last executing test programs: 34.685580609s ago: executing program 0 (id=4): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x100000, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 28.234219851s ago: executing program 0 (id=6): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) r1 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r1, 0xc040aed5, &(0x7f0000000000)={0xeeee0000, 0x10000}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 26.988142303s ago: executing program 1 (id=7): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x220202, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async, rerun: 64) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f00006b3000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 22.077335023s ago: executing program 0 (id=8): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e227ffe) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r4, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r4, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (async) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r7 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r6, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000318ea623f973836b00"/24], 0x18}], 0x1, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000d6d000/0x4000)=nil, r4, 0x4, 0x10, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0x40049409, 0x13) (async) ioctl$KVM_CREATE_VM(r0, 0x40049409, 0x13) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000fd3000/0x1000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4106931, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r8, 0x100000d, 0xf1a42817d474d052, 0xffffffffffffffff, 0x0) 20.559779663s ago: executing program 1 (id=9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000) close(r2) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x80a0000, 0x119000}) ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) openat$kvm(0x0, &(0x7f0000000280), 0x505001, 0x0) 14.73408332s ago: executing program 1 (id=10): mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x930, 0x4, 0x40032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) munmap(&(0x7f0000177000/0x13000)=nil, 0x13000) (async) r3 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000) (async) ioctl$KVM_CREATE_VM(r1, 0x40086602, 0x20000000) r4 = ioctl$KVM_CREATE_VM(r0, 0x80811501, 0x20000000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 10.809047535s ago: executing program 0 (id=11): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e1d000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 9.754176247s ago: executing program 1 (id=12): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000de8000/0x7000)=nil, 0x0, 0x100000f, 0x4010, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f07000/0x2000)=nil, 0x930, 0x8, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x10001, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) mmap$KVM_VCPU(&(0x7f00006b6000/0x4000)=nil, 0x0, 0x6, 0x4000010, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xe2a00, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x7e) ioctl$KVM_CREATE_VM(r1, 0x5452, 0xa000fdfd) 5.406566027s ago: executing program 0 (id=13): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x604080, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x5452, 0xa00000000000000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="be000000000000001800000000000000cdc41300000030600a0000000000000054000000000000000040211e0028200e0000202a0000204e00c4202e007008d5c09884d20080b0f2e10180d2220180d2c30080d2040180d2020000d400c0201e000028d5008008d5c0035fd68200000000000000280000000000000000000000000000000400000000000000ac000000000000000a000000000000009c0000000000000080208ad20080b0f2210180d2620180d2e30080d2e40180d2020000d40084ff0da03d96d20040b0f2e10080d2020080d2430180d2840180d2020000d40038601e20d389d200e0b0f2210180d2020180d2c30180d2c40180d2020000d4007008d5008008d5c0d89fd20060b8f2c10180d2420080d2430080d2640180d2020000d40004c0da000028d5c0035fd67b42f33a479f6ad25d6642"], 0x130}, &(0x7f0000000080)=[@featur2], 0x1) ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f00000000c0)=0x3000000) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000666000/0x3000)=nil, 0x3000) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) 4.488430525s ago: executing program 1 (id=14): r0 = eventfd2(0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000004, 0x11, r0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8521, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x7f) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="c86023619eacdd2a612982786aaeb76d2d28e56b93d0e55ab95bbd644dd112a7f44f101d7429741a30a21e3677dc5c85c3f9bcb480d301edbfd28e74d8b1162130c2cd5ada36a2da", 0x0, 0x48) 708.88µs ago: executing program 0 (id=15): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x59) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x1000003, 0xa0032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x80040, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x80) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0x8933, 0x6) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e00000000000000300000000000000000300000000000006a0d0000000000000101000000000000010000000000000022010000000000004000000000000000010000000000000004000000000000000800000000000000ffffffff0000000081000000000100000000000000000000000000000000000018000000000000000300000000000000aa000000000000002800000000000000020001000000030000000d000000f90000000000000000004600000000000000180000000000000004000000640300000a000000000000009c00000000000000008008d5e09495d200c0b0f2410180d2a20180d2c30080d2e40080d2020000d40000806c604582d200c0b0f2810180d2220080d2c30080d2840080d2020000d460248ed20080b0f2c10180d2020180d2a30180d2c40080d2020000d4007008d50000806dc0479cd20060b0f2610180d2620080d2230080d2640180d2020000d4000028d5007008d5c0035fd6be00000000000000180000000000000050070000000000008200000000000000280000000000000001000000000000000200000000000000c500000000000000df1affffffffffff6e0000000000000030000000000000000400000000000000e8ff000000000000050000000000000001000000000000001e00000000000000400000000000000000000031000000001c0100000000000009000000000000000300000000000000010000000000000002000000000000000000000000000000180000000000000000040000000000004600000000000000180000000000000001000000bc030000820000000000000028000000000000000300000000000000010000000000000011000000000000001e0000000000000040000000000000000d0000840000009b0000000000000000800000000000000000000000000000000100000000000000ff0300000000000082000000000000002800000000000000040000000000000003000000000000006d0300"/748], 0x2ec}, &(0x7f0000000440)=[@featur2={0x1, 0x97}], 0x1) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xf0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x4a0080, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) mmap$KVM_VCPU(&(0x7f0000658000/0x4000)=nil, r4, 0x400000d, 0x4010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SREGS(r7, 0x4000ae84, &(0x7f0000000480)={{0xeeef0000, 0xeeee8000, 0x9, 0x0, 0x5, 0xff, 0x2, 0x9, 0x8, 0x3f, 0x12, 0x2}, {0xffff7000, 0xffff1000, 0x0, 0x7, 0x4, 0x3, 0xf8, 0x80, 0x4, 0x8, 0x3, 0xd}, {0xdddd0000, 0x0, 0x4, 0x3, 0x7, 0xf6, 0xff, 0x9, 0x2, 0xb5, 0x8, 0x3}, {0x2, 0x1000, 0xe, 0x20, 0x9, 0x7, 0x0, 0x2, 0x0, 0x8, 0x3, 0x7}, {0xeeee0000, 0x3000, 0x10, 0x5, 0x0, 0x29, 0x2, 0x2, 0x4, 0x9, 0x3, 0x7}, {0xd000, 0x1, 0x9, 0x3, 0xa, 0xfb, 0x3, 0x26, 0x7, 0x9, 0x0, 0x4}, {0x3000, 0xeeef0000, 0x4, 0x5, 0x5, 0x3, 0x66, 0x9, 0x6, 0xf, 0x6, 0x5}, {0x8002000, 0x0, 0xc, 0x2, 0x3, 0x87, 0xbc, 0x3, 0x7, 0x5, 0x4}, {0xeeee8000, 0x1}, {0xf000, 0x4}, 0x4, 0x0, 0x1, 0x110008, 0x7, 0x4800, 0x6000, [0x1, 0x1, 0x8, 0x7]}) mmap$KVM_VCPU(&(0x7f0000847000/0x4000)=nil, 0x0, 0x0, 0x10, r7, 0x0) ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000040)) ioctl$KVM_CREATE_VM(r0, 0x401c5820, 0x20000000) 0s ago: executing program 1 (id=16): ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x4, 0x0, &(0x7f0000000040)=0x10001}) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2f) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f00000004c0)={0x1fe, 0x40, 0x100, &(0x7f00000000c0)=[0x9, 0xec39, 0x1, 0xfff, 0x7, 0x5, 0x5, 0x9, 0x89, 0x973, 0x0, 0x8, 0x8, 0x6e9c28d0, 0x3ff, 0x3, 0xfffffffffffffffd, 0x6, 0x4, 0x6, 0xb32, 0x3ff, 0x0, 0x8, 0x6, 0x3, 0x1, 0x8, 0xffffffff00000000, 0x5, 0x1, 0x3, 0x9, 0x3, 0x4, 0xd, 0x3, 0x556, 0x6, 0x1, 0x23a, 0x3880000000000000, 0x3d9, 0x800, 0xffffffffffffff65, 0x2, 0x10000, 0x8, 0x2, 0x4, 0x800000010000, 0x6, 0x2, 0xd, 0x80000001, 0x0, 0xd, 0x7, 0x8, 0x101, 0xe, 0x4, 0x5, 0x6, 0xed, 0x10000, 0x8, 0x100000000, 0x83f, 0x0, 0x5, 0x1, 0x0, 0x8, 0x80000000, 0x2, 0xfffffffffffffffe, 0xe61, 0x50000000, 0x10000, 0x2, 0x1, 0x9, 0x80000000, 0x7, 0xffffffffffffffff, 0x9, 0x100000000, 0x0, 0x8727, 0x1, 0x8000000000000000, 0x5fff, 0x0, 0x2, 0x8, 0x7, 0x5, 0x2, 0x2, 0x0, 0xc7, 0x7, 0x2, 0x5, 0x43, 0xfffffffffffff653, 0x9425, 0x1000, 0x6, 0x7, 0xfffffffffffffffc, 0x1, 0x40, 0x991, 0x6, 0x0, 0x4, 0xfffffffffffffff8, 0x3, 0x6826, 0x0, 0x0, 0x4, 0x8000, 0x5, 0x80000001, 0x1]}) (async, rerun: 32) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x12000, 0x0) (async, rerun: 32) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000940)={0x10001, 0x200, 0xfffffff2, &(0x7f0000000540)=[0xf6, 0x6, 0x8, 0x1, 0x8dd, 0x5, 0x0, 0x4, 0x401, 0x80000001, 0x1, 0x9, 0xffffffffffffffb5, 0x400, 0x53, 0x1, 0x7, 0x7fffffffffffffff, 0x3fd0000, 0x1b0, 0x4, 0x748, 0xf2, 0x5, 0x5, 0x6f, 0x2, 0x3c2, 0x4, 0x401, 0x1, 0x3bc, 0xfffffffffffffffd, 0x9ab, 0x9, 0x101, 0xc3, 0xfffffffffffffff8, 0x101, 0xfffffffffffffffa, 0xb2, 0xff, 0x1, 0x100000001, 0x9, 0x100000000, 0x9, 0x3, 0xf, 0x3, 0x5, 0x9, 0x5c, 0x1, 0x7, 0x9, 0x8, 0x10000, 0x5, 0xe34b, 0x9ac, 0xaa5, 0x3, 0x1, 0xfc, 0x3, 0x340, 0xb130, 0x8, 0x8e1, 0xb17, 0xd4c, 0x80000000, 0x8, 0x1, 0x5, 0x6, 0x6, 0x2ee, 0x200000000000, 0x561, 0xfff, 0x1, 0x1dcb, 0x7a, 0x2, 0x1, 0x3, 0x2f, 0x8, 0x3, 0x8, 0xf, 0x117, 0x5e19, 0xfffffffffffffff8, 0x5, 0x1, 0x1, 0xffffffffffffff58, 0x4, 0x74, 0x10, 0x1, 0x1, 0x4, 0x1, 0x2, 0x3ff, 0xfffffffffffffffd, 0x5, 0x7, 0x10000, 0x5, 0x400, 0x0, 0x2, 0x3, 0xffffffffffff436c, 0xf, 0x9, 0x2, 0xe, 0x3, 0xffffffffffff0cdf, 0x5, 0x3ff, 0x4]}) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000009c0)=@attr_other={0x0, 0x5, 0x100000001, &(0x7f0000000980)=0x1}) (async) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xc) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r3, 0x8, 0x110, r4, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000cc0)={0x0, &(0x7f0000000a00)=[@eret={0xe6, 0x18, 0x3cb5}, @mrs={0xbe, 0x18, {0x603000000013c01a}}, @eret={0xe6, 0x18, 0x2}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x3, 0x3, 0xc, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0xffffffffffffff00, 0xc}}, @hvc={0x32, 0x40, {0x84000006, [0x3, 0x100000001, 0x1000, 0xfc00000000000000, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013c666}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x6, 0x1}}, @code={0xa, 0x9c, {"000040b30080c00d00e69ad20000b0f2610080d2020180d2030180d2840080d2020000d40000c0a8800396d20080b8f2e10180d2c20080d2e30080d2640180d2020000d400989ad200e0b0f2410080d2620180d2e30180d2a40180d2020000d41f2003d5000028d5000008d5c00c85d200a0b0f2010080d2020080d2030180d2840180d2020000d4"}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0xa5}}, @irq_setup={0x46, 0x18, {0x2, 0x20c}}, @hvc={0x32, 0x40, {0x800, [0x100000001, 0x9, 0x2, 0x80000001, 0x4]}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1f8}}, @eret={0xe6, 0x18, 0xffffffff}], 0x29c}, &(0x7f0000000d00)=[@featur2={0x1, 0x30}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r5, 0x1000002, 0x1010, r6, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x9) ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000001140)={0x1, 0x3c0, 0x380, &(0x7f0000000d40)=[0x5, 0x9, 0x2, 0x239, 0x5aba, 0x3, 0x7, 0x1, 0x1, 0xa, 0x22a4, 0xec, 0x80, 0x3ff, 0x2, 0xfff, 0xe, 0x81, 0x3, 0xb, 0x1, 0x6, 0x2, 0x1000, 0x6, 0x3, 0x400, 0x7ff, 0x7, 0x40, 0x1, 0x4, 0xffffffff, 0x4, 0x4, 0x6b2, 0xff, 0xffffffffffffff17, 0x6, 0x1ff, 0x1, 0x6, 0x2, 0xa4f, 0x1, 0xd5, 0x4, 0x22, 0x40, 0x8000000000000001, 0xfffffffffffffff7, 0x7, 0x8, 0xe073, 0x9, 0x6, 0x8, 0x4, 0x35, 0x0, 0x4, 0x8000, 0x80000001, 0x3, 0x3, 0x7, 0xfffffffffffffffa, 0x100000001, 0x3, 0x0, 0x4, 0x0, 0x6000, 0x8, 0x96f, 0x3, 0x6, 0x3, 0x1, 0xffffffffffffffff, 0x0, 0x6, 0x401, 0x4a80, 0x8, 0x8, 0xbe3, 0x2, 0xbeaa, 0x3, 0x100000001, 0xb7, 0xa5d, 0x5, 0x6, 0x70, 0x80, 0x7fff, 0x51, 0x10, 0xffffffffffffffe8, 0x4, 0xc3, 0x7e8000000, 0x3, 0x1, 0x1, 0x5, 0x7f, 0x1000, 0xfffffffffffffff0, 0xb711, 0xe2, 0x7fffffff, 0x3, 0x9, 0x4, 0xd, 0xff, 0x4, 0x2, 0x2, 0x0, 0xff, 0xbc, 0x3ff, 0x7, 0x80000001]}) (async, rerun: 64) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000001180)={0x694, 0x6}) (async, rerun: 64) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000011c0)={0x4, 0x3}) (async) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000001200)={0x2, 0x6}) (async, rerun: 32) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000001280)=@arm64_sys={0x603000000013ff10, &(0x7f0000001240)=0x8}) (rerun: 32) ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f00000016c0)={0x1, 0xc0, 0x380, &(0x7f00000012c0)=[0x42, 0x2, 0x1, 0xffffffffffffff75, 0x6, 0x6, 0x5, 0x1, 0x1, 0x0, 0x4, 0x1d8, 0xfffffffffffffffc, 0x401, 0x9, 0x4a, 0x5, 0x202, 0xfffffffffffffff8, 0x5, 0x80000001, 0x3, 0xf, 0x9, 0x5, 0x4, 0x0, 0x2, 0x4fc2, 0x6, 0x7, 0xfffffffffffffe00, 0x6, 0x200, 0x0, 0x1, 0x6, 0x7fff, 0x1, 0x9, 0x5, 0xb70, 0xfffffffffffffffa, 0xbbb, 0x6, 0x100000001, 0x0, 0x0, 0x4, 0x4, 0x59, 0x8, 0x688, 0x8, 0x6, 0x9, 0x5, 0x11, 0xbb3, 0xffffffffffffffff, 0x1, 0x897e, 0x4, 0x1, 0x200, 0x58cc0000, 0x8, 0x0, 0x8, 0x5, 0x1, 0x3, 0x4, 0x1, 0x9, 0xb6, 0x3, 0x8, 0x3ff, 0x0, 0x68, 0x5, 0x6, 0xc0cc, 0x0, 0x3eb3, 0x8001, 0x2, 0x3, 0x340000000, 0x7, 0xfffffffffffffffd, 0x40, 0x8000000000000001, 0xd, 0x0, 0x9702, 0x3, 0x7b1e, 0x7, 0x3, 0xd, 0x4, 0x5, 0x3, 0x4e, 0xf, 0x100, 0x1, 0x800, 0x9, 0x76a4, 0x5, 0x6, 0x3, 0x1, 0x2, 0xf23, 0x9, 0x0, 0xf, 0x0, 0x5, 0x3, 0x0, 0x7, 0x4, 0xa]}) (async) r8 = eventfd2(0xfffffffc, 0x800) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000001700)={r8, 0x7, 0x1}) close(r6) (async, rerun: 32) r9 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x200) (rerun: 32) close(r9) (async) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000001740)=@x86={0x3, 0x0, 0x0, 0x0, 0x41, 0x8, 0x6, 0x0, 0xea, 0x9, 0x8, 0xb, 0x0, 0xfff, 0x73, 0x6, 0x0, 0x4, 0x1, '\x00', 0xa}) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) openat$kvm(0xffffffffffffff9c, &(0x7f0000001780), 0x4045, 0x0) ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) kernel console output (not intermixed with test programs): [ 387.830088][ T3149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.490740][ T3149] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:25214' (ED25519) to the list of known hosts. [ 586.626509][ T25] audit: type=1400 audit(585.880:61): avc: denied { name_bind } for pid=3305 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 588.440733][ T25] audit: type=1400 audit(587.700:62): avc: denied { execute } for pid=3306 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 588.467994][ T25] audit: type=1400 audit(587.720:63): avc: denied { execute_no_trans } for pid=3306 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 608.165526][ T25] audit: type=1400 audit(607.420:64): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 608.199388][ T25] audit: type=1400 audit(607.460:65): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 608.288742][ T3306] cgroup: Unknown subsys name 'net' [ 608.338626][ T25] audit: type=1400 audit(607.600:66): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 608.742374][ T3306] cgroup: Unknown subsys name 'cpuset' [ 608.840952][ T3306] cgroup: Unknown subsys name 'rlimit' [ 609.759539][ T25] audit: type=1400 audit(609.020:67): avc: denied { setattr } for pid=3306 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 609.807075][ T25] audit: type=1400 audit(609.030:68): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 609.816659][ T25] audit: type=1400 audit(609.060:69): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 611.395007][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 611.417013][ T25] audit: type=1400 audit(610.670:70): avc: denied { relabelto } for pid=3309 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.441172][ T25] audit: type=1400 audit(610.700:71): avc: denied { write } for pid=3309 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 611.620650][ T25] audit: type=1400 audit(610.870:72): avc: denied { read } for pid=3306 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.640802][ T25] audit: type=1400 audit(610.890:73): avc: denied { open } for pid=3306 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.682750][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 660.958172][ T25] audit: type=1400 audit(660.180:74): avc: denied { execmem } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 665.069703][ T25] audit: type=1400 audit(664.320:75): avc: denied { read } for pid=3312 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 665.109061][ T25] audit: type=1400 audit(664.350:76): avc: denied { open } for pid=3312 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 665.180715][ T25] audit: type=1400 audit(664.440:77): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 665.442851][ T25] audit: type=1400 audit(664.680:78): avc: denied { module_request } for pid=3312 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 665.453212][ T25] audit: type=1400 audit(664.690:79): avc: denied { module_request } for pid=3313 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 666.562644][ T25] audit: type=1400 audit(665.810:80): avc: denied { sys_module } for pid=3312 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 690.551781][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 691.123676][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 691.258935][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 691.668568][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 707.518212][ T3312] hsr_slave_0: entered promiscuous mode [ 707.547297][ T3312] hsr_slave_1: entered promiscuous mode [ 708.396682][ T3313] hsr_slave_0: entered promiscuous mode [ 708.427946][ T3313] hsr_slave_1: entered promiscuous mode [ 708.460391][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 708.470301][ T3313] Cannot create hsr debugfs directory [ 713.858892][ T25] audit: type=1400 audit(713.110:81): avc: denied { create } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.907574][ T25] audit: type=1400 audit(713.170:82): avc: denied { write } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.986991][ T25] audit: type=1400 audit(713.180:83): avc: denied { read } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 714.071660][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 714.373747][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 714.686742][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 715.133738][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 716.478224][ T3313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 716.739408][ T3313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 716.913274][ T3313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 717.108220][ T3313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 729.190292][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 731.829179][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 786.432424][ T3312] veth0_vlan: entered promiscuous mode [ 786.859616][ T3312] veth1_vlan: entered promiscuous mode [ 788.620777][ T3312] veth0_macvtap: entered promiscuous mode [ 788.943927][ T3312] veth1_macvtap: entered promiscuous mode [ 789.448792][ T3313] veth0_vlan: entered promiscuous mode [ 790.113565][ T3313] veth1_vlan: entered promiscuous mode [ 791.451726][ T21] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.459887][ T21] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.507566][ T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.520649][ T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.751057][ T3313] veth0_macvtap: entered promiscuous mode [ 793.379213][ T3313] veth1_macvtap: entered promiscuous mode [ 793.923040][ T25] audit: type=1400 audit(793.160:84): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 794.126317][ T25] audit: type=1400 audit(793.310:85): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.SpNEq5/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 794.362850][ T25] audit: type=1400 audit(793.620:86): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 794.756926][ T25] audit: type=1400 audit(794.000:87): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.SpNEq5/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 794.970724][ T25] audit: type=1400 audit(794.150:88): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.SpNEq5/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 795.527351][ T25] audit: type=1400 audit(794.780:89): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 795.658453][ T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.665802][ T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.682472][ T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.702610][ T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.796767][ T25] audit: type=1400 audit(794.990:90): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 795.859353][ T25] audit: type=1400 audit(795.110:91): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="gadgetfs" ino=3768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 796.326693][ T25] audit: type=1400 audit(795.570:92): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 796.482642][ T25] audit: type=1400 audit(795.740:93): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 798.100708][ T3312] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 806.896558][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 806.903300][ T25] audit: type=1400 audit(806.150:98): avc: denied { read } for pid=3464 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 806.962714][ T25] audit: type=1400 audit(806.220:99): avc: denied { open } for pid=3464 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 809.432413][ T25] audit: type=1400 audit(808.690:100): avc: denied { ioctl } for pid=3466 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.497941][ T25] audit: type=1400 audit(811.740:101): avc: denied { execute } for pid=3466 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3826 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 830.837686][ T25] audit: type=1400 audit(830.090:102): avc: denied { setattr } for pid=3486 comm="syz.0.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 848.041686][ T25] audit: type=1400 audit(847.300:103): avc: denied { append } for pid=3505 comm="syz.1.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 852.216440][ C0] Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000005a000000 -- HVC (AArch64) [ 852.219569][ C0] CPU: 0 UID: 0 PID: 3509 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 852.220163][ C0] Hardware name: linux,dummy-virt (DT) [ 852.220642][ C0] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 852.221040][ C0] pc : pkvm_init_host_vm+0xb8/0x160 [ 852.222604][ C0] lr : pkvm_init_host_vm+0xa0/0x160 [ 852.222803][ C0] sp : ffff8000a3c97c60 [ 852.222962][ C0] x29: ffff8000a3c97c60 x28: 57f000001e3e8518 x27: ffff800087354000 [ 852.223547][ C0] x26: a1f000001e1592f0 x25: 0000000000000035 x24: 00000000000014f8 [ 852.223867][ C0] x23: 0000000000000035 x22: 35ff80008c97a260 x21: 35ff80008c979ff0 [ 852.224173][ C0] x20: 0000000000000000 x19: efff800000000000 x18: ffffc1ffc0621e38 [ 852.224471][ C0] x17: 00000000000000fe x16: 00000000000000ff x15: 00000000000000fe [ 852.224762][ C0] x14: ffffffffffffffff x13: 0000000000000081 x12: ffff7c1ffbf7c32a [ 852.225091][ C0] x11: 0000000000080000 x10: 0000000000ff0100 x9 : 0000000000000002 [ 852.225516][ C0] x8 : 57f000001e3e8000 x7 : ffff800080aba4c0 x6 : 0000000000000000 [ 852.225824][ C0] x5 : 0000000000000001 x4 : ffff8000a3c97ac0 x3 : 0000000000000004 [ 852.226123][ C0] x2 : 00000000000092ac x1 : 0000000000000000 x0 : 00000000c600001b [ 852.226915][ C0] Kernel panic - not syncing: Unhandled exception [ 852.243657][ C0] CPU: 0 UID: 0 PID: 3509 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 852.245078][ C0] Hardware name: linux,dummy-virt (DT) [ 852.246086][ C0] Call trace: [ 852.246981][ C0] show_stack+0x2c/0x3c (C) [ 852.248216][ C0] __dump_stack+0x30/0x40 [ 852.249069][ C0] dump_stack_lvl+0x30/0x12c [ 852.249935][ C0] dump_stack+0x1c/0x28 [ 852.250700][ C0] vpanic+0x22c/0x59c [ 852.251503][ C0] vpanic+0x0/0x59c [ 852.252306][ C0] el1t_64_irq_handler+0x0/0x1c [ 852.253148][ C0] el1_abort+0x0/0x5c [ 852.253922][ C0] el1h_64_sync+0x6c/0x70 [ 852.254873][ C0] pkvm_init_host_vm+0xb8/0x160 (P) [ 852.255762][ C0] kvm_arch_init_vm+0x150/0x288 [ 852.256618][ C0] kvm_dev_ioctl+0x838/0x105c [ 852.257533][ C0] __arm64_sys_ioctl+0x18c/0x244 [ 852.258451][ C0] invoke_syscall+0x90/0x2b4 [ 852.259289][ C0] el0_svc_common+0x180/0x2f4 [ 852.260163][ C0] do_el0_svc+0x58/0x74 [ 852.261011][ C0] el0_svc+0x58/0x164 [ 852.261825][ C0] el0t_64_sync_handler+0x84/0x12c [ 852.262695][ C0] el0t_64_sync+0x198/0x19c [ 852.264678][ C0] Kernel Offset: disabled [ 852.265396][ C0] CPU features: 0x00000,000068c0,17de33e1,057ffe1f [ 852.266408][ C0] Memory Limit: none [ 852.267384][ C0] [ 852.267921][ C0] ================================ [ 852.268649][ C0] WARNING: inconsistent lock state [ 852.269484][ C0] syzkaller #0 Not tainted [ 852.270290][ C0] -------------------------------- [ 852.271044][ C0] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 852.271984][ C0] syz.0.15/3509 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 852.272849][ C0] 3cf000000d3ed6e8 (&k->list_lock){+.+.}-{3:3}, at: bus_for_each_dev+0x60/0x2a4 [ 852.275119][ C0] {INITIAL USE} state was registered at: [ 852.276070][ C0] lock_acquire+0x14c/0x2e0 [ 852.277071][ C0] _raw_spin_lock+0x48/0x60 [ 852.277869][ C0] kobject_add_internal+0x46c/0xee4 [ 852.278774][ C0] kobject_add+0x10c/0x1d0 [ 852.279584][ C0] device_add+0x494/0xd78 [ 852.280424][ C0] device_register+0x28/0x38 [ 852.281167][ C0] faux_bus_init+0x1c/0x88 [ 852.282021][ C0] driver_init+0x30/0x58 [ 852.282858][ C0] do_basic_setup+0x1c/0xa8 [ 852.283737][ C0] kernel_init_freeable+0x244/0x330 [ 852.284661][ C0] kernel_init+0x24/0x1d0 [ 852.285528][ C0] ret_from_fork+0x10/0x20 [ 852.286379][ C0] irq event stamp: 240 [ 852.287046][ C0] hardirqs last enabled at (239): [] _raw_spin_unlock_irqrestore+0x44/0xbc [ 852.288327][ C0] hardirqs last disabled at (240): [] __panic_unhandled+0x24/0x68 [ 852.289579][ C0] softirqs last enabled at (232): [] handle_softirqs+0xb8c/0xd08 [ 852.290899][ C0] softirqs last disabled at (227): [] __do_softirq+0x14/0x20 [ 852.292306][ C0] [ 852.292306][ C0] other info that might help us debug this: [ 852.293332][ C0] Possible unsafe locking scenario: [ 852.293332][ C0] [ 852.294218][ C0] CPU0 [ 852.294750][ C0] ---- [ 852.295328][ C0] lock(&k->list_lock); [ 852.296172][ C0] [ 852.296738][ C0] lock(&k->list_lock); [ 852.297656][ C0] [ 852.297656][ C0] *** DEADLOCK *** [ 852.297656][ C0] [ 852.298694][ C0] no locks held by syz.0.15/3509. [ 852.299529][ C0] [ 852.299529][ C0] stack backtrace: [ 852.300308][ C0] CPU: 0 UID: 0 PID: 3509 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 852.301468][ C0] Hardware name: linux,dummy-virt (DT) [ 852.302215][ C0] Call trace: [ 852.302747][ C0] show_stack+0x2c/0x3c (C) [ 852.303668][ C0] __dump_stack+0x30/0x40 [ 852.304473][ C0] dump_stack_lvl+0x30/0x12c [ 852.305167][ C0] dump_stack+0x1c/0x28 [ 852.305918][ C0] print_usage_bug+0x2f4/0x32c [ 852.306746][ C0] verify_lock_unused+0x78/0x88 [ 852.307718][ C0] lock_acquire+0x22c/0x2e0 [ 852.308607][ C0] _raw_spin_lock+0x48/0x60 [ 852.309464][ C0] bus_for_each_dev+0x60/0x2a4 [ 852.310430][ C0] coresight_panic_cb+0x2c/0x3c [ 852.311290][ C0] notifier_call_chain+0x1e8/0x65c [ 852.312228][ C0] atomic_notifier_call_chain+0xd0/0x180 [ 852.313226][ C0] vpanic+0x2c4/0x59c [ 852.314066][ C0] vpanic+0x0/0x59c [ 852.314823][ C0] el1t_64_irq_handler+0x0/0x1c [ 852.315691][ C0] el1_abort+0x0/0x5c [ 852.316477][ C0] el1h_64_sync+0x6c/0x70 [ 852.317300][ C0] pkvm_init_host_vm+0xb8/0x160 (P) [ 852.318221][ C0] kvm_arch_init_vm+0x150/0x288 [ 852.319086][ C0] kvm_dev_ioctl+0x838/0x105c [ 852.319962][ C0] __arm64_sys_ioctl+0x18c/0x244 [ 852.320922][ C0] invoke_syscall+0x90/0x2b4 [ 852.321774][ C0] el0_svc_common+0x180/0x2f4 [ 852.322663][ C0] do_el0_svc+0x58/0x74 [ 852.323527][ C0] el0_svc+0x58/0x164 [ 852.324308][ C0] el0t_64_sync_handler+0x84/0x12c [ 852.325172][ C0] el0t_64_sync+0x198/0x19c [ 852.327310][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:55:56 Registers: info registers vcpu 0 CPU#0 PC=ffff80008212779c X00=0000000000000003 X01=0000000000000002 X02=0000000000000060 X03=ffff800082127590 X04=0000000000000001 X05=0000000000000000 X06=ffff800081f0e734 X07=ffff800087cd0c24 X08=5bff80008c43b000 X09=000000000000003a X10=000000000000003a X11=00000000000000fe X12=00000000000000a0 X13=0000000000000007 X14=0000000000110001 X15=0000000000000000 X16=00000000000000fe X17=00000000000000fe X18=ffffc1ffc0621e38 X19=efff800000000000 X20=a0f000000dcb0880 X21=5bff80008c43b018 X22=0000000000000002 X23=a0f000000dcb097c X24=00000000000000a0 X25=0000000000000000 X26=5bff80008c43b000 X27=00000000000000a0 X28=00000000000000a0 X29=ffff8000a3c973f0 X30=ffff800082127790 SP=ffff8000a3c973e0 PSTATE=004023c9 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffdeb45e00:4cb8fdf32e29d700 Z02=0000ffffdeb45de0:ffffff80ffffffd8 Z03=0000ffffdeb45e90:0000ffffdeb45e90 Z04=0000ffffdeb45e90:0000ffffa4337208 Z05=0000ffffdeb45e60:0000ffffdeb45e90 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffdeb460b0:0000ffffdeb460b0 Z17=ffffff80ffffffd0:0000ffffdeb46080 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000