last executing test programs: 1m2.370217721s ago: executing program 0 (id=1353): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x8, 0x88, &(0x7f0000000200)=0xcc82}) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000080)={0xec, 0x0, 0x8, r6, 0x6}) (async, rerun: 64) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x0) (rerun: 64) 54.253318315s ago: executing program 1 (id=1354): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfe000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000007c0)={0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="be00000000000000180000000000000000d01300000030600a00000000000000b40000000000000000d4a00e60a695d20040b0f2810080d2620080d2830180d2840080d2020000d4000008d50004005ec06d91d200c0b8f2410080d2820180d26380d2e40180d2020000d4007008d5209e9ad200a0b8f2010080d2c20080d2030080d2040080d2020000d440ab81d20060b0f2210180d2020180d2430080d2e40180d2020000d4a02f92d200e0b8f2810180d2820180d2a30180d2040180d2020000d4008008d5c0035fd6"], 0xcc}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 51.855146825s ago: executing program 0 (id=1355): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000000000000000000001"]) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r9, 0x1000008, 0x100010, 0xffffffffffffffff, 0x0) close(r6) r11 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a3ef2, 0x0) write$eventfd(r11, &(0x7f0000000180)=0x5, 0xfffffe09) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_vgic_v3_setup(r1, 0x2, 0xa0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 48.249644791s ago: executing program 1 (id=1356): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) r5 = eventfd2(0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000002a000/0x3000)=nil, r9, 0x2, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x6030000000100010, &(0x7f0000000000)=0x5}) close(r5) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, r10, 0x467af21e7e8bde02, 0x11, r5, 0x0) write$eventfd(r5, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc0e00, 0x2000) 37.822067046s ago: executing program 1 (id=1357): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x800000000000002, 0x0, 0x0, 0xffffffffffffffff, 0x9}) mmap$KVM_VCPU(&(0x7f0000fea000/0x14000)=nil, 0x0, 0xa, 0x4002010, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r4 = mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r2, 0x0, 0x4000010, r3, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r7, 0x0) r9 = openat$kvm(0x0, &(0x7f00000001c0), 0xc40, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f00000003c0)=0xfffffffffffeffff}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="fb0164dd033b6d44ccaf8ebe7ad0f4e7454e3ac4b05400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c861d22627e700000000000000000000000000008000", 0x0, 0xfffffffffffffe06) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="e244a589083c53044596952332973ea6cad62d0c090eeb1a6c0097975c7305f77d6e96d4a9bbbead81241046158387c314672550aa2e6988a6f88b63cca7b44a07ae4d0ab0f1ca8f", 0x0, 0x48) 37.821713846s ago: executing program 0 (id=1358): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000dfa000/0x3000)=nil, 0x930, 0x2000008, 0x30, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x408) write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e027fff) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="82000000000000002800000000000000020000000000420100000000000000000000000000001800000000000000fffeffffffffffffbe0000000000000018000000000000001ae21300000030606e00000000000000300000000000000000000008000000000020000000000000310100000000000001000000000000001e0000000000000040000000000000000d0000c4000000000100000000000000faffffffffffffffff010000000000000300000000000000ff00000000000000"], 0xc8}, &(0x7f0000000680)=[@featur1={0x1, 0x7a}], 0x1) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000700)=@arm64_ccsidr={0x602000000011000b, &(0x7f00000006c0)=0x80}) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0xffff, 0x0}) r11 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000000)={0x0, 0x0, 0x198}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x100) 27.588906681s ago: executing program 1 (id=1359): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) munmap(&(0x7f0000030000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xc3) (async) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xc3) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x280000f, 0x11, r4, 0x0) ioctl$KVM_CAP_ARM_MTE(r6, 0x4068aea3, &(0x7f0000000100)) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x260002, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) 24.203722743s ago: executing program 0 (id=1360): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x30}, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x1, 0x2, 0x0}) syz_kvm_vgic_v3_setup(r1, 0x2, 0x3c0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17.470088024s ago: executing program 1 (id=1361): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x76b200, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000000100)={0x2010040, 0x1000c53}) ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000) r11 = eventfd2(0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) close(r11) 9.494733406s ago: executing program 0 (id=1362): r0 = openat$kvm(0x0, &(0x7f0000000300), 0x40000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x180) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x4, 0x4, 0x0}) 3.09988641s ago: executing program 1 (id=1363): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0, 0x198}, 0x0, 0x0) (async) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="82000000000000002800000000000000010000010000000001200000000000000100000000000000"], 0x28}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x4, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x0, 0x5}) 0s ago: executing program 0 (id=1364): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x561202, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) (async) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x8) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x81f}) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) (async) r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000340)=[@code={0xa, 0x6c, {"007008d540cd98d20060b8f2610080d2620080d2030180d2a40180d2020000d4007008d5000028d5808f85d200e0b8f2210180d2620080d2030180d2e40180d2020000d4000028d5000080130000809a000028d50064002f"}}, @smc={0x1e, 0x40, {0x42000089, [0xf, 0x1, 0x1, 0x7, 0x8000]}}], 0xac}, &(0x7f00000002c0)=[@featur2={0x1, 0x4}], 0x1) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000400)={0x7, 0x20}) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x4, 0x1, 0x0}) (async) ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, 0x0) (async) r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000000c0)={0x4, 0xffffffffffffffff, 0x932d82b1a9412f16}) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, 0x0) kernel console output (not intermixed with test programs): [ 405.194324][ T3128] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:3876' (ED25519) to the list of known hosts. [ 593.118102][ T25] audit: type=1400 audit(592.320:59): avc: denied { name_bind } for pid=3284 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 594.065125][ T25] audit: type=1400 audit(593.260:60): avc: denied { execute } for pid=3285 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 594.089965][ T25] audit: type=1400 audit(593.280:61): avc: denied { execute_no_trans } for pid=3285 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 613.319610][ T25] audit: type=1400 audit(612.520:62): avc: denied { mounton } for pid=3285 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 613.353814][ T25] audit: type=1400 audit(612.550:63): avc: denied { mount } for pid=3285 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 613.437836][ T3285] cgroup: Unknown subsys name 'net' [ 613.488241][ T25] audit: type=1400 audit(612.690:64): avc: denied { unmount } for pid=3285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 613.902599][ T3285] cgroup: Unknown subsys name 'cpuset' [ 614.008220][ T3285] cgroup: Unknown subsys name 'rlimit' [ 615.006325][ T25] audit: type=1400 audit(614.210:65): avc: denied { setattr } for pid=3285 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 615.025499][ T25] audit: type=1400 audit(614.220:66): avc: denied { mounton } for pid=3285 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 615.050310][ T25] audit: type=1400 audit(614.250:67): avc: denied { mount } for pid=3285 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 616.218702][ T3287] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 616.239987][ T25] audit: type=1400 audit(615.440:68): avc: denied { relabelto } for pid=3287 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.266563][ T25] audit: type=1400 audit(615.470:69): avc: denied { write } for pid=3287 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 616.445631][ T25] audit: type=1400 audit(615.640:70): avc: denied { read } for pid=3285 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.464377][ T25] audit: type=1400 audit(615.660:71): avc: denied { open } for pid=3285 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.503821][ T3285] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 664.295352][ T25] audit: type=1400 audit(663.500:72): avc: denied { execmem } for pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 668.045125][ T25] audit: type=1400 audit(667.240:74): avc: denied { open } for pid=3290 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 668.064105][ T25] audit: type=1400 audit(667.230:73): avc: denied { read } for pid=3291 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 668.135891][ T25] audit: type=1400 audit(667.320:75): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 668.393746][ T25] audit: type=1400 audit(667.570:76): avc: denied { module_request } for pid=3291 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 668.400656][ T25] audit: type=1400 audit(667.580:77): avc: denied { module_request } for pid=3290 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 669.585509][ T25] audit: type=1400 audit(668.760:78): avc: denied { sys_module } for pid=3291 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 695.375597][ T3291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.815102][ T3291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 696.750572][ T3290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 697.228525][ T3290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 711.613390][ T3291] hsr_slave_0: entered promiscuous mode [ 711.639441][ T3291] hsr_slave_1: entered promiscuous mode [ 712.745814][ T3290] hsr_slave_0: entered promiscuous mode [ 712.780531][ T3290] hsr_slave_1: entered promiscuous mode [ 712.815378][ T3290] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 712.824938][ T3290] Cannot create hsr debugfs directory [ 718.220449][ T25] audit: type=1400 audit(717.410:79): avc: denied { create } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.278653][ T25] audit: type=1400 audit(717.480:80): avc: denied { write } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.324096][ T25] audit: type=1400 audit(717.510:81): avc: denied { read } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.440318][ T3291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 718.868397][ T3291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 719.187905][ T3291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 719.489955][ T3291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 720.941112][ T3290] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 721.104692][ T3290] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 721.238643][ T3290] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 721.458588][ T3290] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.386742][ T3291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 736.681109][ T3290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 792.978437][ T3291] veth0_vlan: entered promiscuous mode [ 793.410509][ T3291] veth1_vlan: entered promiscuous mode [ 795.407423][ T3290] veth0_vlan: entered promiscuous mode [ 795.620902][ T3291] veth0_macvtap: entered promiscuous mode [ 796.078547][ T3291] veth1_macvtap: entered promiscuous mode [ 796.230309][ T3290] veth1_vlan: entered promiscuous mode [ 798.210619][ T3291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.221165][ T3291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.234334][ T3291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.251151][ T3291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.995066][ T3290] veth0_macvtap: entered promiscuous mode [ 799.540802][ T3290] veth1_macvtap: entered promiscuous mode [ 801.027715][ T25] audit: type=1400 audit(800.230:82): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 801.208072][ T25] audit: type=1400 audit(800.410:83): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.kzLnj5/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 801.424097][ T25] audit: type=1400 audit(800.610:84): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 801.721074][ T25] audit: type=1400 audit(800.920:85): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.kzLnj5/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 802.026524][ T3290] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.035560][ T25] audit: type=1400 audit(801.080:86): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.kzLnj5/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 802.053887][ T3290] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.096864][ T3290] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.105081][ T3290] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.813917][ T25] audit: type=1400 audit(802.000:87): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 803.073635][ T25] audit: type=1400 audit(802.270:88): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 803.154530][ T25] audit: type=1400 audit(802.350:89): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="gadgetfs" ino=3294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 803.437662][ T25] audit: type=1400 audit(802.600:90): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 803.478813][ T25] audit: type=1400 audit(802.680:91): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 804.890538][ T3291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 806.044316][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 806.074520][ T25] audit: type=1400 audit(805.240:93): avc: denied { read write } for pid=3291 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 806.104377][ T25] audit: type=1400 audit(805.300:94): avc: denied { open } for pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 806.163722][ T25] audit: type=1400 audit(805.350:95): avc: denied { ioctl } for pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 809.196829][ T25] audit: type=1400 audit(808.350:96): avc: denied { read } for pid=3432 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 809.324863][ T25] audit: type=1400 audit(808.390:97): avc: denied { open } for pid=3432 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 809.938493][ T25] audit: type=1400 audit(809.130:98): avc: denied { ioctl } for pid=3433 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 819.599188][ T25] audit: type=1400 audit(818.770:99): avc: denied { execute } for pid=3440 comm="syz.0.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3437 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 819.703289][ T25] audit: type=1400 audit(818.900:100): avc: denied { write } for pid=3442 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 827.328174][ T25] audit: type=1400 audit(826.470:101): avc: denied { append } for pid=3447 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 950.582870][ T25] audit: type=1400 audit(949.750:102): avc: denied { setattr } for pid=3517 comm="syz.1.24" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 974.846521][ T3535] debugfs: File 'vgic-its-state@8080000' in directory '3535-4' already present! [ 1050.946066][ T25] audit: type=1400 audit(1050.140:103): avc: denied { ioctl } for pid=3590 comm="syz.0.43" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1104.850759][ T3623] kvm [3623]: Failed to find VMA for hva 0x20c01000 [ 1298.913974][ T25] audit: type=1400 audit(1298.090:104): avc: denied { map } for pid=3748 comm="syz.0.90" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2081.266727][ T25] audit: type=1400 audit(2080.460:105): avc: denied { execute } for pid=4259 comm="syz.1.233" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3069.410911][ T25] audit: type=1400 audit(3068.610:106): avc: denied { execute } for pid=4901 comm="syz.0.421" path=2F3230342FE16F8F1F449A7A8356 dev="tmpfs" ino=1046 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 3173.229602][ T4980] kvm [4979]: Unsupported guest access at: eeef0000 [ 3173.229602][ T4980] { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_write }, [ 3249.997886][ T5031] kvm [5031]: Failed to find VMA for hva 0x20c01000 [ 3285.504833][ T5056] kvm [5056]: Failed to find VMA for hva 0x20d8d000 [ 3376.865313][ T5123] debugfs: File 'vgic-its-state@8080000' in directory '5123-5' already present! [ 3377.090597][ T5123] kvm [5123]: Failed to find VMA for hva 0x20c01000 [ 3440.319873][ T5161] KVM: debugfs: duplicate directory 5161-5 [ 3440.568712][ T5161] KVM: debugfs: duplicate directory 5161-5 [ 3695.900686][ T5343] FAULT_INJECTION: forcing a failure. [ 3695.900686][ T5343] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 3695.958308][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.551 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 3695.958951][ T5343] Hardware name: linux,dummy-virt (DT) [ 3695.959446][ T5343] Call trace: [ 3695.959830][ T5343] show_stack+0x2c/0x3c (C) [ 3695.961749][ T5343] __dump_stack+0x30/0x40 [ 3695.962031][ T5343] dump_stack_lvl+0xd8/0x12c [ 3695.962278][ T5343] dump_stack+0x1c/0x28 [ 3695.962488][ T5343] should_fail_ex+0x570/0x6e0 [ 3695.962774][ T5343] should_fail_alloc_page+0xd4/0xd8 [ 3695.963074][ T5343] prepare_alloc_pages+0x20c/0x5e0 [ 3695.963406][ T5343] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 3695.963709][ T5343] alloc_pages_mpol+0x204/0x4c8 [ 3695.963971][ T5343] alloc_pages_noprof+0x104/0x2ec [ 3695.964260][ T5343] get_free_pages_noprof+0x1c/0xc4 [ 3695.964558][ T5343] __kvm_mmu_topup_memory_cache+0x328/0x6d8 [ 3695.964854][ T5343] kvm_mmu_topup_memory_cache+0x2c/0x3c [ 3695.965183][ T5343] kvm_handle_guest_abort+0x14c0/0x2ddc [ 3695.965485][ T5343] handle_exit+0x21c/0x3dc [ 3695.965773][ T5343] kvm_arch_vcpu_ioctl_run+0x11b0/0x25d8 [ 3695.965999][ T5343] kvm_vcpu_ioctl+0x7d8/0xc24 [ 3695.966266][ T5343] __arm64_sys_ioctl+0x18c/0x244 [ 3695.966476][ T5343] invoke_syscall+0x90/0x2b4 [ 3695.966753][ T5343] el0_svc_common+0x180/0x2f4 [ 3695.967024][ T5343] do_el0_svc+0x58/0x74 [ 3695.967311][ T5343] el0_svc+0x58/0x134 [ 3695.967604][ T5343] el0t_64_sync_handler+0x78/0x108 [ 3695.967905][ T5343] el0t_64_sync+0x198/0x19c [ 3815.009451][ T5417] kvm [5417]: Failed to find VMA for hva 0x20d8d000 [ 3985.503905][ T5527] kvm [5527]: Failed to find VMA for hva 0x20c01000 [ 4046.978596][ T5572] kvm [5572]: Failed to find VMA for hva 0x20d8b000 [ 4275.965858][ T5741] kvm [5741]: Failed to find VMA for hva 0x20d8d000 [ 4469.828560][ T5897] kvm [5897]: Failed to find VMA for hva 0x20c01000 [ 4469.938360][ T5899] kvm [5899]: Failed to find VMA for hva 0x20c01000 [ 4625.503464][ T5998] kvm [5998]: Failed to find VMA for hva 0x20e8a000 [ 5142.917946][ T6365] kvm [6365]: Failed to find VMA for hva 0x21016000 [ 5425.157080][ T6557] kvm [6557]: Failed to find VMA for hva 0x20d8d000 [ 5506.706776][ T6608] debugfs: File 'vgic-its-state@8080000' in directory '6606-4' already present! [ 5551.126793][ T6637] KVM: debugfs: duplicate directory 6637-7 [ 5796.389039][ T6806] kvm [6806]: Failed to find VMA for hva 0x21016000 [ 6016.040058][ T6953] kvm [6953]: Failed to find VMA for hva 0x20c01000 [ 6164.626583][ T7066] kvm [7066]: Failed to find VMA for hva 0x20d8d000 [ 6874.646689][ T25] audit: type=1400 audit(6873.840:107): avc: denied { map } for pid=7560 comm="syz.1.1176" path="pipe:[2441]" dev="pipefs" ino=2441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 6989.075023][ T4743] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6990.284962][ T4743] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6991.350042][ T4743] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6992.277653][ T4743] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7008.930970][ T4743] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7009.174790][ T4743] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7009.367281][ T4743] bond0 (unregistering): Released all slaves [ 7012.186956][ T4743] hsr_slave_0: left promiscuous mode [ 7012.334807][ T4743] hsr_slave_1: left promiscuous mode [ 7013.136845][ T4743] veth1_macvtap: left promiscuous mode [ 7013.147756][ T4743] veth0_macvtap: left promiscuous mode [ 7013.196422][ T4743] veth1_vlan: left promiscuous mode [ 7013.218535][ T4743] veth0_vlan: left promiscuous mode [ 7091.800344][ T7648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7092.169819][ T7648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7119.737136][ T7648] hsr_slave_0: entered promiscuous mode [ 7119.798025][ T7648] hsr_slave_1: entered promiscuous mode [ 7119.855708][ T7648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7119.866659][ T7648] Cannot create hsr debugfs directory [ 7144.198383][ T7648] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7144.590425][ T7648] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7145.000967][ T7648] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7145.478079][ T7648] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7171.389375][ T7648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7266.616499][ T7648] veth0_vlan: entered promiscuous mode [ 7267.641095][ T7648] veth1_vlan: entered promiscuous mode [ 7270.794934][ T7648] veth0_macvtap: entered promiscuous mode [ 7271.310062][ T7648] veth1_macvtap: entered promiscuous mode [ 7274.535924][ T7648] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7274.554613][ T7648] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7274.555944][ T7648] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7274.556823][ T7648] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7302.199368][ T5961] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7303.488487][ T5961] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7304.787510][ T5961] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7306.168389][ T5961] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7325.327499][ T5961] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7325.674726][ T5961] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7325.840470][ T5961] bond0 (unregistering): Released all slaves [ 7328.220902][ T5961] hsr_slave_0: left promiscuous mode [ 7328.383891][ T5961] hsr_slave_1: left promiscuous mode [ 7329.160304][ T5961] veth1_macvtap: left promiscuous mode [ 7329.163248][ T5961] veth0_macvtap: left promiscuous mode [ 7329.223758][ T5961] veth1_vlan: left promiscuous mode [ 7329.230570][ T5961] veth0_vlan: left promiscuous mode [ 7406.646414][ T7881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7406.878646][ T7881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7435.580384][ T7881] hsr_slave_0: entered promiscuous mode [ 7435.719612][ T7881] hsr_slave_1: entered promiscuous mode [ 7461.890384][ T7881] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7462.244871][ T7881] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7462.730498][ T7881] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7463.079168][ T7881] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7486.568410][ T7881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7552.785271][ T8063] kvm [8063]: Failed to find VMA for hva 0x20c01000 [ 7576.696592][ T7881] veth0_vlan: entered promiscuous mode [ 7577.360044][ T7881] veth1_vlan: entered promiscuous mode [ 7579.580323][ T7881] veth0_macvtap: entered promiscuous mode [ 7579.847284][ T7881] veth1_macvtap: entered promiscuous mode [ 7581.739983][ T7881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7581.759978][ T7881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7581.793549][ T7881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7581.807701][ T7881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7634.120388][ T8120] kvm [8120]: Failed to find VMA for hva 0x20d8d000 [ 7641.497488][ T8129] kvm [8129]: Failed to find VMA for hva 0x20d8d000 [ 7668.485403][ T8146] kvm [8146]: Failed to find VMA for hva 0x21016000 [ 7696.756759][ T8167] KVM: debugfs: duplicate directory 8167-5 [ 7772.015245][ T8211] kvm [8211]: Failed to find VMA for hva 0x20d8a000 [ 8170.300797][ T8484] ================================================================== [ 8170.301671][ T8484] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [ 8170.302342][ T8484] Read of size 1 at addr 00000000000013c8 by task syz.1.1363/8484 [ 8170.302753][ T8484] [ 8170.303048][ T8484] CPU: 0 UID: 0 PID: 8484 Comm: syz.1.1363 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 8170.303302][ T8484] Hardware name: linux,dummy-virt (DT) [ 8170.303402][ T8484] Call trace: [ 8170.303531][ T8484] show_stack+0x2c/0x3c (C) [ 8170.303855][ T8484] __dump_stack+0x30/0x40 [ 8170.304047][ T8484] dump_stack_lvl+0xd8/0x12c [ 8170.304250][ T8484] print_report+0x5c/0xa0 [ 8170.304513][ T8484] kasan_report+0xb0/0x110 [ 8170.304777][ T8484] __kasan_check_byte+0x3c/0x54 [ 8170.305051][ T8484] lock_acquire+0xb0/0x2e0 [ 8170.305352][ T8484] _raw_spin_lock_irqsave+0x5c/0x7c [ 8170.305664][ T8484] kvm_vgic_set_owner+0x18c/0x294 [ 8170.305914][ T8484] kvm_timer_enable+0x1c4/0x794 [ 8170.306121][ T8484] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 8170.306356][ T8484] kvm_vcpu_ioctl+0xae8/0xc24 [ 8170.306606][ T8484] __arm64_sys_ioctl+0x18c/0x244 [ 8170.306806][ T8484] invoke_syscall+0x90/0x2b4 [ 8170.307073][ T8484] el0_svc_common+0x180/0x2f4 [ 8170.307348][ T8484] do_el0_svc+0x58/0x74 [ 8170.307617][ T8484] el0_svc+0x58/0x134 [ 8170.307896][ T8484] el0t_64_sync_handler+0x78/0x108 [ 8170.308177][ T8484] el0t_64_sync+0x198/0x19c [ 8170.308527][ T8484] ================================================================== [ 8170.310850][ T8484] Disabling lock debugging due to kernel taint [ 8170.311999][ T8484] Unable to handle kernel paging request at virtual address ffef80000000013b [ 8170.312501][ T8484] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [ 8170.312860][ T8484] Mem abort info: [ 8170.313108][ T8484] ESR = 0x0000000096000004 [ 8170.313454][ T8484] EC = 0x25: DABT (current EL), IL = 32 bits [ 8170.313762][ T8484] SET = 0, FnV = 0 [ 8170.314023][ T8484] EA = 0, S1PTW = 0 [ 8170.314299][ T8484] FSC = 0x04: level 0 translation fault [ 8170.314630][ T8484] Data abort info: [ 8170.314883][ T8484] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 8170.315140][ T8484] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 8170.315442][ T8484] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 8170.315869][ T8484] [ffef80000000013b] address between user and kernel address ranges [ 8170.316718][ T8484] Internal error: Oops: 0000000096000004 [#1] SMP [ 8170.340322][ T8484] Modules linked in: [ 8170.342264][ T8484] CPU: 0 UID: 0 PID: 8484 Comm: syz.1.1363 Tainted: G B 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 8170.343828][ T8484] Tainted: [B]=BAD_PAGE [ 8170.344529][ T8484] Hardware name: linux,dummy-virt (DT) [ 8170.345580][ T8484] pstate: 614020c9 (nZCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 8170.346771][ T8484] pc : do_raw_spin_lock+0x4c/0x2b4 [ 8170.347669][ T8484] lr : _raw_spin_lock_irqsave+0x64/0x7c [ 8170.348622][ T8484] sp : ffff80008f747930 [ 8170.349353][ T8484] x29: ffff80008f747940 x28: b3f000001d0657c0 x27: b3f000001d066c30 [ 8170.351125][ T8484] x26: 0000000000000001 x25: b3f000001d066e10 x24: 0000000000000010 [ 8170.352641][ T8484] x23: c7ff80008f7ef000 x22: b3f000001d0657c0 x21: ffff80008020b2b8 [ 8170.354125][ T8484] x20: 00000000000013b0 x19: efff800000000000 x18: 00000000000000ff [ 8170.355608][ T8484] x17: 000000000000001d x16: 00000000000000fe x15: 0000000000000000 [ 8170.357089][ T8484] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [ 8170.358563][ T8484] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [ 8170.360258][ T8484] x8 : 00000000000013b4 x7 : ffff8000870bb0c3 x6 : ffff800086592f3c [ 8170.361718][ T8484] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802b42dc [ 8170.363123][ T8484] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [ 8170.364674][ T8484] Call trace: [ 8170.365461][ T8484] do_raw_spin_lock+0x4c/0x2b4 (P) [ 8170.366359][ T8484] _raw_spin_lock_irqsave+0x64/0x7c [ 8170.367313][ T8484] kvm_vgic_set_owner+0x18c/0x294 [ 8170.368315][ T8484] kvm_timer_enable+0x1c4/0x794 [ 8170.369253][ T8484] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 8170.370195][ T8484] kvm_vcpu_ioctl+0xae8/0xc24 [ 8170.371075][ T8484] __arm64_sys_ioctl+0x18c/0x244 [ 8170.371974][ T8484] invoke_syscall+0x90/0x2b4 [ 8170.372906][ T8484] el0_svc_common+0x180/0x2f4 [ 8170.373858][ T8484] do_el0_svc+0x58/0x74 [ 8170.374707][ T8484] el0_svc+0x58/0x134 [ 8170.375625][ T8484] el0t_64_sync_handler+0x78/0x108 [ 8170.376581][ T8484] el0t_64_sync+0x198/0x19c [ 8170.377942][ T8484] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [ 8170.379713][ T8484] ---[ end trace 0000000000000000 ]--- [ 8170.381319][ T8484] Kernel panic - not syncing: Oops: Fatal exception [ 8170.383561][ T8484] Kernel Offset: disabled [ 8170.384495][ T8484] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f [ 8170.385605][ T8484] Memory Limit: none [ 8170.387069][ T8484] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:36:34 Registers: info registers vcpu 0 CPU#0 PC=ffff80008209d634 X00=0000000000000003 X01=0000000000000002 X02=000000000000007b X03=ffff80008209d530 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e87f2c X07=ffff8000870bb0c3 X08=d4f000000e215880 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000087 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=000000000000001d X18=00000000000000ff X19=efff800000000000 X20=87f000000e049080 X21=48ff80008c42b018 X22=0000000000000002 X23=87f000000e04917a X24=0000000000000087 X25=87f000000e0492c8 X26=87f000000e0490c8 X27=0000000000000087 X28=0000000000000087 X29=ffff80008f747090 X30=ffff80008209d634 SP=ffff80008f747080 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=1200000000000000:1200000000000000 Z01=0000001200000000:0000000000000000 Z02=0000000000000012:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=0000000000000012:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffe3909990:0000ffffe3909990 Z17=ffffff80ffffffd0:0000ffffe3909960 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000