last executing test programs: 26.377186001s ago: executing program 1 (id=2): syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2}) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x400454cb, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000d31000/0x1000)=nil, 0x0, 0x8, 0x2010, r9, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x28) r12 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) (async) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xffda, 0x1}}) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x0, 0x1000}, @irq_setup={0x46, 0x0, {0x1, 0xa4}}, @its_send_cmd={0xaa, 0x0, {0xd, 0x0, 0x2, 0x5, 0x4, 0x10001, 0x3}}, @uexit={0x0, 0x0, 0x1ff}, @svc={0x122, 0x0, {0x80008000, [0x80, 0x4, 0x1, 0x1, 0x80]}}, @msr={0x14, 0x0, {0x603000000013df69, 0x7}}, @hvc={0x32, 0x0, {0x0, [0x6, 0x3, 0x7ac4, 0x6, 0x80]}}, @memwrite={0x6e, 0x0, @generic={0xdddd1000, 0xc45, 0xf1fb, 0x2}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0x400, 0x100, 0x4}}, @svc={0x122, 0x0, {0x5000000, [0x4, 0x7ff, 0xb6d, 0x9, 0x596a]}}]}, &(0x7f0000000300)=[@featur1={0x1, 0x90}], 0x0) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x0, 0x1000}, @irq_setup={0x46, 0x0, {0x1, 0xa4}}, @its_send_cmd={0xaa, 0x0, {0xd, 0x0, 0x2, 0x5, 0x4, 0x10001, 0x3}}, @uexit={0x0, 0x0, 0x1ff}, @svc={0x122, 0x0, {0x80008000, [0x80, 0x4, 0x1, 0x1, 0x80]}}, @msr={0x14, 0x0, {0x603000000013df69, 0x7}}, @hvc={0x32, 0x0, {0x0, [0x6, 0x3, 0x7ac4, 0x6, 0x80]}}, @memwrite={0x6e, 0x0, @generic={0xdddd1000, 0xc45, 0xf1fb, 0x2}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0x400, 0x100, 0x4}}, @svc={0x122, 0x0, {0x5000000, [0x4, 0x7ff, 0xb6d, 0x9, 0x596a]}}]}, &(0x7f0000000300)=[@featur1={0x1, 0x90}], 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r12, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x2}) (async) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r12, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x2}) 23.33911542s ago: executing program 0 (id=1): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) (async, rerun: 32) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x45d4970}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x0, 0xeeee8000, 0x4, 0x1, 0x40}) 11.030905273s ago: executing program 1 (id=3): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x1000, &(0x7f0000fd1000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_assert_reg(r10, 0x603000000013dce8, 0x8000) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r12, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) 10.020878252s ago: executing program 0 (id=4): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x200000000000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r3 = eventfd2(0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c640}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) close(r3) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) write$eventfd(r3, &(0x7f0000000180)=0x5, 0xfffffde3) 0s ago: executing program 1 (id=5): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0xb, 0x11, r2, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r6, 0xc018aec0, &(0x7f00000000c0)={0x5, 0x340, 0x1, 0x0}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r9, 0x401054d6, 0x1) r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1a) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000000)={0x3, 0x4, 0x4, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 385.499581][ T25] audit: type=1400 audit(384.670:60): avc: denied { read } for pid=3143 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 402.553156][ T3143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 452.726153][ T3143] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:15022' (ED25519) to the list of known hosts. [ 615.339167][ T25] audit: type=1400 audit(614.520:61): avc: denied { name_bind } for pid=3293 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 617.475233][ T25] audit: type=1400 audit(616.660:62): avc: denied { execute } for pid=3294 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 617.530158][ T25] audit: type=1400 audit(616.680:63): avc: denied { execute_no_trans } for pid=3294 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 647.092627][ T25] audit: type=1400 audit(646.270:64): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 647.126270][ T25] audit: type=1400 audit(646.300:65): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 647.211075][ T3294] cgroup: Unknown subsys name 'net' [ 647.261120][ T25] audit: type=1400 audit(646.450:66): avc: denied { unmount } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 647.679850][ T3294] cgroup: Unknown subsys name 'cpuset' [ 647.800845][ T3294] cgroup: Unknown subsys name 'rlimit' [ 648.749635][ T25] audit: type=1400 audit(647.930:67): avc: denied { setattr } for pid=3294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 648.775019][ T25] audit: type=1400 audit(647.960:68): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 648.795857][ T25] audit: type=1400 audit(647.970:69): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 650.033630][ T3297] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 650.059804][ T25] audit: type=1400 audit(649.240:70): avc: denied { relabelto } for pid=3297 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 650.087093][ T25] audit: type=1400 audit(649.270:71): avc: denied { write } for pid=3297 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 650.276690][ T25] audit: type=1400 audit(649.460:72): avc: denied { read } for pid=3294 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 650.295169][ T25] audit: type=1400 audit(649.480:73): avc: denied { open } for pid=3294 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 650.344084][ T3294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 704.633613][ T25] audit: type=1400 audit(703.820:74): avc: denied { execmem } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 711.385792][ T25] audit: type=1400 audit(710.570:75): avc: denied { read } for pid=3306 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 711.405313][ T25] audit: type=1400 audit(710.580:76): avc: denied { read } for pid=3305 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 711.430499][ T25] audit: type=1400 audit(710.610:77): avc: denied { open } for pid=3306 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 711.502078][ T25] audit: type=1400 audit(710.670:78): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 711.757058][ T25] audit: type=1400 audit(710.940:79): avc: denied { module_request } for pid=3306 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 711.795168][ T25] audit: type=1400 audit(710.950:80): avc: denied { module_request } for pid=3305 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 712.925412][ T25] audit: type=1400 audit(712.100:81): avc: denied { sys_module } for pid=3306 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 738.350255][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.434816][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.511333][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.560798][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.886007][ T3306] hsr_slave_0: entered promiscuous mode [ 751.926229][ T3306] hsr_slave_1: entered promiscuous mode [ 752.761027][ T3305] hsr_slave_0: entered promiscuous mode [ 752.793055][ T3305] hsr_slave_1: entered promiscuous mode [ 752.830767][ T3305] debugfs: 'hsr0' already exists in 'hsr' [ 752.834855][ T3305] Cannot create hsr debugfs directory [ 758.550319][ T25] audit: type=1400 audit(757.730:82): avc: denied { create } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 758.610606][ T25] audit: type=1400 audit(757.790:83): avc: denied { write } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 758.671387][ T25] audit: type=1400 audit(757.850:84): avc: denied { read } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 758.795692][ T3306] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 759.224815][ T3306] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 759.497674][ T3306] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 759.671230][ T3306] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 761.550378][ T3305] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 761.901764][ T3305] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 762.214956][ T3305] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 762.494032][ T3305] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 780.283510][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 783.720012][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 842.862570][ T3306] veth0_vlan: entered promiscuous mode [ 843.423832][ T3306] veth1_vlan: entered promiscuous mode [ 845.285073][ T3306] veth0_macvtap: entered promiscuous mode [ 845.956066][ T3306] veth1_macvtap: entered promiscuous mode [ 846.030630][ T3305] veth0_vlan: entered promiscuous mode [ 846.813297][ T3305] veth1_vlan: entered promiscuous mode [ 848.394339][ T42] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.432044][ T42] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.436015][ T42] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 848.450098][ T42] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 849.882630][ T3305] veth0_macvtap: entered promiscuous mode [ 850.623058][ T3305] veth1_macvtap: entered promiscuous mode [ 850.776798][ T25] audit: type=1400 audit(849.880:85): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 850.990010][ T25] audit: type=1400 audit(850.170:86): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzkaller.SXXpbs/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 851.206105][ T25] audit: type=1400 audit(850.390:87): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 851.655200][ T25] audit: type=1400 audit(850.840:88): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzkaller.SXXpbs/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 851.763470][ T25] audit: type=1400 audit(850.940:89): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzkaller.SXXpbs/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 852.344681][ T25] audit: type=1400 audit(851.530:90): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 852.612801][ T25] audit: type=1400 audit(851.750:91): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 852.712818][ T25] audit: type=1400 audit(851.900:92): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="gadgetfs" ino=3750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 852.870622][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 852.874785][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.015686][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.020361][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 853.237152][ T25] audit: type=1400 audit(852.380:93): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 853.335901][ T25] audit: type=1400 audit(852.520:94): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 854.986957][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 856.035540][ T25] kauditd_printk_skb: 2 callbacks suppressed [ 856.050542][ T25] audit: type=1400 audit(855.200:97): avc: denied { read write } for pid=3306 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 856.091531][ T25] audit: type=1400 audit(855.260:98): avc: denied { open } for pid=3306 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 856.111526][ T25] audit: type=1400 audit(855.290:99): avc: denied { ioctl } for pid=3306 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 865.630625][ T25] audit: type=1400 audit(864.810:100): avc: denied { read } for pid=3458 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 865.729185][ T25] audit: type=1400 audit(864.910:101): avc: denied { open } for pid=3458 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 865.949237][ T25] audit: type=1400 audit(865.130:102): avc: denied { ioctl } for pid=3458 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 884.734590][ T3473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e87a [ 884.764692][ T3473] flags: 0x1fffd4000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf5) [ 884.810409][ T3473] raw: 01fffd4000000000 ffffc1ffc07a1d88 ffffc1ffc04bc408 0000000000000000 [ 884.824272][ T3473] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 884.859139][ T3473] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 884.880962][ T3473] ------------[ cut here ]------------ [ 884.881238][ T3473] kernel BUG at ./include/linux/mm.h:1036! [ 884.883007][ T3473] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 884.888030][ T3473] Modules linked in: [ 884.890177][ T3473] CPU: 0 UID: 0 PID: 3473 Comm: syz.0.4 Not tainted syzkaller #0 PREEMPT [ 884.891785][ T3473] Hardware name: linux,dummy-virt (DT) [ 884.893046][ T3473] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 884.894393][ T3473] pc : kvm_s2_put_page+0x374/0x3a0 [ 884.896718][ T3473] lr : kvm_s2_put_page+0x374/0x3a0 [ 884.897747][ T3473] sp : ffff8000a3d17570 [ 884.898537][ T3473] x29: ffff8000a3d17570 x28: 5bf0000012f10000 x27: 5bf0000012f10000 [ 884.900169][ T3473] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 884.901602][ T3473] x23: ffffc1ffc07a1e88 x22: 0000000000000000 x21: ffffc1ffc07a1eb4 [ 884.903063][ T3473] x20: 0000000000000000 x19: ffffc1ffc07a1e80 x18: 000000007d090f30 [ 884.904471][ T3473] x17: 00000000051debe3 x16: 000000007cb68c88 x15: 000000009b89fd91 [ 884.905901][ T3473] x14: ffffffffffffffff x13: fff000001e341d88 x12: 0000000000000001 [ 884.907376][ T3473] x11: 0000000000080000 x10: 0000000000047c12 x9 : a3ff7f7fd885d400 [ 884.908913][ T3473] x8 : a3ff7f7fd885d400 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 884.910318][ T3473] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 884.911739][ T3473] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 884.913412][ T3473] Call trace: [ 884.914322][ T3473] kvm_s2_put_page+0x374/0x3a0 (P) [ 884.915683][ T3473] stage2_free_walker+0x1b0/0x264 [ 884.916783][ T3473] __kvm_pgtable_walk+0x7d8/0xa68 [ 884.917766][ T3473] kvm_pgtable_walk+0x294/0x468 [ 884.918774][ T3473] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 884.919939][ T3473] kvm_free_stage2_pgd+0x198/0x28c [ 884.920955][ T3473] kvm_uninit_stage2_mmu+0x20/0x38 [ 884.921950][ T3473] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 884.923044][ T3473] kvm_mmu_notifier_release+0x48/0xa8 [ 884.924120][ T3473] mmu_notifier_unregister+0x128/0x42c [ 884.925155][ T3473] kvm_put_kvm+0x6a0/0xfa8 [ 884.925924][ T3473] kvm_vcpu_release+0x70/0x9c [ 884.926919][ T3473] __fput+0x4ac/0x980 [ 884.927774][ T3473] ____fput+0x20/0x58 [ 884.928631][ T3473] task_work_run+0x1bc/0x254 [ 884.929544][ T3473] get_signal+0x13ec/0x1554 [ 884.930532][ T3473] do_signal+0x23c/0x4dd0 [ 884.931498][ T3473] do_notify_resume+0xb0/0x270 [ 884.932440][ T3473] el0_svc+0xb8/0x164 [ 884.933299][ T3473] el0t_64_sync_handler+0x84/0x12c [ 884.934274][ T3473] el0t_64_sync+0x198/0x19c [ 884.935821][ T3473] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 884.937694][ T3473] ---[ end trace 0000000000000000 ]--- [ 884.939345][ T3473] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 884.941347][ T3473] Kernel Offset: disabled [ 884.942120][ T3473] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 884.943267][ T3473] Memory Limit: none [ 884.944931][ T3473] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:45:10 Registers: info registers vcpu 0 CPU#0 PC=ffff800080020228 X00=0000000000000001 X01=ffff8000870dd70e X02=0000000000000000 X03=0000000000000002 X04=0000000000000000 X05=0000000000000000 X06=ffff800080537664 X07=ffff800080015834 X08=a3ff7f7fd885d400 X09=a3ff7f7fd885d400 X10=0fff000001e341d8 X11=0000000000080000 X12=0fff000001e34218 X13=fff000001e341d88 X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000 X17=00000000051debe3 X18=000000007d090f30 X19=efff800000000000 X20=ffff8000801b05a0 X21=ffff8000a3d17420 X22=0000000000000000 X23=0000000000008001 X24=00000000000000ff X25=ffff80008734e000 X26=00000000000000ff X27=5bf0000012f10000 X28=c6f000001e341d80 X29=ffff8000a3d172a0 X30=ffff800080020228 SP=ffff8000a3d17270 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25 Z02=635f6665725f6567:617028454741505f Z03=000000ff0000ff00:00ff0000000000ff Z04=0000000000000000:000f00f00f00000f Z05=41505f4e4f5f4755:425f4d56203a6573 Z06=3030203030303030:3030303030303030 Z07=3020303030303030:3030303030303030 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc4ae0fe0:0000ffffc4ae0fe0 Z17=ffffff80ffffffd0:0000ffffc4ae0fb0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000