff80008b5772a0 X30=ffff8000812adf5c SP=ffff80008b5772a0 PSTATE=814000c9 N--- EL2h BTYPE=0 FPCR=00000000 FPSR=00000000 Q00=0000ffffc85b1910:0000ffffc85b1910 Q01=ffffff80ffffffd8:0000ffffc85b18e0 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=00524f5252450040:0000000000000000 Q05=00524f5252450040:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000ffffc85b1910:0000ffffc85b1910 Q17=ffffff80ffffffd0:0000ffffc85b18e0 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000