last executing test programs: 48.977201461s ago: executing program 0 (id=517): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0x4020940d, 0x20000000) (async) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) (async) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000180)=@arm64_fw={0x6030000000140002}) r6 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee8000, 0x0, r6, 0x2}) (async) r7 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x2, 0x0, 0x0, r7}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x5, 0x3000, 0x0, r7, 0x4}) r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013de98}}, @hvc={0x32, 0x40, {0xc4000053, [0x8000, 0xe9, 0x8000000000000001, 0x8, 0x6b4170b]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x4, 0xd, 0x5, 0x63}}, @smc={0x1e, 0x40, {0x40000000, [0x7, 0x8, 0x4, 0x7, 0x7f]}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x191}}, @mrs={0xbe, 0x18, {0x603000000013c667}}, @msr={0x14, 0x20, {0x603000000013ff12, 0x101}}, @hvc={0x32, 0x40, {0x84000053, [0x5, 0x100, 0x0, 0x81, 0x5]}}, @msr={0x14, 0x20, {0x603000000013c086, 0xaa9}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xb, 0x492f8a88, 0x4, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x1, 0x4, 0x3, 0x4}}, @msr={0x14, 0x20, {0x603000000013def7, 0x9}}, @smc={0x1e, 0x40, {0x8400000b, [0x0, 0x1000, 0x3, 0x4f, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1cf}}, @msr={0x14, 0x20, {0x603000000013c2a0, 0x7}}, @code={0xa, 0x6c, {"00869cd20020b0f2c10080d2220180d2830180d2a40180d2020000d480e591d20060b0f2e10180d2a20180d2630180d2440080d2020000d4000028d5000008d5000028d5008008d500e4000f0090805f007008d5000008d5"}}, @mrs={0xbe, 0x18, {0x603000000013df7d}}, @eret={0xe6, 0x18, 0x7ff}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x16b}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0x9, 0x6, 0x10, 0x4}}, @uexit={0x0, 0x18, 0x100000}, @mrs={0xbe, 0x18, {0x603000000013df7c}}, @smc={0x1e, 0x40, {0x5000000, [0x5ea, 0xe8, 0x3, 0xc, 0x4]}}, @code={0xa, 0x6c, {"007008d50004809aa0bd8ed20080b0f2c10180d2e20180d2430180d2440080d2020000d400c4202e0070800c203998d200a0b0f2a10080d2420080d2430080d2c40080d2020000d40044200e007008d5000028d5007008d5"}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x269}}, @eret={0xe6, 0x18, 0x92d}, @smc={0x1e, 0x40, {0x4000, [0x200, 0x5, 0xbeb, 0x6, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013c01a}}], 0x4f0}, &(0x7f0000000140)=[@featur2={0x1, 0x40}], 0x1) (async, rerun: 64) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001a40)={0x8, 0x0, 0x0, r7}) (rerun: 64) 45.210409719s ago: executing program 1 (id=518): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000003000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0xf400005e, [0x400, 0x8001, 0x3, 0x8, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013df71}}, @svc={0x122, 0x40, {0x8000, [0xb7, 0x8, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe440, 0x2, 0xc}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0xb7}}, @irq_setup={0x46, 0x18, {0x1, 0x39}}, @smc={0x1e, 0x40, {0x3000000, [0xffffffffffffffc0, 0x7, 0x6, 0x1, 0x3]}}], 0x148}], 0x1, 0x0, &(0x7f0000000080)=[@featur1={0x1, 0x6a}], 0x1) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013e099, &(0x7f0000000140)=0xfffffffffffffff9}) 38.318595942s ago: executing program 0 (id=519): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2, 0x4102932, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x400454dc, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013c801, &(0x7f00000000c0)=0x4e0045a2}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_vgic_v3_setup(r8, 0x1000001, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000100)=0x8010000001000005}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r11, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000c8e000/0x2000)=nil, r11, 0x1000006, 0x1010, r12, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 36.327094826s ago: executing program 1 (id=520): openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0xc0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013c807}}], 0x58}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 31.46138768s ago: executing program 1 (id=521): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x29031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000e0c000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f9e000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x2, 0x0}) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x3, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 64) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (rerun: 64) munmap(&(0x7f0000ad4000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) 26.648599687s ago: executing program 1 (id=522): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1c3800, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f00000000c0)={0x3, 0x3898b3ec5978c0e2}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000300)={0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r2, @ANYBLOB="13d5ef1478751c05715d636e86dfd310aa338f3560cb3c9ef0654b8125713e8c8ac6117ff8bdddbfa3edc033c3df19d4a49d3e200ea58e06f397011fea467146b8ddf0c8ee8fb786cf7b543c567881583dea1d680d0987ec49ece85772f2f91003d170178f45463fb0463c1ca331cbed0911adad00f60cb07a4bf968fb083ee5dcff8a630318f24c39d3f667", @ANYBLOB="79c84929ff3d4b0a5541181a71352369101dab193be03ca7ff635f57791620eee8b02bb954638720ab6b25da20b13458f9e3836ab5584469add33084cfa51569a7a8fba9f4db820d2b9e21dbbce4df8149b207a0cb999c01fff772e174122ac783dc06ce1f429b456a6b4f8294ccc5b6ce786cd6fb0b94b4032b0798f134ba1c", @ANYBLOB="7d22d101a24cc9bdbd5ad6692bad52b5b135e7790e828c84419ddf36c5bbf8cd36533229267ceb1ec33a5a29b94e2c62c30dc465a88b477d8fdf1d4560f6bf9290b050c7066a83f89a4a16bff64e57b523c9f0e75607f5bbc46fe70a689d76d305737e69c5046a058eda2cfa73be71d109871687c60974a97c83a41ca00f32fc19cd0c18ab92da631c477a8b68cb1b93d4cf72", @ANYRESOCT, @ANYRES16, @ANYRES16=r1], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x4, 0x100) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000380)={0x0, &(0x7f0000000340)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r2], 0x28}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x10010, 0xffffffffffffffff, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x0, 0x1000008, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x4000000000000003, 0x200) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) r10 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f00000001c0)={0x8}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) 19.530011861s ago: executing program 0 (id=523): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x28000, 0x0) r1 = eventfd2(0x8001, 0x0) write$eventfd(r1, &(0x7f0000000000)=0xfffffffffffffffb, 0x8) write$eventfd(r1, &(0x7f0000000000)=0x89ef, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x18b400, 0x0) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000fcc000/0x4000)=nil, r2, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 13.257766994s ago: executing program 1 (id=524): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0xccd80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x10004, 0x5, &(0x7f0000000180)=0x200}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10003, 0x1, 0xdddd0000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000002800000000001000010000000000000000200000000000000100000000000000"], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x4, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, &(0x7f0000000180)=ANY=[], 0xe0}, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_REG_LIST(r15, 0xc008aeb0, &(0x7f0000000000)) ioctl$KVM_SIGNAL_MSI(r8, 0x4020aea5, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x128, &(0x7f0000000340)=0x8000000000000000}) 13.129918452s ago: executing program 0 (id=525): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r0, 0x3, 0xc0) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013c807}}], 0x58}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 8.390704526s ago: executing program 0 (id=526): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x2}) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) ioctl$KVM_GET_ONE_REG(r2, 0x8000ae8c, 0x0) 1.946705363s ago: executing program 0 (id=527): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x3800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee0000, 0x2, r7, 0x8}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r7, 0x1}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x1, r7, 0x1}) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000b40)=@attr_irq_timer={0x0, 0x1, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r10 = eventfd2(0x0, 0x0) close(r10) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x4, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) write$eventfd(r10, &(0x7f0000000100)=0xf7fffffffffffff7, 0x8) 0s ago: executing program 1 (id=528): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1dd}) (async) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1dd}) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0xf}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 383.458791][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 435.212167][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:63009' (ED25519) to the list of known hosts. [ 599.490661][ T25] audit: type=1400 audit(598.640:61): avc: denied { name_bind } for pid=3290 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 600.432369][ T25] audit: type=1400 audit(599.580:62): avc: denied { execute } for pid=3291 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 600.453584][ T25] audit: type=1400 audit(599.600:63): avc: denied { execute_no_trans } for pid=3291 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 622.191987][ T25] audit: type=1400 audit(621.340:64): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 622.226826][ T25] audit: type=1400 audit(621.370:65): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 622.310470][ T3291] cgroup: Unknown subsys name 'net' [ 622.362730][ T25] audit: type=1400 audit(621.510:66): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 622.742475][ T3291] cgroup: Unknown subsys name 'cpuset' [ 622.849651][ T3291] cgroup: Unknown subsys name 'rlimit' [ 623.765432][ T25] audit: type=1400 audit(622.910:67): avc: denied { setattr } for pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 623.795479][ T25] audit: type=1400 audit(622.930:68): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 623.815323][ T25] audit: type=1400 audit(622.960:69): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 624.990728][ T3294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 625.012426][ T25] audit: type=1400 audit(624.160:70): avc: denied { relabelto } for pid=3294 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 625.039872][ T25] audit: type=1400 audit(624.190:71): avc: denied { write } for pid=3294 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 625.219424][ T25] audit: type=1400 audit(624.370:72): avc: denied { read } for pid=3291 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 625.241303][ T25] audit: type=1400 audit(624.380:73): avc: denied { open } for pid=3291 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 625.281239][ T3291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 673.401140][ T25] audit: type=1400 audit(672.550:74): avc: denied { execmem } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 677.000364][ T25] audit: type=1400 audit(676.150:75): avc: denied { read } for pid=3297 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 677.039193][ T25] audit: type=1400 audit(676.190:76): avc: denied { open } for pid=3297 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 677.115582][ T25] audit: type=1400 audit(676.260:77): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 677.369828][ T25] audit: type=1400 audit(676.520:78): avc: denied { module_request } for pid=3297 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 678.515718][ T25] audit: type=1400 audit(677.660:79): avc: denied { sys_module } for pid=3298 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 706.896087][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 707.351716][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 707.451969][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 707.951892][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.641856][ T3298] hsr_slave_0: entered promiscuous mode [ 720.670533][ T3298] hsr_slave_1: entered promiscuous mode [ 721.700184][ T3297] hsr_slave_0: entered promiscuous mode [ 721.758607][ T3297] hsr_slave_1: entered promiscuous mode [ 721.802032][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.808835][ T3297] Cannot create hsr debugfs directory [ 730.011475][ T25] audit: type=1400 audit(729.120:80): avc: denied { create } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.019126][ T25] audit: type=1400 audit(729.150:81): avc: denied { write } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.115674][ T25] audit: type=1400 audit(729.250:82): avc: denied { read } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.327249][ T3298] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 730.753703][ T3298] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 731.348172][ T3298] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 731.916489][ T3298] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.093547][ T3297] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 734.292115][ T3297] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 734.501019][ T3297] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 734.710219][ T3297] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 747.218596][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.532012][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.119350][ T3298] veth0_vlan: entered promiscuous mode [ 806.546708][ T3298] veth1_vlan: entered promiscuous mode [ 808.441227][ T3297] veth0_vlan: entered promiscuous mode [ 808.820674][ T3298] veth0_macvtap: entered promiscuous mode [ 809.257650][ T3298] veth1_macvtap: entered promiscuous mode [ 809.331226][ T3297] veth1_vlan: entered promiscuous mode [ 811.269941][ T3298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.276599][ T3298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.291220][ T3298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.313789][ T3298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.891857][ T3297] veth0_macvtap: entered promiscuous mode [ 812.597964][ T3297] veth1_macvtap: entered promiscuous mode [ 814.106404][ T25] audit: type=1400 audit(813.250:83): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 814.319068][ T25] audit: type=1400 audit(813.460:84): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.u02uoz/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 814.485975][ T25] audit: type=1400 audit(813.630:85): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 814.863576][ T25] audit: type=1400 audit(814.010:86): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.u02uoz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 814.999250][ T3297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.011084][ T3297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.025637][ T3297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.039047][ T25] audit: type=1400 audit(814.190:87): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.u02uoz/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 815.049572][ T3297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 815.925709][ T25] audit: type=1400 audit(815.030:88): avc: denied { unmount } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 816.092109][ T25] audit: type=1400 audit(815.240:89): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 816.209841][ T25] audit: type=1400 audit(815.330:90): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 816.483271][ T25] audit: type=1400 audit(815.630:91): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 816.646763][ T25] audit: type=1400 audit(815.790:92): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 818.419541][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 820.005924][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 820.028276][ T25] audit: type=1400 audit(819.150:94): avc: denied { read write } for pid=3298 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 820.077135][ T25] audit: type=1400 audit(819.220:95): avc: denied { open } for pid=3298 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 820.120668][ T25] audit: type=1400 audit(819.260:96): avc: denied { ioctl } for pid=3298 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 824.280590][ T25] audit: type=1400 audit(823.400:97): avc: denied { read } for pid=3456 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 824.313059][ T25] audit: type=1400 audit(823.460:98): avc: denied { open } for pid=3456 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 824.482585][ T25] audit: type=1400 audit(823.620:99): avc: denied { ioctl } for pid=3456 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 846.896138][ T25] audit: type=1400 audit(846.030:100): avc: denied { write } for pid=3473 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 847.166057][ T25] audit: type=1400 audit(846.310:101): avc: denied { append } for pid=3473 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 873.569630][ T25] audit: type=1400 audit(872.620:102): avc: denied { execute } for pid=3493 comm="syz.0.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3962 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 915.738071][ T3521] kvm [3521]: Failed to find VMA for hva 0x20d8d000 [ 930.596495][ T25] audit: type=1400 audit(929.740:103): avc: denied { setattr } for pid=3533 comm="syz.0.23" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 962.381658][ T3557] kvm [3554]: Unsupported guest access at: eeef0000 [ 962.381658][ T3557] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1392.570782][ T3840] kvm [3840]: Failed to find VMA for hva 0x208a1000 [ 1431.598855][ T3866] kvm [3866]: Failed to find VMA for hva 0x20c01000 [ 1859.449804][ T25] audit: type=1400 audit(1858.600:104): avc: denied { map } for pid=4164 comm="syz.0.209" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1859.489068][ T25] audit: type=1400 audit(1858.640:105): avc: denied { execute } for pid=4164 comm="syz.0.209" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1896.561948][ T4186] irq bypass consumer (token 00000000e168cfa4) registration fails: -16 [ 1912.101218][ T4197] kvm [4197]: Failed to find VMA for hva 0x21016000 [ 2240.956376][ T25] audit: type=1400 audit(2240.090:106): avc: denied { ioctl } for pid=4407 comm="syz.1.283" path="net:[4026532631]" dev="nsfs" ino=4026532631 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2322.212357][ T25] audit: type=1400 audit(2321.260:107): avc: denied { map } for pid=4467 comm="syz.1.303" path="pipe:[2431]" dev="pipefs" ino=2431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 2576.317217][ T25] audit: type=1400 audit(2575.450:108): avc: denied { execute } for pid=4643 comm="syz.0.354" path=2F3138302F10FBFF67525673312B0104 dev="tmpfs" ino=928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2846.417397][ T4810] kvm [4810]: Failed to find VMA for hva 0x20d8d000 [ 3079.548328][ T4974] kvm [4974]: Failed to find VMA for hva 0x20d8d000 [ 3266.673661][ T5079] kvm [5079]: Failed to find VMA for hva 0x20c01000 [ 3328.652687][ T5118] kvm [5118]: Failed to find VMA for hva 0x21016000 [ 3463.078924][ T5205] kvm [5205]: Failed to find VMA for hva 0x20d8d000 [ 3472.452922][ T5217] ------------[ cut here ]------------ [ 3472.454233][ T5217] WARNING: CPU: 0 PID: 5217 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [ 3472.458027][ T5217] Modules linked in: [ 3472.460802][ T5217] CPU: 0 UID: 0 PID: 5217 Comm: syz.1.528 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3472.462610][ T5217] Hardware name: linux,dummy-virt (DT) [ 3472.463998][ T5217] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 3472.465341][ T5217] pc : pend_sync_exception+0x198/0x5ac [ 3472.466423][ T5217] lr : pend_sync_exception+0x198/0x5ac [ 3472.467460][ T5217] sp : ffff80008e6378c0 [ 3472.468341][ T5217] x29: ffff80008e6378c0 x28: 0000000000000018 x27: 18f000001699db28 [ 3472.470313][ T5217] x26: 0000000000000018 x25: 0000000000000000 x24: 0000000000000000 [ 3472.471930][ T5217] x23: 0000000000000000 x22: 0000000000000018 x21: 18f000001699e701 [ 3472.473671][ T5217] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 3472.475394][ T5217] x17: 00000000000000c0 x16: ffff800080011d9c x15: 0000000020000080 [ 3472.477090][ T5217] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000c2 [ 3472.478796][ T5217] x11: c2f000001820b2e4 x10: 0000000000ff0100 x9 : 0000000000000000 [ 3472.480620][ T5217] x8 : c2f0000018209d80 x7 : ffff800080b08704 x6 : ffff80008e637a88 [ 3472.482223][ T5217] x5 : ffff80008e637a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 3472.483903][ T5217] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 3472.485816][ T5217] Call trace: [ 3472.486908][ T5217] pend_sync_exception+0x198/0x5ac (P) [ 3472.488328][ T5217] __kvm_inject_sea+0x268/0x96c [ 3472.489471][ T5217] kvm_inject_sea+0x98/0x72c [ 3472.490621][ T5217] __kvm_arm_vcpu_set_events+0x134/0x238 [ 3472.491751][ T5217] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 3472.492843][ T5217] kvm_vcpu_ioctl+0x5c4/0xc2c [ 3472.493837][ T5217] __arm64_sys_ioctl+0x18c/0x244 [ 3472.494856][ T5217] invoke_syscall+0x90/0x2b4 [ 3472.495937][ T5217] el0_svc_common+0x180/0x2f4 [ 3472.496985][ T5217] do_el0_svc+0x58/0x74 [ 3472.497960][ T5217] el0_svc+0x58/0x160 [ 3472.499006][ T5217] el0t_64_sync_handler+0x78/0x108 [ 3472.500097][ T5217] el0t_64_sync+0x198/0x19c [ 3472.501304][ T5217] irq event stamp: 56 [ 3472.502191][ T5217] hardirqs last enabled at (55): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 3472.503696][ T5217] hardirqs last disabled at (56): [] el1_dbg+0x24/0x80 [ 3472.505019][ T5217] softirqs last enabled at (38): [] local_bh_enable+0x10/0x34 [ 3472.506401][ T5217] softirqs last disabled at (36): [] local_bh_disable+0x10/0x34 [ 3472.507903][ T5217] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3491.692169][ T4002] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3492.373215][ T4002] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3493.129300][ T4002] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3493.928325][ T4002] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 02:55:48 Registers: info registers vcpu 0 CPU#0 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2 X02=0000000000000008 X03=0000000000000002 X04=0000000000000000 X05=0000000000000001 X06=0000000000000000 X07=ffff800080488668 X08=00000000000003c0 X09=0000000000000000 X10=00000000000000c2 X11=ffff800087f39a30 X12=fff0000018209d88 X13=0000000000000003 X14=0000000000000000 X15=ffff800087f39a30 X16=0000000000000000 X17=00000000000000c0 X18=0000000000000000 X19=0000000000000000 X20=0000000000000000 X21=ffff800080488668 X22=ffff800087706128 X23=0000000000000002 X24=0000000000000000 X25=0000000000000001 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff80008e637110 X30=ffff800080451698 SP=ffff80008e6370c0 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000fffffbbcd410:aa3a71852d0cf100 Z02=0000fffffbbcd3f0:ffffff80ffffffd8 Z03=0000fffffbbcd4a0:0000fffffbbcd4a0 Z04=0000fffffbbcd4a0:0000ffff9ef36d08 Z05=0000fffffbbcd470:0000fffffbbcd4a0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffffbbcd6c0:0000fffffbbcd6c0 Z17=ffffff80ffffffd0:0000fffffbbcd690 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000