last executing test programs: 1m0.009033502s ago: executing program 0 (id=1758): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000280)={[0x9935, 0x200, 0x0, 0x7, 0x5, 0x8, 0xffff, 0x7, 0x5, 0x7f, 0xd, 0x6, 0xfffffffffffffffb, 0x800, 0xf0fa5ad], 0x5000, 0x200}) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa00000000000000280000000000000008"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x380) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000080)={0x4, 0x2000}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) r10 = syz_kvm_vgic_v3_setup(r9, 0x4, 0x40) close(0x5) close(r10) close(0x4) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010002e, &(0x7f00000001c0)=0xffffffffffffffff}) 45.079042538s ago: executing program 0 (id=1760): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x40) r2 = syz_kvm_vgic_v3_setup(r1, 0x3, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x0, &(0x7f0000000200)=0x105b7}) 41.861128751s ago: executing program 1 (id=1761): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x0, 0x0) (async) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (async) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000280)={0x2000, 0xd000, 0x7, 0x1, 0x5}) r6 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x81f}) (async) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000000400000000000000020000000000000082"], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000300)=@attr_other={0x0, 0xc7e, 0x9, &(0x7f00000002c0)=0x3}) (async) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) (async, rerun: 64) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x4) (rerun: 64) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) (async) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013dce0, &(0x7f0000000140)=0xfffffffffffffffa}) (async, rerun: 64) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x2, 0x2, &(0x7f0000000040)=0x8000000000000001}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 38.247989694s ago: executing program 0 (id=1762): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000140)=[@featur1={0x1, 0x2}], 0x1000038e) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000580)=@arm64_sve_vls={0x606000000015ffff, 0x0}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000000)={0x0, 0x80, 0x280, &(0x7f0000000180)=[0x3, 0x96cb, 0x5, 0x7fff, 0x5, 0xffffffff, 0x9, 0x6, 0x0, 0x7, 0x43, 0x3, 0x1ff, 0x2, 0x9, 0xfffffffffffffff8, 0x1000, 0x1, 0x4, 0x2, 0x3, 0x2, 0x8e7, 0x7ff, 0x1, 0x9, 0x10000, 0x0, 0x3, 0x6, 0x8, 0x6, 0xde0, 0x5, 0x8, 0x9, 0x1, 0x10000, 0x7, 0x0, 0x3, 0x8, 0x200, 0x5, 0x8, 0x9, 0x1, 0x7fffffff, 0x2, 0xc, 0x9, 0xafb, 0x2, 0x1620000000000000, 0x6, 0x8, 0x0, 0x8, 0x4, 0x6, 0x1, 0x400000000, 0x8, 0x0, 0x9, 0x7fff, 0x6, 0x741, 0xa5, 0x432, 0x7fffffff, 0x400, 0x0, 0x7, 0x3, 0x8, 0x8, 0x3, 0x87c4, 0x40, 0x186, 0x95f1, 0x7, 0x7, 0x3, 0x1, 0x9, 0x6, 0x2, 0x2, 0x1, 0x100000000, 0x0, 0x3ff, 0x3, 0x4, 0xffff, 0xcb6, 0x10001, 0x2, 0x8, 0x0, 0x1a31, 0x3, 0x3498, 0x77a, 0xc, 0x9, 0x40, 0x200, 0xfffffffffffffffa, 0x8, 0xfffffffffffffff6, 0x5, 0x0, 0x524a, 0x7, 0xca, 0x1, 0x5, 0x9, 0x0, 0x0, 0x8000, 0x1000, 0x1, 0x54, 0x8]}) 35.019599428s ago: executing program 1 (id=1763): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffc) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xb2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfd000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=r1], 0x40}, &(0x7f0000000240)=[@featur1={0x1, 0x4}], 0x1) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x109901, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x10004, 0x3, 0x0, 0x1000, &(0x7f0000cef000/0x1000)=nil}) 32.226373427s ago: executing program 0 (id=1764): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000080)={0x5, 0x7}) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100036, 0x0}) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000140)=[@mrs={0xbe, 0x18, {0x603000000013e65b}}, @irq_setup={0x46, 0x18, {0x1, 0x2f6}}, @eret={0xe6, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x51c, 0xfffffffffffffffb, 0xb}}, @svc={0x122, 0x40, {0x400, [0x4, 0x3, 0x1, 0x80000000, 0xfff]}}, @eret={0xe6, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013e219, 0x5}}, @eret={0xe6, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0xc, 0x3, 0x4, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c086}}, @code={0xa, 0xb4, {"e0da98d20000b0f2210180d2620180d2630180d2040180d2020000d4e0a094d20020b8f2e10080d2420180d2030180d2a40080d2020000d4000028d500a4006fe0ee9ed200c0b0f2610180d2220180d2030080d2c40080d2020000d4000008d5007008d500b681d20000b8f2a10180d2220180d2c30080d2c40180d2020000d4000687d20060b0f2a10180d2620080d2630180d2440080d2020000d4000008d5"}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0xe, 0x40, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x800, 0xffffffffffffff56, 0x8}}, @eret={0xe6, 0x18, 0x8}, @smc={0x1e, 0x40, {0xc4000012, [0x4, 0x8000000000000001, 0x7, 0x9, 0xd]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20090, 0xffffffffffffae82, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013805f}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xc00, 0x2ecd, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xb0, 0xffffffffffffffff, 0xf}}, @eret={0xe6, 0x18, 0xdc3}, @mrs={0xbe, 0x18, {0x603000000013c661}}, @smc={0x1e, 0x40, {0x84000005, [0x8, 0x8, 0x900000000, 0x5, 0x7]}}, @svc={0x122, 0x40, {0x84000004, [0x2ae, 0x1, 0x4, 0x8000000000000001, 0x70]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0x10000, 0x2}}], 0x464}, &(0x7f0000000600)=[@featur2={0x1, 0x40}], 0x1) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000680)=@arm64_core={0x6030000000100038, &(0x7f0000000640)=0x6}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c014, &(0x7f00000000c0)=0x4000000000000000}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000080)={0x5, 0x7}) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x6030000000100036, 0x0}) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000140)=[@mrs={0xbe, 0x18, {0x603000000013e65b}}, @irq_setup={0x46, 0x18, {0x1, 0x2f6}}, @eret={0xe6, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x4, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0x51c, 0xfffffffffffffffb, 0xb}}, @svc={0x122, 0x40, {0x400, [0x4, 0x3, 0x1, 0x80000000, 0xfff]}}, @eret={0xe6, 0x18, 0x8}, @msr={0x14, 0x20, {0x603000000013e219, 0x5}}, @eret={0xe6, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x2, 0xc, 0x3, 0x4, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c086}}, @code={0xa, 0xb4, {"e0da98d20000b0f2210180d2620180d2630180d2040180d2020000d4e0a094d20020b8f2e10080d2420180d2030180d2a40080d2020000d4000028d500a4006fe0ee9ed200c0b0f2610180d2220180d2030080d2c40080d2020000d4000008d5007008d500b681d20000b8f2a10180d2220180d2c30080d2c40180d2020000d4000687d20060b0f2a10180d2620080d2630180d2440080d2020000d4000008d5"}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x1, 0xe, 0x40, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x800, 0xffffffffffffff56, 0x8}}, @eret={0xe6, 0x18, 0x8}, @smc={0x1e, 0x40, {0xc4000012, [0x4, 0x8000000000000001, 0x7, 0x9, 0xd]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20090, 0xffffffffffffae82, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013805f}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xc00, 0x2ecd, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xb0, 0xffffffffffffffff, 0xf}}, @eret={0xe6, 0x18, 0xdc3}, @mrs={0xbe, 0x18, {0x603000000013c661}}, @smc={0x1e, 0x40, {0x84000005, [0x8, 0x8, 0x900000000, 0x5, 0x7]}}, @svc={0x122, 0x40, {0x84000004, [0x2ae, 0x1, 0x4, 0x8000000000000001, 0x70]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0x10000, 0x2}}], 0x464}, &(0x7f0000000600)=[@featur2={0x1, 0x40}], 0x1) (async) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000680)=@arm64_core={0x6030000000100038, &(0x7f0000000640)=0x6}) (async) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c014, &(0x7f00000000c0)=0x4000000000000000}) (async) 27.244093186s ago: executing program 1 (id=1765): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) (async) syz_kvm_vgic_v3_setup(r5, 0x1, 0x360) syz_kvm_vgic_v3_setup(r5, 0x0, 0x80) (async) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) (async) r7 = openat$kvm(0x0, &(0x7f0000000240), 0x2400, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r8, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) (async, rerun: 32) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000280)={0x1fe, 0x1, 0x6000, 0x1000, &(0x7f0000000000/0x1000)=nil}) (rerun: 32) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b", @ANYRES16, @ANYBLOB="3e8ee0235c38", @ANYBLOB="a3e97badd0d457b8ca6aed579634e99a80e1bef19e45928fbf276d8203654e1dc0ff96147c98a390dde06d0c579ba58db29a7e811cfae125f5a9f5bc0e6e002a9583e049e3c3d8a40cf3e8a41a439f5b545ad059470f2ada7c679b25d1f4c9fc84eadc3ccf673d650616da2def0b4c50fc5563c2349acfb68613309c54af2e411d4f36208745c4aeadb5d1a158b5b969f51e0400000000000000100f6b4d1581eda0e736c091ab1f3f59876caa351d32eb8ae6ab1f2c999ad7c906e787ca378036380fec63fb015ad38c9f7dfa4fc86e7838faf0067560f7a4aa382e5f258b50842b", @ANYRES64=r4], 0x4}, &(0x7f0000000300), 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async, rerun: 32) ioctl$KVM_RUN(r9, 0xae80, 0x0) (rerun: 32) r10 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) 22.707166528s ago: executing program 0 (id=1766): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000e9bf5694cc"], 0x20}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_REGS(r4, 0x8360ae81, &(0x7f0000000380)) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000f0c000/0x3000)=nil, r5, 0x1000001, 0x20113, r4, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0x2000fdfd) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x280000f, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) r11 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x8600, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001c00)={0xa8, 0x0, 0x3}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) write$eventfd(r11, &(0x7f0000000000), 0xfffffe1e) r12 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 15.999361788s ago: executing program 1 (id=1767): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x800454d2, 0x0) 10.335796594s ago: executing program 1 (id=1768): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4c401, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) (async) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000100)={0x2010040, 0x1000c53}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0000000000000000180000000000000002000000000000006e0000000000000030000000000000000000000800000000000000000000000004000000000000000600000000000000be000000000000001800000000000000ce831300000030601400000000000000200000000000000018c51300000030609501000000000000000000000000000018000000000000000900000000000000aa000000000000002800000000000000030104000000020000000600000001040000000000000000be0000000000000018000000000000005bc613000000306046000000000000001800000000000000030000004100000082000000000000002800000000000000030000000000000003000000000000008a0100"], 0x36c}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x40000008080000}) 879.687047ms ago: executing program 0 (id=1769): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000200)=@arm64={0x4, 0x0, 0x0, '\x00', 0x101}) r3 = syz_kvm_vgic_v3_setup(r1, 0x0, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x5b94, 0x8000000000000001, &(0x7f0000000080)=0xc9e}) r4 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0xc, 0x5, 0x9, '\x00', 0x5}) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r5, 0x2, 0x12, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=1770): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xeeffbffd, 0xffd, 0x1}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0x3, 0x2}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0)=0xffffff7f, 0xff25) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r10, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x10000, 0x2000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, &(0x7f00000000c0)={0x6000, 0x7000}) kernel console output (not intermixed with test programs): [ 444.515326][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:15618' (ED25519) to the list of known hosts. [ 609.037766][ T25] audit: type=1400 audit(608.220:60): avc: denied { name_bind } for pid=3287 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 610.949187][ T25] audit: type=1400 audit(610.120:61): avc: denied { execute } for pid=3288 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 610.967548][ T25] audit: type=1400 audit(610.150:62): avc: denied { execute_no_trans } for pid=3288 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 629.610940][ T25] audit: type=1400 audit(628.790:63): avc: denied { mounton } for pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 629.643462][ T25] audit: type=1400 audit(628.830:64): avc: denied { mount } for pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.731705][ T3288] cgroup: Unknown subsys name 'net' [ 629.780224][ T25] audit: type=1400 audit(628.960:65): avc: denied { unmount } for pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.189025][ T3288] cgroup: Unknown subsys name 'cpuset' [ 630.295851][ T3288] cgroup: Unknown subsys name 'rlimit' [ 631.220449][ T25] audit: type=1400 audit(630.400:66): avc: denied { setattr } for pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 631.246871][ T25] audit: type=1400 audit(630.420:67): avc: denied { mounton } for pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 631.264468][ T25] audit: type=1400 audit(630.450:68): avc: denied { mount } for pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.468204][ T3291] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 632.492273][ T25] audit: type=1400 audit(631.670:69): avc: denied { relabelto } for pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.512997][ T25] audit: type=1400 audit(631.690:70): avc: denied { write } for pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 632.703874][ T25] audit: type=1400 audit(631.890:71): avc: denied { read } for pid=3288 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.727224][ T25] audit: type=1400 audit(631.900:72): avc: denied { open } for pid=3288 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.772615][ T3288] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 682.492588][ T25] audit: type=1400 audit(681.680:73): avc: denied { execmem } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 686.020868][ T25] audit: type=1400 audit(685.200:74): avc: denied { read } for pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 686.061649][ T25] audit: type=1400 audit(685.230:75): avc: denied { open } for pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 686.143427][ T25] audit: type=1400 audit(685.310:76): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 686.391716][ T25] audit: type=1400 audit(685.570:77): avc: denied { module_request } for pid=3295 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 687.534979][ T25] audit: type=1400 audit(686.720:78): avc: denied { sys_module } for pid=3294 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 716.237949][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 716.642265][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 716.704485][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.109758][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.573043][ T3295] hsr_slave_0: entered promiscuous mode [ 729.602300][ T3295] hsr_slave_1: entered promiscuous mode [ 730.705631][ T3294] hsr_slave_0: entered promiscuous mode [ 730.746878][ T3294] hsr_slave_1: entered promiscuous mode [ 730.780171][ T3294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 730.784887][ T3294] Cannot create hsr debugfs directory [ 736.229149][ T25] audit: type=1400 audit(735.400:79): avc: denied { create } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 736.276717][ T25] audit: type=1400 audit(735.460:80): avc: denied { write } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 736.300173][ T25] audit: type=1400 audit(735.480:81): avc: denied { read } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 736.454670][ T3295] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 736.772918][ T3295] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 737.024681][ T3295] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 737.321573][ T3295] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 740.011127][ T3294] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 740.242571][ T3294] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 740.464777][ T3294] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 740.752994][ T3294] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 756.895492][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.121294][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 816.036553][ T3295] veth0_vlan: entered promiscuous mode [ 816.435208][ T3295] veth1_vlan: entered promiscuous mode [ 819.524886][ T3294] veth0_vlan: entered promiscuous mode [ 819.642646][ T3295] veth0_macvtap: entered promiscuous mode [ 820.291558][ T3295] veth1_macvtap: entered promiscuous mode [ 820.716521][ T3294] veth1_vlan: entered promiscuous mode [ 823.509972][ T3295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.514836][ T3295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.530301][ T3295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.559257][ T3295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 824.645064][ T3294] veth0_macvtap: entered promiscuous mode [ 825.473854][ T3294] veth1_macvtap: entered promiscuous mode [ 827.420613][ T25] audit: type=1400 audit(826.550:82): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 827.600953][ T25] audit: type=1400 audit(826.780:83): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.DuKQVe/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 827.955085][ T25] audit: type=1400 audit(827.080:84): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 828.555931][ T25] audit: type=1400 audit(827.740:85): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.DuKQVe/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 828.794016][ T3294] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.859393][ T25] audit: type=1400 audit(827.960:86): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.DuKQVe/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3287 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 828.900015][ T3294] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.907696][ T3294] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.920374][ T3294] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.763693][ T25] audit: type=1400 audit(828.950:87): avc: denied { unmount } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 830.210130][ T25] audit: type=1400 audit(829.300:88): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 830.396213][ T25] audit: type=1400 audit(829.430:89): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="gadgetfs" ino=3299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 830.964214][ T25] audit: type=1400 audit(830.120:90): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 831.157193][ T25] audit: type=1400 audit(830.340:91): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 832.964880][ T3295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 834.733632][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 834.740002][ T25] audit: type=1400 audit(833.890:93): avc: denied { read write } for pid=3295 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 834.791682][ T25] audit: type=1400 audit(833.970:94): avc: denied { open } for pid=3295 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 834.822253][ T25] audit: type=1400 audit(834.000:95): avc: denied { ioctl } for pid=3295 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 839.476005][ T25] audit: type=1400 audit(838.660:96): avc: denied { read append } for pid=3454 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 839.517750][ T25] audit: type=1400 audit(838.700:97): avc: denied { open } for pid=3454 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 840.061898][ T25] audit: type=1400 audit(839.240:98): avc: denied { ioctl } for pid=3453 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 840.927504][ T25] audit: type=1400 audit(840.110:99): avc: denied { write } for pid=3453 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 880.694068][ T3473] kvm [3473]: Failed to find VMA for hva 0x20d8d000 [ 896.132053][ T25] audit: type=1400 audit(895.250:100): avc: denied { execute } for pid=3483 comm="syz.1.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 898.398029][ T25] audit: type=1400 audit(897.570:101): avc: denied { map } for pid=3486 comm="syz.0.11" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 932.845682][ T3504] kvm [3504]: Failed to find VMA for hva 0x208a1000 [ 941.913283][ T3506] kvm [3506]: Failed to find VMA for hva 0x20c01000 [ 1121.723640][ T3607] FAULT_INJECTION: forcing a failure. [ 1121.723640][ T3607] name failslab, interval 1, probability 0, space 0, times 1 [ 1121.773637][ T3607] CPU: 0 UID: 0 PID: 3607 Comm: syz.0.50 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1121.774304][ T3607] Hardware name: linux,dummy-virt (DT) [ 1121.774791][ T3607] Call trace: [ 1121.775212][ T3607] show_stack+0x2c/0x3c (C) [ 1121.777075][ T3607] __dump_stack+0x30/0x40 [ 1121.777371][ T3607] dump_stack_lvl+0xd8/0x12c [ 1121.777601][ T3607] dump_stack+0x1c/0x28 [ 1121.777797][ T3607] should_fail_ex+0x570/0x6e0 [ 1121.778098][ T3607] should_failslab+0xb8/0xec [ 1121.778364][ T3607] __kmalloc_noprof+0xdc/0x4b8 [ 1121.778693][ T3607] tomoyo_realpath_from_path+0xdc/0x628 [ 1121.778988][ T3607] tomoyo_path_number_perm+0x13c/0x33c [ 1121.779257][ T3607] tomoyo_file_ioctl+0x2c/0x3c [ 1121.779560][ T3607] security_file_ioctl+0xe8/0x2f0 [ 1121.779871][ T3607] __arm64_sys_ioctl+0xd0/0x244 [ 1121.780115][ T3607] invoke_syscall+0x90/0x2b4 [ 1121.780431][ T3607] el0_svc_common+0x180/0x2f4 [ 1121.780737][ T3607] do_el0_svc+0x58/0x74 [ 1121.781030][ T3607] el0_svc+0x58/0x160 [ 1121.781298][ T3607] el0t_64_sync_handler+0x78/0x108 [ 1121.781562][ T3607] el0t_64_sync+0x198/0x19c [ 1121.949867][ T3607] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1152.887329][ T3623] FAULT_INJECTION: forcing a failure. [ 1152.887329][ T3623] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.930655][ T3623] CPU: 0 UID: 0 PID: 3623 Comm: syz.0.55 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1152.931027][ T3623] Hardware name: linux,dummy-virt (DT) [ 1152.931142][ T3623] Call trace: [ 1152.931227][ T3623] show_stack+0x2c/0x3c (C) [ 1152.931620][ T3623] __dump_stack+0x30/0x40 [ 1152.931831][ T3623] dump_stack_lvl+0xd8/0x12c [ 1152.932029][ T3623] dump_stack+0x1c/0x28 [ 1152.932235][ T3623] should_fail_ex+0x570/0x6e0 [ 1152.932508][ T3623] should_failslab+0xb8/0xec [ 1152.932735][ T3623] __kmalloc_noprof+0xdc/0x4b8 [ 1152.933032][ T3623] tomoyo_encode+0x27c/0x4ec [ 1152.933329][ T3623] tomoyo_realpath_from_path+0x5bc/0x628 [ 1152.933627][ T3623] tomoyo_path_number_perm+0x13c/0x33c [ 1152.933886][ T3623] tomoyo_file_ioctl+0x2c/0x3c [ 1152.934206][ T3623] security_file_ioctl+0xe8/0x2f0 [ 1152.934547][ T3623] __arm64_sys_ioctl+0xd0/0x244 [ 1152.934786][ T3623] invoke_syscall+0x90/0x2b4 [ 1152.935082][ T3623] el0_svc_common+0x180/0x2f4 [ 1152.935399][ T3623] do_el0_svc+0x58/0x74 [ 1152.935688][ T3623] el0_svc+0x58/0x160 [ 1152.935928][ T3623] el0t_64_sync_handler+0x78/0x108 [ 1152.936171][ T3623] el0t_64_sync+0x198/0x19c [ 1153.031318][ T3623] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1280.820136][ T25] audit: type=1400 audit(1280.000:102): avc: denied { ioctl } for pid=3700 comm="syz.0.77" path="net:[4026532626]" dev="nsfs" ino=4026532626 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1325.492431][ T3733] debugfs: File 'vgic-its-state@8080000' in directory '3733-4' already present! [ 1400.636714][ T3785] kvm [3785]: Failed to find VMA for hva 0x208a1000 [ 1711.053392][ T3992] kvm [3992]: Failed to find VMA for hva 0x20d8d000 [ 1788.530399][ T25] audit: type=1400 audit(1787.700:103): avc: denied { setattr } for pid=4051 comm="syz.1.183" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1896.553081][ T4118] FAULT_INJECTION: forcing a failure. [ 1896.553081][ T4118] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1896.575702][ T4118] CPU: 0 UID: 0 PID: 4118 Comm: syz.0.204 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1896.576117][ T4118] Hardware name: linux,dummy-virt (DT) [ 1896.576262][ T4118] Call trace: [ 1896.576361][ T4118] show_stack+0x2c/0x3c (C) [ 1896.576730][ T4118] __dump_stack+0x30/0x40 [ 1896.576933][ T4118] dump_stack_lvl+0xd8/0x12c [ 1896.577134][ T4118] dump_stack+0x1c/0x28 [ 1896.577363][ T4118] should_fail_ex+0x570/0x6e0 [ 1896.577611][ T4118] should_fail+0x14/0x24 [ 1896.577843][ T4118] should_fail_usercopy+0x20/0x30 [ 1896.578162][ T4118] _copy_from_iter+0x1a0/0x18d0 [ 1896.578486][ T4118] copy_page_from_iter+0x214/0x2fc [ 1896.578764][ T4118] anon_pipe_write+0x93c/0x1224 [ 1896.579036][ T4118] vfs_write+0x9f0/0xacc [ 1896.579319][ T4118] ksys_write+0x100/0x1f4 [ 1896.579576][ T4118] __arm64_sys_write+0x98/0xcc [ 1896.579830][ T4118] invoke_syscall+0x90/0x2b4 [ 1896.580124][ T4118] el0_svc_common+0x180/0x2f4 [ 1896.580444][ T4118] do_el0_svc+0x58/0x74 [ 1896.580735][ T4118] el0_svc+0x58/0x160 [ 1896.580984][ T4118] el0t_64_sync_handler+0x78/0x108 [ 1896.581256][ T4118] el0t_64_sync+0x198/0x19c [ 1929.126796][ T4141] FAULT_INJECTION: forcing a failure. [ 1929.126796][ T4141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1929.169942][ T4141] CPU: 0 UID: 0 PID: 4141 Comm: syz.1.209 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1929.170382][ T4141] Hardware name: linux,dummy-virt (DT) [ 1929.170505][ T4141] Call trace: [ 1929.170600][ T4141] show_stack+0x2c/0x3c (C) [ 1929.170971][ T4141] __dump_stack+0x30/0x40 [ 1929.171181][ T4141] dump_stack_lvl+0xd8/0x12c [ 1929.171403][ T4141] dump_stack+0x1c/0x28 [ 1929.171615][ T4141] should_fail_ex+0x570/0x6e0 [ 1929.171870][ T4141] should_fail+0x14/0x24 [ 1929.172104][ T4141] should_fail_usercopy+0x20/0x30 [ 1929.172373][ T4141] _copy_from_iter+0x1a0/0x18d0 [ 1929.172666][ T4141] copy_page_from_iter+0x214/0x2fc [ 1929.172939][ T4141] anon_pipe_write+0x93c/0x1224 [ 1929.173204][ T4141] vfs_write+0x9f0/0xacc [ 1929.173475][ T4141] ksys_write+0x100/0x1f4 [ 1929.173736][ T4141] __arm64_sys_write+0x98/0xcc [ 1929.173996][ T4141] invoke_syscall+0x90/0x2b4 [ 1929.174339][ T4141] el0_svc_common+0x180/0x2f4 [ 1929.174660][ T4141] do_el0_svc+0x58/0x74 [ 1929.174957][ T4141] el0_svc+0x58/0x160 [ 1929.175206][ T4141] el0t_64_sync_handler+0x78/0x108 [ 1929.175469][ T4141] el0t_64_sync+0x198/0x19c [ 2010.435168][ T4194] FAULT_INJECTION: forcing a failure. [ 2010.435168][ T4194] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 2010.454298][ T4194] CPU: 0 UID: 0 PID: 4194 Comm: syz.0.226 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2010.454663][ T4194] Hardware name: linux,dummy-virt (DT) [ 2010.454776][ T4194] Call trace: [ 2010.454860][ T4194] show_stack+0x2c/0x3c (C) [ 2010.455214][ T4194] __dump_stack+0x30/0x40 [ 2010.455490][ T4194] dump_stack_lvl+0xd8/0x12c [ 2010.455702][ T4194] dump_stack+0x1c/0x28 [ 2010.455899][ T4194] should_fail_ex+0x570/0x6e0 [ 2010.456141][ T4194] should_fail_alloc_page+0xd4/0xd8 [ 2010.456400][ T4194] prepare_alloc_pages+0x20c/0x5e0 [ 2010.456629][ T4194] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 2010.456858][ T4194] alloc_pages_mpol+0x204/0x4c8 [ 2010.457160][ T4194] alloc_pages_noprof+0x104/0x2ec [ 2010.457491][ T4194] anon_pipe_write+0xdcc/0x1224 [ 2010.457764][ T4194] vfs_write+0x9f0/0xacc [ 2010.458029][ T4194] ksys_write+0x100/0x1f4 [ 2010.458325][ T4194] __arm64_sys_write+0x98/0xcc [ 2010.458598][ T4194] invoke_syscall+0x90/0x2b4 [ 2010.458897][ T4194] el0_svc_common+0x180/0x2f4 [ 2010.459195][ T4194] do_el0_svc+0x58/0x74 [ 2010.459517][ T4194] el0_svc+0x58/0x160 [ 2010.459777][ T4194] el0t_64_sync_handler+0x78/0x108 [ 2010.460026][ T4194] el0t_64_sync+0x198/0x19c [ 2040.222787][ T4213] FAULT_INJECTION: forcing a failure. [ 2040.222787][ T4213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2040.271049][ T4213] CPU: 0 UID: 0 PID: 4213 Comm: syz.0.232 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2040.271428][ T4213] Hardware name: linux,dummy-virt (DT) [ 2040.271545][ T4213] Call trace: [ 2040.271630][ T4213] show_stack+0x2c/0x3c (C) [ 2040.271987][ T4213] __dump_stack+0x30/0x40 [ 2040.272193][ T4213] dump_stack_lvl+0xd8/0x12c [ 2040.272433][ T4213] dump_stack+0x1c/0x28 [ 2040.272635][ T4213] should_fail_ex+0x570/0x6e0 [ 2040.272880][ T4213] should_fail+0x14/0x24 [ 2040.273114][ T4213] should_fail_usercopy+0x20/0x30 [ 2040.273396][ T4213] _copy_from_iter+0x1a0/0x18d0 [ 2040.273672][ T4213] copy_page_from_iter+0x214/0x2fc [ 2040.273943][ T4213] anon_pipe_write+0x93c/0x1224 [ 2040.274254][ T4213] vfs_write+0x9f0/0xacc [ 2040.274530][ T4213] ksys_write+0x100/0x1f4 [ 2040.274785][ T4213] __arm64_sys_write+0x98/0xcc [ 2040.275043][ T4213] invoke_syscall+0x90/0x2b4 [ 2040.275367][ T4213] el0_svc_common+0x180/0x2f4 [ 2040.275668][ T4213] do_el0_svc+0x58/0x74 [ 2040.275957][ T4213] el0_svc+0x58/0x160 [ 2040.276203][ T4213] el0t_64_sync_handler+0x78/0x108 [ 2040.276484][ T4213] el0t_64_sync+0x198/0x19c [ 2241.199890][ T4348] FAULT_INJECTION: forcing a failure. [ 2241.199890][ T4348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2241.211735][ T4348] CPU: 0 UID: 0 PID: 4348 Comm: syz.0.272 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2241.212077][ T4348] Hardware name: linux,dummy-virt (DT) [ 2241.212188][ T4348] Call trace: [ 2241.212286][ T4348] show_stack+0x2c/0x3c (C) [ 2241.212664][ T4348] __dump_stack+0x30/0x40 [ 2241.212872][ T4348] dump_stack_lvl+0xd8/0x12c [ 2241.213075][ T4348] dump_stack+0x1c/0x28 [ 2241.213290][ T4348] should_fail_ex+0x570/0x6e0 [ 2241.213549][ T4348] should_fail+0x14/0x24 [ 2241.213783][ T4348] should_fail_usercopy+0x20/0x30 [ 2241.214029][ T4348] _copy_from_iter+0x1a0/0x18d0 [ 2241.214348][ T4348] copy_page_from_iter+0x214/0x2fc [ 2241.214631][ T4348] anon_pipe_write+0x93c/0x1224 [ 2241.214910][ T4348] vfs_write+0x9f0/0xacc [ 2241.215167][ T4348] ksys_write+0x100/0x1f4 [ 2241.215451][ T4348] __arm64_sys_write+0x98/0xcc [ 2241.215717][ T4348] invoke_syscall+0x90/0x2b4 [ 2241.216012][ T4348] el0_svc_common+0x180/0x2f4 [ 2241.216347][ T4348] do_el0_svc+0x58/0x74 [ 2241.216642][ T4348] el0_svc+0x58/0x160 [ 2241.216889][ T4348] el0t_64_sync_handler+0x78/0x108 [ 2241.217137][ T4348] el0t_64_sync+0x198/0x19c [ 2262.076211][ T4362] FAULT_INJECTION: forcing a failure. [ 2262.076211][ T4362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2262.161890][ T4362] CPU: 0 UID: 0 PID: 4362 Comm: syz.0.277 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2262.162282][ T4362] Hardware name: linux,dummy-virt (DT) [ 2262.162411][ T4362] Call trace: [ 2262.162501][ T4362] show_stack+0x2c/0x3c (C) [ 2262.162860][ T4362] __dump_stack+0x30/0x40 [ 2262.163061][ T4362] dump_stack_lvl+0xd8/0x12c [ 2262.163281][ T4362] dump_stack+0x1c/0x28 [ 2262.163495][ T4362] should_fail_ex+0x570/0x6e0 [ 2262.163735][ T4362] should_fail_alloc_page+0xd4/0xd8 [ 2262.163964][ T4362] prepare_alloc_pages+0x20c/0x5e0 [ 2262.164181][ T4362] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 2262.164427][ T4362] alloc_pages_mpol+0x204/0x4c8 [ 2262.164725][ T4362] alloc_pages_noprof+0x104/0x2ec [ 2262.165014][ T4362] anon_pipe_write+0xdcc/0x1224 [ 2262.165286][ T4362] vfs_write+0x9f0/0xacc [ 2262.165551][ T4362] ksys_write+0x100/0x1f4 [ 2262.165804][ T4362] __arm64_sys_write+0x98/0xcc [ 2262.166060][ T4362] invoke_syscall+0x90/0x2b4 [ 2262.166410][ T4362] el0_svc_common+0x180/0x2f4 [ 2262.166707][ T4362] do_el0_svc+0x58/0x74 [ 2262.166994][ T4362] el0_svc+0x58/0x160 [ 2262.167251][ T4362] el0t_64_sync_handler+0x78/0x108 [ 2262.167519][ T4362] el0t_64_sync+0x198/0x19c [ 2292.133768][ T4383] FAULT_INJECTION: forcing a failure. [ 2292.133768][ T4383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2292.146474][ T4383] CPU: 0 UID: 0 PID: 4383 Comm: syz.1.283 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 2292.146845][ T4383] Hardware name: linux,dummy-virt (DT) [ 2292.146956][ T4383] Call trace: [ 2292.147042][ T4383] show_stack+0x2c/0x3c (C) [ 2292.147437][ T4383] __dump_stack+0x30/0x40 [ 2292.147649][ T4383] dump_stack_lvl+0xd8/0x12c [ 2292.147853][ T4383] dump_stack+0x1c/0x28 [ 2292.148060][ T4383] should_fail_ex+0x570/0x6e0 [ 2292.148321][ T4383] should_fail+0x14/0x24 [ 2292.148565][ T4383] should_fail_usercopy+0x20/0x30 [ 2292.148812][ T4383] _copy_from_iter+0x1a0/0x18d0 [ 2292.149083][ T4383] copy_page_from_iter+0x214/0x2fc [ 2292.149382][ T4383] anon_pipe_write+0x93c/0x1224 [ 2292.149670][ T4383] vfs_write+0x9f0/0xacc [ 2292.149926][ T4383] ksys_write+0x100/0x1f4 [ 2292.150212][ T4383] __arm64_sys_write+0x98/0xcc [ 2292.150501][ T4383] invoke_syscall+0x90/0x2b4 [ 2292.150796][ T4383] el0_svc_common+0x180/0x2f4 [ 2292.151082][ T4383] do_el0_svc+0x58/0x74 [ 2292.151408][ T4383] el0_svc+0x58/0x160 [ 2292.151667][ T4383] el0t_64_sync_handler+0x78/0x108 [ 2292.151919][ T4383] el0t_64_sync+0x198/0x19c [ 2349.771270][ T4413] debugfs: File 'vgic-its-state@8080000' in directory '4413-4' already present! [ 2657.480825][ T4594] kvm [4594]: Failed to find VMA for hva 0x20d8d000 [ 2752.634276][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 2752.634276][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.685793][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.685793][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.753523][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.753523][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.792815][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.792815][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.836190][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.836190][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.902022][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.902022][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.942133][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.942133][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2752.977039][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2752.977039][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2753.033479][ T4649] kvm [4648]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2753.033479][ T4649] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2900.475262][ T4746] debugfs: File 'vgic-its-state@8080000' in directory '4746-7' already present! [ 3150.602124][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 3150.602124][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.689791][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.689791][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.692111][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.692111][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.694148][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.694148][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.961150][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.961150][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.985021][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.985021][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3150.987074][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3150.987074][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3151.137714][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3151.137714][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3151.256080][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3151.256080][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3151.334575][ T4894] kvm [4893]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3151.334575][ T4894] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3523.647079][ T5083] FAULT_INJECTION: forcing a failure. [ 3523.647079][ T5083] name failslab, interval 1, probability 0, space 0, times 0 [ 3523.670738][ T5083] CPU: 0 UID: 0 PID: 5083 Comm: syz.0.483 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3523.671103][ T5083] Hardware name: linux,dummy-virt (DT) [ 3523.671222][ T5083] Call trace: [ 3523.671321][ T5083] show_stack+0x2c/0x3c (C) [ 3523.671685][ T5083] __dump_stack+0x30/0x40 [ 3523.671896][ T5083] dump_stack_lvl+0xd8/0x12c [ 3523.672115][ T5083] dump_stack+0x1c/0x28 [ 3523.672327][ T5083] should_fail_ex+0x570/0x6e0 [ 3523.672578][ T5083] should_failslab+0xb8/0xec [ 3523.672798][ T5083] __kmalloc_cache_noprof+0x80/0x404 [ 3523.673124][ T5083] kobject_uevent_env+0x30c/0xa4c [ 3523.673429][ T5083] kvm_uevent_notify_change+0x2f0/0x374 [ 3523.673696][ T5083] kvm_put_kvm+0xac/0xff8 [ 3523.673901][ T5083] kvm_vm_release+0x58/0x78 [ 3523.674191][ T5083] __fput+0x4ac/0x980 [ 3523.674496][ T5083] fput_close_sync+0xcc/0x1e8 [ 3523.674774][ T5083] __arm64_sys_close+0x8c/0x13c [ 3523.675038][ T5083] invoke_syscall+0x90/0x2b4 [ 3523.675343][ T5083] el0_svc_common+0x180/0x2f4 [ 3523.675635][ T5083] do_el0_svc+0x58/0x74 [ 3523.675922][ T5083] el0_svc+0x58/0x160 [ 3523.676169][ T5083] el0t_64_sync_handler+0x78/0x108 [ 3523.676432][ T5083] el0t_64_sync+0x198/0x19c [ 3539.847089][ T5088] KVM: debugfs: duplicate directory 5088-4 [ 3675.892165][ T5170] kvm [5170]: Failed to find VMA for hva 0x20d8d000 [ 3710.623033][ T5193] debugfs: File 'vgic-its-state@8080000' in directory '5193-4' already present! [ 3722.044410][ T5200] debugfs: File 'vgic-its-state@8080000' in directory '5200-4' already present! [ 3813.104562][ T5267] kvm [5267]: Failed to find VMA for hva 0x20c01000 [ 3874.223957][ T25] audit: type=1400 audit(3873.410:104): avc: denied { execute } for pid=5312 comm="syz.1.550" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3919.512284][ T5341] kvm [5341]: Failed to find VMA for hva 0x20c00000 [ 4171.627201][ T25] audit: type=1400 audit(4170.810:105): avc: denied { map } for pid=5503 comm="syz.0.603" path="pipe:[2442]" dev="pipefs" ino=2442 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 4767.203240][ T5870] KVM: debugfs: duplicate directory 5870-5 [ 5255.091662][ T6176] KVM: debugfs: duplicate directory 6176-6 [ 5256.132815][ T6176] KVM: debugfs: duplicate directory 6176-6 [ 5257.388047][ T25] audit: type=1400 audit(5256.570:106): avc: denied { execute } for pid=6173 comm="syz.1.798" path=2F3430312F10FBFF67525673312B0104 dev="tmpfs" ino=2028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 5318.922942][ T6215] print_sys_reg_msg: 257 callbacks suppressed [ 5318.960112][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 5318.960112][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.000282][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.000282][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.012423][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.012423][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.046024][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.046024][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.091836][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.091836][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.121300][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.121300][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.152172][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.152172][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.191007][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.191007][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.221699][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.221699][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5319.253836][ T6215] kvm [6214]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5319.253836][ T6215] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 5434.844297][ T6282] kvm [6282]: Failed to find VMA for hva 0x208a1000 [ 5451.095534][ T6294] debugfs: File 'vgic-its-state@0' in directory '6293-4' already present! [ 5569.354809][ T6376] print_sys_reg_msg: 415 callbacks suppressed [ 5569.365903][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 5569.365903][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.462812][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.462812][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.505118][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.505118][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.546012][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.546012][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.604203][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.604203][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.661132][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.661132][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.751544][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.751544][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5569.927210][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5569.927210][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5570.055348][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5570.055348][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5570.125230][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5570.125230][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5574.395166][ T6376] print_sys_reg_msg: 284 callbacks suppressed [ 5574.481395][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5574.481395][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5574.492094][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5574.492094][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5574.531658][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5574.531658][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5574.612198][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5574.612198][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5574.673789][ T6376] kvm [6374]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5574.673789][ T6376] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5673.271067][ T6440] kvm [6440]: Failed to find VMA for hva 0x2101a000 [ 6030.094053][ T6656] kvm [6656]: Failed to find VMA for hva 0x208a1000 [ 6042.841200][ T6661] kvm [6661]: Failed to find VMA for hva 0x20d8d000 [ 6042.849931][ T6666] kvm [6666]: Failed to find VMA for hva 0x20d8d000 [ 6171.034066][ T6750] kvm [6750]: Failed to find VMA for hva 0x20c01000 [ 6282.122162][ T6819] debugfs: File 'vgic-its-state@8080000' in directory '6819-5' already present! [ 6327.314934][ T6847] kvm [6847]: Failed to find VMA for hva 0x208a1000 [ 6396.426846][ T6895] kvm [6895]: Failed to find VMA for hva 0x21016000 [ 6454.260753][ T6937] KVM: debugfs: duplicate directory 6937-5 [ 6458.474330][ T6939] debugfs: File 'vgic-its-state@8080000' in directory '6939-4' already present! [ 6514.374895][ T6968] kvm [6968]: Failed to find VMA for hva 0x20c01000 [ 6533.634362][ T6981] kvm [6981]: Failed to find VMA for hva 0x20d8d000 [ 6574.477993][ T7001] kvm [7001]: Failed to find VMA for hva 0x20c01000 [ 6641.920400][ T7052] kvm [7052]: Failed to find VMA for hva 0x20d8d000 [ 6641.964542][ T7055] kvm [7055]: Failed to find VMA for hva 0x20d8d000 [ 6754.716403][ T7132] kvm [7132]: Failed to find VMA for hva 0x208a1000 [ 6765.666730][ T7141] kvm [7141]: Failed to find VMA for hva 0x20d8d000 [ 6841.320163][ T7187] debugfs: File 'vgic-its-state@8080000' in directory '7187-5' already present! [ 7052.854660][ T7321] kvm [7321]: Failed to find VMA for hva 0x208a1000 [ 7054.374029][ T7324] kvm [7324]: Failed to find VMA for hva 0x208a1000 [ 7166.150844][ T7382] irq bypass consumer (token 0000000082a70db4) registration fails: -16 [ 7256.512213][ T7455] kvm [7455]: Failed to find VMA for hva 0x20d8d000 [ 7256.540692][ T7454] kvm [7454]: Failed to find VMA for hva 0x20d8d000 [ 7294.207309][ T7479] kvm [7479]: Failed to find VMA for hva 0x20d8d000 [ 7294.221834][ T7476] kvm [7476]: Failed to find VMA for hva 0x20d8d000 [ 7319.772964][ T7497] kvm [7497]: Failed to find VMA for hva 0x20d8d000 [ 7375.613142][ T6073] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7377.456195][ T6073] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7379.183619][ T6073] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7380.928028][ T6073] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7404.320248][ T6073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7404.621361][ T6073] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7404.804022][ T6073] bond0 (unregistering): Released all slaves [ 7407.164403][ T6073] hsr_slave_0: left promiscuous mode [ 7407.227562][ T6073] hsr_slave_1: left promiscuous mode [ 7407.862049][ T6073] veth1_macvtap: left promiscuous mode [ 7407.866822][ T6073] veth0_macvtap: left promiscuous mode [ 7407.882042][ T6073] veth1_vlan: left promiscuous mode [ 7407.933775][ T6073] veth0_vlan: left promiscuous mode [ 7483.973143][ T7534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7484.312754][ T7534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7517.435770][ T7534] hsr_slave_0: entered promiscuous mode [ 7517.532520][ T7534] hsr_slave_1: entered promiscuous mode [ 7517.630340][ T7534] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7517.651205][ T7534] Cannot create hsr debugfs directory [ 7540.916289][ T7534] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7541.206239][ T7534] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7541.516989][ T7534] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7542.054420][ T7534] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7569.554958][ T7534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7670.962930][ T7534] veth0_vlan: entered promiscuous mode [ 7671.631411][ T7534] veth1_vlan: entered promiscuous mode [ 7674.533427][ T7534] veth0_macvtap: entered promiscuous mode [ 7674.993402][ T7534] veth1_macvtap: entered promiscuous mode [ 7677.880964][ T7534] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7677.900402][ T7534] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7677.901862][ T7534] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7677.902782][ T7534] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7681.660206][ T25] audit: type=1400 audit(7680.830:107): avc: denied { mounton } for pid=7534 comm="syz-executor" path="/syzkaller.SP06sy/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 7707.564707][ T6453] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7708.936190][ T6453] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7710.234417][ T6453] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7711.823391][ T6453] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7728.860868][ T6453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7729.111322][ T6453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7729.311494][ T6453] bond0 (unregistering): Released all slaves [ 7731.533449][ T6453] hsr_slave_0: left promiscuous mode [ 7731.609923][ T6453] hsr_slave_1: left promiscuous mode [ 7732.220062][ T6453] veth1_macvtap: left promiscuous mode [ 7732.240078][ T6453] veth0_macvtap: left promiscuous mode [ 7732.252243][ T6453] veth1_vlan: left promiscuous mode [ 7732.264697][ T6453] veth0_vlan: left promiscuous mode [ 7762.963664][ T7821] kvm [7821]: Failed to find VMA for hva 0x21016000 [ 7763.023870][ T7821] kvm [7821]: Failed to find VMA for hva 0x21016000 [ 7763.775413][ T7821] kvm [7821]: Failed to find VMA for hva 0x208a1000 [ 7814.896383][ T7792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7815.232819][ T7792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7846.054640][ T7792] hsr_slave_0: entered promiscuous mode [ 7846.216353][ T7792] hsr_slave_1: entered promiscuous mode [ 7871.093101][ T7792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7871.563519][ T7792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7872.074464][ T7792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7872.576390][ T7792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7901.183948][ T7792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 8006.305557][ T7792] veth0_vlan: entered promiscuous mode [ 8007.574412][ T7792] veth1_vlan: entered promiscuous mode [ 8010.821255][ T7792] veth0_macvtap: entered promiscuous mode [ 8011.292111][ T7792] veth1_macvtap: entered promiscuous mode [ 8014.553401][ T7792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 8014.610824][ T7792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 8014.651984][ T7792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 8014.659957][ T7792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 8140.651767][ T8101] kvm [8101]: Failed to find VMA for hva 0x20d8d000 [ 8140.671931][ T8105] kvm [8105]: Failed to find VMA for hva 0x20d8d000 [ 8149.586355][ T8111] FAULT_INJECTION: forcing a failure. [ 8149.586355][ T8111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 8149.639726][ T8111] CPU: 0 UID: 0 PID: 8111 Comm: syz.1.1275 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 8149.640069][ T8111] Hardware name: linux,dummy-virt (DT) [ 8149.640180][ T8111] Call trace: [ 8149.640280][ T8111] show_stack+0x2c/0x3c (C) [ 8149.640661][ T8111] __dump_stack+0x30/0x40 [ 8149.640871][ T8111] dump_stack_lvl+0xd8/0x12c [ 8149.641098][ T8111] dump_stack+0x1c/0x28 [ 8149.641314][ T8111] should_fail_ex+0x570/0x6e0 [ 8149.641570][ T8111] should_fail+0x14/0x24 [ 8149.641824][ T8111] should_fail_usercopy+0x20/0x30 [ 8149.642096][ T8111] _inline_copy_from_user+0x3c/0x18c [ 8149.642392][ T8111] kvm_device_ioctl+0x208/0x418 [ 8149.642663][ T8111] __arm64_sys_ioctl+0x18c/0x244 [ 8149.642902][ T8111] invoke_syscall+0x90/0x2b4 [ 8149.643196][ T8111] el0_svc_common+0x180/0x2f4 [ 8149.643513][ T8111] do_el0_svc+0x58/0x74 [ 8149.643804][ T8111] el0_svc+0x58/0x160 [ 8149.644047][ T8111] el0t_64_sync_handler+0x78/0x108 [ 8149.644312][ T8111] el0t_64_sync+0x198/0x19c [ 8212.761751][ T8152] kvm [8152]: Failed to find VMA for hva 0x20d8d000 [ 8272.207092][ T8193] kvm [8193]: Failed to find VMA for hva 0x20d8d000 [ 8321.816149][ T8223] KVM: debugfs: duplicate directory 8223-5 [ 8380.061289][ T8257] kvm [8257]: Failed to find VMA for hva 0x20d8d000 [ 8548.307544][ T8361] kvm [8361]: Failed to find VMA for hva 0x20d8d000 [ 8567.461649][ T8371] kvm [8371]: Failed to find VMA for hva 0x20d8d000 [ 8626.025521][ T8408] kvm [8408]: Failed to find VMA for hva 0x20d8d000 [ 8652.403085][ T8425] kvm [8425]: Failed to find VMA for hva 0x20c01000 [ 8666.553800][ T8432] kvm [8432]: Failed to find VMA for hva 0x21016000 [ 8934.640524][ T8602] kvm [8602]: Failed to find VMA for hva 0x20d8d000 [ 8934.661445][ T8605] kvm [8605]: Failed to find VMA for hva 0x20d8d000 [ 8969.065407][ T8625] kvm [8625]: Failed to find VMA for hva 0x20d8d000 [ 8969.075423][ T8624] kvm [8624]: Failed to find VMA for hva 0x20d8d000 [ 9165.595984][ T8787] kvm [8787]: Failed to find VMA for hva 0x20d8c000 [ 9324.371558][ T8890] FAULT_INJECTION: forcing a failure. [ 9324.371558][ T8890] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 9324.399896][ T8890] CPU: 0 UID: 0 PID: 8890 Comm: syz.0.1502 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 9324.400335][ T8890] Hardware name: linux,dummy-virt (DT) [ 9324.400497][ T8890] Call trace: [ 9324.400594][ T8890] show_stack+0x2c/0x3c (C) [ 9324.400961][ T8890] __dump_stack+0x30/0x40 [ 9324.401166][ T8890] dump_stack_lvl+0xd8/0x12c [ 9324.401398][ T8890] dump_stack+0x1c/0x28 [ 9324.401597][ T8890] should_fail_ex+0x570/0x6e0 [ 9324.401846][ T8890] should_fail+0x14/0x24 [ 9324.402104][ T8890] should_fail_usercopy+0x20/0x30 [ 9324.402395][ T8890] simple_read_from_buffer+0xd0/0x298 [ 9324.402696][ T8890] proc_fail_nth_read+0x114/0x178 [ 9324.402971][ T8890] vfs_read+0x220/0x958 [ 9324.403219][ T8890] ksys_read+0x100/0x1f4 [ 9324.403508][ T8890] __arm64_sys_read+0x98/0xcc [ 9324.403770][ T8890] invoke_syscall+0x90/0x2b4 [ 9324.404063][ T8890] el0_svc_common+0x180/0x2f4 [ 9324.404389][ T8890] do_el0_svc+0x58/0x74 [ 9324.404679][ T8890] el0_svc+0x58/0x160 [ 9324.404921][ T8890] el0t_64_sync_handler+0x78/0x108 [ 9324.405166][ T8890] el0t_64_sync+0x198/0x19c [ 9350.495651][ T8904] FAULT_INJECTION: forcing a failure. [ 9350.495651][ T8904] name failslab, interval 1, probability 0, space 0, times 0 [ 9350.530678][ T8904] CPU: 0 UID: 0 PID: 8904 Comm: syz.0.1507 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 9350.531020][ T8904] Hardware name: linux,dummy-virt (DT) [ 9350.531132][ T8904] Call trace: [ 9350.531215][ T8904] show_stack+0x2c/0x3c (C) [ 9350.531604][ T8904] __dump_stack+0x30/0x40 [ 9350.531806][ T8904] dump_stack_lvl+0xd8/0x12c [ 9350.532006][ T8904] dump_stack+0x1c/0x28 [ 9350.532199][ T8904] should_fail_ex+0x570/0x6e0 [ 9350.532465][ T8904] should_failslab+0xb8/0xec [ 9350.532683][ T8904] __kmalloc_noprof+0xdc/0x4b8 [ 9350.533016][ T8904] tomoyo_encode+0x27c/0x4ec [ 9350.533325][ T8904] tomoyo_realpath_from_path+0x5bc/0x628 [ 9350.533632][ T8904] tomoyo_path_number_perm+0x13c/0x33c [ 9350.533891][ T8904] tomoyo_file_ioctl+0x2c/0x3c [ 9350.534204][ T8904] security_file_ioctl+0xe8/0x2f0 [ 9350.534551][ T8904] __arm64_sys_ioctl+0xd0/0x244 [ 9350.534792][ T8904] invoke_syscall+0x90/0x2b4 [ 9350.535080][ T8904] el0_svc_common+0x180/0x2f4 [ 9350.535397][ T8904] do_el0_svc+0x58/0x74 [ 9350.535688][ T8904] el0_svc+0x58/0x160 [ 9350.535930][ T8904] el0t_64_sync_handler+0x78/0x108 [ 9350.536176][ T8904] el0t_64_sync+0x198/0x19c [ 9350.621481][ T8904] ERROR: Out of memory at tomoyo_realpath_from_path. [ 9680.022899][ T9114] kvm [9114]: Failed to find VMA for hva 0x20d8d000 [ 9695.330650][ T9124] kvm [9124]: Failed to find VMA for hva 0x20d8d000 [ 9704.361274][ T9129] kvm [9129]: Failed to find VMA for hva 0x208a1000 [10077.344671][ T9374] KVM: debugfs: duplicate directory 9374-5 [10399.523222][ T9586] kvm [9586]: Failed to find VMA for hva 0x21016000 [10399.765909][ T9586] kvm [9586]: Failed to find VMA for hva 0x21016000 [10488.457380][ T9639] kvm [9639]: Failed to find VMA for hva 0x2101a000 [10693.557843][ T9771] kvm [9770]: Unsupported guest access at: eeef0000 [10693.557843][ T9771] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [10714.757176][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001d3] [10714.757176][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10714.773580][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10714.773580][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10714.807454][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10714.807454][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10714.862019][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10714.862019][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10714.885931][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10714.885931][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10714.947968][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10714.947968][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10715.014863][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10715.014863][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10715.063020][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10715.063020][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10715.102733][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10715.102733][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10715.124836][ T9785] kvm [9784]: Unsupported guest CP15 access at: 00000100 [000001db] [10715.124836][ T9785] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [10715.285019][ T9786] ------------[ cut here ]------------ [10715.285919][ T9786] WARNING: CPU: 0 PID: 9786 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [10715.288786][ T9786] Modules linked in: [10715.291039][ T9786] CPU: 0 UID: 0 PID: 9786 Comm: syz.0.1769 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [10715.292633][ T9786] Hardware name: linux,dummy-virt (DT) [10715.293876][ T9786] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [10715.295422][ T9786] pc : pend_sync_exception+0x198/0x5ac [10715.296455][ T9786] lr : pend_sync_exception+0x198/0x5ac [10715.297574][ T9786] sp : ffff80008ec878c0 [10715.298516][ T9786] x29: ffff80008ec878c0 x28: 0000000000000053 x27: 53f00000180c82a8 [10715.300622][ T9786] x26: 0000000000000053 x25: 0000000000000000 x24: 0000000000000000 [10715.302478][ T9786] x23: 0000000000000000 x22: 0000000000000053 x21: 53f00000180c8e81 [10715.304297][ T9786] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [10715.306159][ T9786] x17: 0000000000000008 x16: ffff800080011d9c x15: 0000000020000000 [10715.308039][ T9786] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000006b [10715.309888][ T9786] x11: 0000000000080000 x10: 00000000000009d6 x9 : 7fff8000a0001000 [10715.311831][ T9786] x8 : 00000000000009d7 x7 : ffff800080b08704 x6 : ffff80008ec87a88 [10715.313687][ T9786] x5 : ffff80008ec87a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [10715.315547][ T9786] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [10715.317435][ T9786] Call trace: [10715.318425][ T9786] pend_sync_exception+0x198/0x5ac (P) [10715.319583][ T9786] __kvm_inject_sea+0x268/0x96c [10715.320768][ T9786] kvm_inject_sea+0x98/0x72c [10715.321916][ T9786] __kvm_arm_vcpu_set_events+0x134/0x238 [10715.323089][ T9786] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [10715.324220][ T9786] kvm_vcpu_ioctl+0x5c4/0xc2c [10715.325365][ T9786] __arm64_sys_ioctl+0x18c/0x244 [10715.326494][ T9786] invoke_syscall+0x90/0x2b4 [10715.327575][ T9786] el0_svc_common+0x180/0x2f4 [10715.328702][ T9786] do_el0_svc+0x58/0x74 [10715.329763][ T9786] el0_svc+0x58/0x160 [10715.330818][ T9786] el0t_64_sync_handler+0x78/0x108 [10715.331969][ T9786] el0t_64_sync+0x198/0x19c [10715.333188][ T9786] irq event stamp: 76 [10715.334140][ T9786] hardirqs last enabled at (75): [] _raw_read_unlock_irqrestore+0x44/0xbc [10715.335741][ T9786] hardirqs last disabled at (76): [] el1_dbg+0x24/0x80 [10715.337118][ T9786] softirqs last enabled at (38): [] local_bh_enable+0x10/0x34 [10715.338605][ T9786] softirqs last disabled at (36): [] local_bh_disable+0x10/0x34 [10715.340170][ T9786] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [10730.904403][ T9005] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10731.504129][ T9005] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10732.113361][ T9005] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10732.842036][ T9005] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10743.361689][ T9005] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [10743.581192][ T9005] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [10743.742276][ T9005] bond0 (unregistering): Released all slaves [10745.191042][ T9005] hsr_slave_0: left promiscuous mode VM DIAGNOSIS: 15:37:16 Registers: info registers vcpu 0 CPU#0 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008ec86f20 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18 X08=00000000000003c0 X09=0000000000000000 X10=000000000000006b X11=0000000000080000 X12=0000000000000044 X13=0000000000000002 X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c X17=0000000000000008 X18=0000000000000000 X19=0000000000000000 X20=0000000000000000 X21=ffff80008047db18 X22=ffff8000877e6618 X23=0000000000000000 X24=0000000000000001 X25=0000000000000000 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff80008ec870e0 X30=ffff800080451698 SP=ffff80008ec87090 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffd14107f0:22d7278b39e35200 Z02=0000ffffd14107d0:ffffff80ffffffd8 Z03=0000ffffd1410880:0000ffffd1410880 Z04=0000ffffd1410880:0000ffffb8336d08 Z05=0000ffffd1410850:0000ffffd1410880 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd1410aa0:0000ffffd1410aa0 Z17=ffffff80ffffffd0:0000ffffd1410a70 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000