last executing test programs: 52.449493408s ago: executing program 0 (id=1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xa0401, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000180)={0x8, 0x8000000080000000}) (async) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000180)={0x8, 0x8000000080000000}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000200)={0x1fd, 0x3, 0x1, 0x1000, &(0x7f0000ff4000/0x1000)=nil, 0x1, r3}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36) (async) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x36) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x2}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = eventfd2(0x4, 0x80000) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r7, 0x0, 0x60) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f00000000c0)={r6, 0x3}) write$eventfd(r6, &(0x7f0000000140)=0x3, 0x8) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, 0x0) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r13, 0xc008aeb0, 0xffffffffffffffff) syz_kvm_vgic_v3_setup(r4, 0x0, 0x200) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r14 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f00007e0000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db}) (async) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0xa}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0xa}) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) (async) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) 49.718183051s ago: executing program 1 (id=2): openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0xa, 0xffffffffffffffff, 0x1}) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2c) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff}) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e290, &(0x7f0000000080)=0x400000000000005}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 22.481014955s ago: executing program 1 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f0000e0b000/0x1000)=nil, r7, 0xd, 0x11, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r8, 0xffffffffffffffff) syz_kvm_assert_reg(r6, 0x603000000013c4f1, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013c4f2, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce0, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce1, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce2, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce3, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce4, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce8, 0x0) syz_kvm_assert_reg(r6, 0x603000000013dce8, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013dce9, 0x8000) r9 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) 21.428322744s ago: executing program 0 (id=4): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, &(0x7f00000002c0)=[@msr={0x14, 0x20, {0x603000000013c522, 0x7ff}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x0, 0x3, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x2db}}, @mrs={0xbe, 0x18, {0x603000000013c085}}, @hvc={0x32, 0x40, {0x8600ff01, [0x8, 0x8, 0x1, 0x3, 0x8ee1]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x372}}, @smc={0x1e, 0x40, {0x40000000, [0x7, 0x8, 0x9, 0xffffffffffffffff, 0x6d5559d9]}}, @smc={0x1e, 0x40, {0x2000, [0x0, 0x7ff, 0x40, 0x1000, 0x10]}}, @uexit={0x0, 0x18, 0x2}, @hvc={0x32, 0x40, {0x8, [0xfffffffffffffffd, 0x4, 0x2, 0x5, 0x86e]}}, @memwrite={0x6e, 0x30, @generic={0x8000000, 0xee0, 0x0, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x5, 0xc}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3f6}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0xa56514a4ca9d0650, 0x0, 0x4, 0x2, 0xd0e2, 0xffffff00, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013da11}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0x10, 0x6, 0x401, 0x1}}, @smc={0x1e, 0x40, {0x4003fe7, [0x2, 0x3, 0x4, 0xffffffffffffffff, 0xea]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0xfa, 0x9, 0x5, 0x3}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1d6}}, @uexit={0x0, 0x18, 0x6}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x3, 0x8000, 0x8000, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x8, 0x6, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x8, 0x7, 0x5, 0x2}}, @uexit={0x0, 0x18, 0x7}, @svc={0x122, 0x40, {0x40000043, [0x4, 0xa, 0x4, 0x8000000000000001, 0x8000000000000001]}}, @its_send_cmd={0xaa, 0x28, {0x6, 0x0, 0x0, 0x6, 0x9, 0x9, 0x1}}, @msr={0x14, 0x20, {0x603000000013c2ab, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013c078}}, @smc={0x1e, 0x40, {0x3f000000, [0xfffffffffffffffd, 0x81, 0x633f, 0x4b, 0x9]}}], 0x508}, &(0x7f0000000140)=[@featur2={0x1, 0x10}], 0x1) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = eventfd2(0x4, 0x1001) r4 = eventfd2(0x1, 0x800) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000000c0)={r3, 0x5, 0x1, r4}) r5 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0xc400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000080)=@arm64={0x5, 0xa, 0x5e}) 14.143097298s ago: executing program 0 (id=5): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = eventfd2(0x0, 0x80000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000000)={r3, 0x3}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000380)=0x800012}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000180)={0x1, 0x104000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x3000, 0x34000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000140)={0xd000, 0x99000, 0x1}) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000040)=0x1}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) 11.166140326s ago: executing program 1 (id=6): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9e) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x120}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000fc6000/0x1000)=nil, r6, 0x2000009, 0x4000010, r5, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r5, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xfffffffffffffffd) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) (async) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) r13 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r12, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x401c5820, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x6}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 7.499095985s ago: executing program 0 (id=7): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x1fe, 0xa}}) r5 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) r6 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 946.681903ms ago: executing program 1 (id=8): openat$kvm(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0) r7 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x14f7, 0x6, &(0x7f0000000100)=0x5}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x9}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0x80811501, 0x4000001fffffff) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r13, 0xae03, 0x66) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r14 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x2}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 0s ago: executing program 0 (id=9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x8003}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r5, 0xc, 0x40010, 0xffffffffffffffff, 0x20000000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r5, 0xc, 0x40010, 0xffffffffffffffff, 0x20000000) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 374.388372][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 422.410414][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:42546' (ED25519) to the list of known hosts. [ 579.223263][ T25] audit: type=1400 audit(578.420:61): avc: denied { name_bind } for pid=3306 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 581.955729][ T25] audit: type=1400 audit(581.160:62): avc: denied { execute } for pid=3307 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 582.024028][ T25] audit: type=1400 audit(581.200:63): avc: denied { execute_no_trans } for pid=3307 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 604.418279][ T25] audit: type=1400 audit(603.650:64): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 604.451531][ T25] audit: type=1400 audit(603.680:65): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 604.536857][ T3307] cgroup: Unknown subsys name 'net' [ 604.588474][ T25] audit: type=1400 audit(603.820:66): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 604.968179][ T3307] cgroup: Unknown subsys name 'cpuset' [ 605.069233][ T3307] cgroup: Unknown subsys name 'rlimit' [ 605.960088][ T25] audit: type=1400 audit(605.190:67): avc: denied { setattr } for pid=3307 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 605.987051][ T25] audit: type=1400 audit(605.210:68): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 606.005385][ T25] audit: type=1400 audit(605.230:69): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 607.211175][ T3310] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 607.231594][ T25] audit: type=1400 audit(606.460:70): avc: denied { relabelto } for pid=3310 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.258868][ T25] audit: type=1400 audit(606.470:71): avc: denied { write } for pid=3310 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 607.426597][ T25] audit: type=1400 audit(606.650:72): avc: denied { read } for pid=3307 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.441489][ T25] audit: type=1400 audit(606.670:73): avc: denied { open } for pid=3307 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.490443][ T3307] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 657.529967][ T25] audit: type=1400 audit(656.740:74): avc: denied { execmem } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 662.107117][ T25] audit: type=1400 audit(661.340:75): avc: denied { read } for pid=3313 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 662.126306][ T25] audit: type=1400 audit(661.350:76): avc: denied { open } for pid=3313 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 662.209906][ T25] audit: type=1400 audit(661.440:77): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 662.490766][ T25] audit: type=1400 audit(661.720:78): avc: denied { module_request } for pid=3313 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 662.526164][ T25] audit: type=1400 audit(661.750:79): avc: denied { module_request } for pid=3314 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 663.584323][ T25] audit: type=1400 audit(662.810:80): avc: denied { sys_module } for pid=3313 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 686.841042][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.045519][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.396344][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.820841][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.178682][ T3313] hsr_slave_0: entered promiscuous mode [ 702.232570][ T3313] hsr_slave_1: entered promiscuous mode [ 703.639629][ T3314] hsr_slave_0: entered promiscuous mode [ 703.696784][ T3314] hsr_slave_1: entered promiscuous mode [ 703.737484][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 703.763247][ T3314] Cannot create hsr debugfs directory [ 710.638154][ T25] audit: type=1400 audit(709.870:81): avc: denied { create } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 710.668056][ T25] audit: type=1400 audit(709.900:82): avc: denied { write } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 710.714024][ T25] audit: type=1400 audit(709.940:83): avc: denied { read } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 710.839852][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 711.176516][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 711.408276][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 711.610551][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 713.201104][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 713.503339][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 713.688895][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 713.840642][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 725.879303][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 728.278354][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.975616][ T3313] veth0_vlan: entered promiscuous mode [ 786.607642][ T3313] veth1_vlan: entered promiscuous mode [ 788.989387][ T3313] veth0_macvtap: entered promiscuous mode [ 789.560741][ T3313] veth1_macvtap: entered promiscuous mode [ 790.075773][ T3314] veth0_vlan: entered promiscuous mode [ 790.817669][ T3314] veth1_vlan: entered promiscuous mode [ 791.835011][ T3407] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.839973][ T3407] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.874516][ T3407] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 791.950097][ T3407] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.818102][ T3314] veth0_macvtap: entered promiscuous mode [ 794.535047][ T3314] veth1_macvtap: entered promiscuous mode [ 794.555028][ T25] audit: type=1400 audit(793.780:84): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 794.730696][ T25] audit: type=1400 audit(793.960:85): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.uB6xCU/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 794.879900][ T25] audit: type=1400 audit(794.070:86): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 795.128161][ T25] audit: type=1400 audit(794.360:87): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.uB6xCU/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 795.250507][ T25] audit: type=1400 audit(794.460:88): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.uB6xCU/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 795.926918][ T25] audit: type=1400 audit(795.160:89): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 796.229053][ T25] audit: type=1400 audit(795.460:90): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 796.351517][ T25] audit: type=1400 audit(795.560:91): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="gadgetfs" ino=3764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 796.450994][ T3395] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.506878][ T3395] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.513950][ T3395] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.518283][ T3395] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.635985][ T25] audit: type=1400 audit(795.860:92): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 796.751125][ T25] audit: type=1400 audit(795.980:93): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 798.451063][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 799.580662][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 799.593091][ T25] audit: type=1400 audit(798.810:97): avc: denied { ioctl } for pid=3313 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 808.164901][ T25] audit: type=1400 audit(807.390:98): avc: denied { append } for pid=3472 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 808.227288][ T25] audit: type=1400 audit(807.460:99): avc: denied { open } for pid=3472 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 808.345395][ T25] audit: type=1400 audit(807.560:100): avc: denied { ioctl } for pid=3472 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 808.657796][ T25] audit: type=1400 audit(807.890:101): avc: denied { read write } for pid=3472 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 841.652984][ T25] audit: type=1400 audit(840.880:102): avc: denied { execute } for pid=3488 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4044 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 858.039841][ T3497] kvm [3497]: Failed to find VMA for hva 0x20d8d000 [ 858.176237][ T3500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e3d3 [ 858.195436][ T3500] flags: 0x1fff80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xe0) [ 858.223770][ T3500] raw: 01fff80000000000 ffffc1ffc0791748 ffffc1ffc07920c8 0000000000000000 [ 858.246395][ T3500] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 858.285379][ T3500] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 858.313756][ T3500] ------------[ cut here ]------------ [ 858.314013][ T3500] kernel BUG at ./include/linux/mm.h:1036! [ 858.317595][ T3500] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 858.322750][ T3500] Modules linked in: [ 858.324866][ T3500] CPU: 0 UID: 0 PID: 3500 Comm: syz.0.9 Not tainted syzkaller #0 PREEMPT [ 858.326621][ T3500] Hardware name: linux,dummy-virt (DT) [ 858.327967][ T3500] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 858.329377][ T3500] pc : kvm_s2_put_page+0x374/0x3a0 [ 858.331718][ T3500] lr : kvm_s2_put_page+0x374/0x3a0 [ 858.332560][ T3500] sp : ffff8000a3cc7570 [ 858.333323][ T3500] x29: ffff8000a3cc7570 x28: ccf000001e483000 x27: ccf000001e483000 [ 858.335045][ T3500] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000 [ 858.336561][ T3500] x23: ffffc1ffc078f4c8 x22: 0000000000000000 x21: ffffc1ffc078f4f4 [ 858.338060][ T3500] x20: 0000000000000000 x19: ffffc1ffc078f4c0 x18: 00000000ea0bed7b [ 858.339508][ T3500] x17: 000000000475b726 x16: 00000000e9744b5c x15: 00000000954a7953 [ 858.340896][ T3500] x14: ffffffffffffffff x13: fff0000018c13b08 x12: 0000000000000001 [ 858.342350][ T3500] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 7da8ffb12d0feb00 [ 858.343940][ T3500] x8 : 7da8ffb12d0feb00 x7 : ffff80008039fbc8 x6 : 0000000000000000 [ 858.345415][ T3500] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800080390dd0 [ 858.347018][ T3500] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 858.348688][ T3500] Call trace: [ 858.349627][ T3500] kvm_s2_put_page+0x374/0x3a0 (P) [ 858.350957][ T3500] stage2_free_walker+0x1b0/0x264 [ 858.352036][ T3500] __kvm_pgtable_walk+0x7d8/0xa68 [ 858.353060][ T3500] kvm_pgtable_walk+0x294/0x468 [ 858.354017][ T3500] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 858.355151][ T3500] kvm_free_stage2_pgd+0x198/0x28c [ 858.356214][ T3500] kvm_uninit_stage2_mmu+0x20/0x38 [ 858.357226][ T3500] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 858.358351][ T3500] kvm_mmu_notifier_release+0x48/0xa8 [ 858.359413][ T3500] mmu_notifier_unregister+0x128/0x42c [ 858.360493][ T3500] kvm_put_kvm+0x6a0/0xfa8 [ 858.361242][ T3500] kvm_vcpu_release+0x70/0x9c [ 858.362212][ T3500] __fput+0x4ac/0x980 [ 858.363033][ T3500] ____fput+0x20/0x58 [ 858.363822][ T3500] task_work_run+0x1bc/0x254 [ 858.364702][ T3500] get_signal+0x13ec/0x1554 [ 858.365635][ T3500] do_signal+0x23c/0x4dd0 [ 858.366589][ T3500] do_notify_resume+0xb0/0x270 [ 858.367543][ T3500] el0_svc+0xb8/0x164 [ 858.368400][ T3500] el0t_64_sync_handler+0x84/0x12c [ 858.369409][ T3500] el0t_64_sync+0x198/0x19c [ 858.370969][ T3500] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) [ 858.372877][ T3500] ---[ end trace 0000000000000000 ]--- [ 858.374534][ T3500] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 858.376581][ T3500] Kernel Offset: disabled [ 858.377347][ T3500] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 858.378541][ T3500] Memory Limit: none [ 858.380255][ T3500] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:12:56 Registers: info registers vcpu 0 CPU#0 PC=ffff800080493464 X00=0000000000000000 X01=0000000000000080 X02=0000000000000001 X03=ffff8000804933b4 X04=ffff8000871b9b8c X05=ffff8000a3cc6fb8 X06=ffff800080363394 X07=ffff800080015834 X08=00000000000003c0 X09=0000000000000000 X10=0000000000ff0100 X11=ffff8000877958c8 X12=00000000000000fe X13=000000c7d805ca49 X14=0000000000000000 X15=ffff800087fe5a20 X16=0000000000000000 X17=000000000475b726 X18=00000000ea0bed7b X19=efff800000000000 X20=ffff8000a3cc7020 X21=00000000000000ff X22=00000000000003c0 X23=00000000ffffe3c2 X24=40000000ffffe3c2 X25=00000000000003c0 X26=0000000000000000 X27=0000000000000000 X28=0000000000000013 X29=ffff8000a3cc6ef0 X30=ffff800080493440 SP=ffff8000a3cc6ee0 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:6d766b2f7665642f Z01=ffffffffffffffff:0000000000000000 Z02=0000000000000000:ffffffff00000000 Z03=ff00ff0000000000:ffffffffffffff00 Z04=0000000000000000:f0f00000fffffff0 Z05=0000000000000000:0000cccc000cf000 Z06=0000000000000073:0000aaab137723c0 Z07=0000000000000074:0000aaab1376f600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffff7804b50:0000fffff7804b50 Z17=ffffff80ffffffd0:0000fffff7804b20 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000