last executing test programs: 1m1.041304447s ago: executing program 1 (id=1439): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000040)=0x7}) r4 = eventfd2(0x1, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4}) r5 = eventfd2(0x0, 0x0) close(r5) write$eventfd(r5, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x1, r8, 0x1}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r4, 0x7, 0x0, r8}) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="3200000000000000400000000000000051000084000000001de7e1280000000008000000000000004700000000000000000000000000000022000000000000006e00000000000000300000000000000000400000000000009b02000052f4"], 0xf0}], 0x1, 0x0, 0x0, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000000000001800000000000000201003d5c0035fd63253dcb25d66cd946f97ba0aa496527d5af35a6c8b470ebda0424c51acefd14c9ba977f991e6fbf70ab6a409d69bfb419b429d3462df73e199e44843364cddd1e758c323f3ad13ba69ddf70d5efb238d1ea8953ecb882f105ab287216dd989f0043cdc05d620e6a31f53a1c8a3970ec79811a0753e4d933fbe58a0f98e9e9c5322b313ca0f19d17ccb03cea74f1899517dd1ba83885828c46b5678ea71ae4f28d23e326c4350775b05b146cce120be012fccdf76d445711e8ebb80a40a3ffc76adfd8c3c3a733552be19802fff59dbacd3c4f6eb09f92956aa363557617e75c9044d9a9652eb54393f1c5324deeabc4ef8ff16f69dd1fa2dc25f79b9e3ce07ae5c39f1acadb9f8cfb89e9c357f250c56d0f5ae1e42a5495e0eb14f64506e70fb10315eb1017ee634febd5f18e19d3600eb31ced369da2abbf1b7e7f0faf9978d17b6ded3ab9a13d258fec7688114149688e7c47869ddde9c641085c3df"], 0x18}, 0x0, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r15, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) 47.321104817s ago: executing program 1 (id=1442): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4020940d, &(0x7f00000000c0)={0x4, 0x0, 0x1, 0xffffffffffffffff, 0x5}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 37.664359063s ago: executing program 1 (id=1444): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x46) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x300000a, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa422000000086ab80be6f9610fbff77521ce10d8f6b69d22627e7840000000000000000000200", 0x0, 0x48) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) munmap(&(0x7f000038d000/0x2000)=nil, 0x2000) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000180)={0xdf, 0x0, 0x1000000}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x40) r7 = eventfd2(0x1, 0x800) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000040)={0x800000000003, 0xeeee0000, 0x2, r10, 0x8}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000900)={0xfffffffffffffffc, 0x0, 0x1, r10, 0x1}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x4, r10, 0x5}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000180)={r7, 0x3, 0x0, r7}) 31.673539676s ago: executing program 0 (id=1445): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) (async) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20600, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x401c5820, &(0x7f0000000000)=@attr_arm64={0x0, 0x5, 0x2, 0x0}) 25.090476405s ago: executing program 0 (id=1446): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) (async) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x121e82, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x6) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000100)={0x5}) (async) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000080)=@arm64_fp={0x60400000001010b6, 0x0}) (async) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000180)=0x4) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) syz_kvm_vgic_v3_setup(r1, 0x3, 0x180) (async) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@hvc={0x32, 0x40, {0x8400000b, [0x5, 0x100000001, 0x400, 0x100000000, 0x2]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x3, 0xd, 0x3ff, 0x2, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x3c}}, @eret={0xe6, 0x18, 0x800000000000}, @mrs={0xbe, 0x18, {0x603000000013dea4}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x85}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0xffffffffffffff01, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x1, 0x7, 0xd87, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x3}}, @svc={0x122, 0x40, {0x84000009, [0x4, 0x100000001, 0x6, 0x3, 0x4]}}, @irq_setup={0x46, 0x18, {0x4, 0x245}}, @svc={0x122, 0x40, {0x84000013, [0x1, 0x5ae1e006, 0x401, 0x7, 0x2]}}, @irq_setup={0x46, 0x18, {0x1, 0x301}}], 0x220}, &(0x7f00000000c0)=[@featur2], 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x200000a, 0x11, r6, 0x0) 17.307699968s ago: executing program 0 (id=1447): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x101041, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000240)={0x10000, 0x7, 0xffff1000, 0x1000, &(0x7f0000e91000/0x1000)=nil, 0x400}) 16.311999177s ago: executing program 1 (id=1448): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) eventfd2(0x7, 0x80001) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x30000000, [0xd07a, 0x7f8, 0x8001, 0x4, 0x10000]}}, @eret={0xe6, 0x18, 0x100}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0xb, 0x1}}, @svc={0x122, 0x40, {0xc4000014, [0x9, 0x2, 0x5, 0x6, 0x8]}}], 0xc8}, &(0x7f00000000c0)=[@featur2={0x1, 0x68}], 0x1) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000080800000000f0ff000000000000090000000000000004000000000000001e000000000000004000000000000000070000c400000000450900000000000000000000000000004d0b000000000000fcffffffffffffff00000000010000000a000000000000009c00000000000000008008d5a0db94d20040b0f2810080d2820080d2230180d2040080d2020000d4e02491d20040b8f2a10080d2020080d2c30080d2a40080d2020000d400c0204e00005fd60000403c0040671e80c49dd200a0b0f2a10180d2e20180d2c30080d2440180d2020000d4007008d5e0e59fd200e0b8f2610180d2020180d2e30080d2040080d2020000d4c0035fd614000000000000002000000000000000d62834b8146cfa7b0600000000398a7436c2267c14d9172ad40a3d66000000e60000000000000018"], 0x144}], 0x1, 0x0, &(0x7f0000000180)=[@featur2={0x1, 0x50}], 0x1) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x6030000000140000, &(0x7f00000001c0)=0x10002}) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x20010, r4, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x444401, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) eventfd2(0x7, 0x80001) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x30000000, [0xd07a, 0x7f8, 0x8001, 0x4, 0x10000]}}, @eret={0xe6, 0x18, 0x100}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0xb, 0x1}}, @svc={0x122, 0x40, {0xc4000014, [0x9, 0x2, 0x5, 0x6, 0x8]}}], 0xc8}, &(0x7f00000000c0)=[@featur2={0x1, 0x68}], 0x1) (async) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="6e0000000000000030000000000000000000080800000000f0ff000000000000090000000000000004000000000000001e000000000000004000000000000000070000c400000000450900000000000000000000000000004d0b000000000000fcffffffffffffff00000000010000000a000000000000009c00000000000000008008d5a0db94d20040b0f2810080d2820080d2230180d2040080d2020000d4e02491d20040b8f2a10080d2020080d2c30080d2a40080d2020000d400c0204e00005fd60000403c0040671e80c49dd200a0b0f2a10180d2e20180d2c30080d2440180d2020000d4007008d5e0e59fd200e0b8f2610180d2020180d2e30080d2040080d2020000d4c0035fd614000000000000002000000000000000d62834b8146cfa7b0600000000398a7436c2267c14d9172ad40a3d66000000e60000000000000018"], 0x144}], 0x1, 0x0, &(0x7f0000000180)=[@featur2={0x1, 0x50}], 0x1) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c}) (async) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x6030000000140000, &(0x7f00000001c0)=0x10002}) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x20010, r4, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x444401, 0x0) (async) 11.79123376s ago: executing program 0 (id=1449): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb52456012ab8ba1286bf6cd81002000d300447c7a837fc869cba6cd30f0050003000000d0020000ffffff000000f86636544e44c404000000006abf47d900", 0x0, 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x0, 0x6, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="ce963c685d1d6084ecb4ceb0694a3b2ba3de52492198c054107d10563000041c3fcb06d3e679ef3a915d5fc19b89e630d0ac12e8044cf0f55e00bcf3306d16f8706bdf7df9b37fd8", 0x0, 0x48) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r3, &(0x7f00000001c0), 0xff3c) 8.138353831s ago: executing program 1 (id=1450): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="be008413e81eb26c44b6f3000000000000180000000000000022c5130000003060"], 0x18}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.341316831s ago: executing program 0 (id=1451): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x5c0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x2010040, 0x1000c53}) 342.393116ms ago: executing program 0 (id=1452): r0 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x200) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f0000000000)=0x7fffffff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x10004, 0x4, 0x6000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0xd, 0xa63b, &(0x7f0000000100)=0x4}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x2, 0x6, 0x2, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x0) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x4, 0x7ff, &(0x7f00000001c0)=0x8}) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f0000000240)=0x1}) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r5 = eventfd2(0x2, 0x80801) write$eventfd(r5, &(0x7f00000002c0)=0x800, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x400001, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$eventfd(r5, &(0x7f0000000340)=0x9, 0x8) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000380)={0x5}) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x24000, 0x0) close(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x10200, 0x4, 0x1, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r8 = eventfd2(0x52, 0x1) write$eventfd(r8, &(0x7f0000000440)=0x800000, 0x8) ioctl$KVM_GET_SREGS(r7, 0x8000ae83, &(0x7f0000000480)) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000600)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f00000005c0)=0x1a}) 0s ago: executing program 1 (id=1453): openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) openat$kvm(0x0, &(0x7f00000000c0), 0x100, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x9}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100024, &(0x7f0000000000)=0x9}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x6, 0xc26, 0x2}}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0) (async) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x300, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) (async) ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4040aea0, &(0x7f0000000880)=@arm64={0xae, 0x5, 0x9, '\x00', 0x6}) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0xfffffffffffffffd, &(0x7f0000000200)=0x10000}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) (async) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_RUN(r12, 0xae80, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000004c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x20}}) kernel console output (not intermixed with test programs): [ 377.083146][ T3131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.376649][ T3131] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:9580' (ED25519) to the list of known hosts. [ 584.350566][ T25] audit: type=1400 audit(583.490:61): avc: denied { name_bind } for pid=3281 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 587.206493][ T25] audit: type=1400 audit(586.360:62): avc: denied { execute } for pid=3282 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 587.237346][ T25] audit: type=1400 audit(586.390:63): avc: denied { execute_no_trans } for pid=3282 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 608.475324][ T25] audit: type=1400 audit(607.630:64): avc: denied { mounton } for pid=3282 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 608.510129][ T25] audit: type=1400 audit(607.660:65): avc: denied { mount } for pid=3282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 608.594276][ T3282] cgroup: Unknown subsys name 'net' [ 608.642484][ T25] audit: type=1400 audit(607.800:66): avc: denied { unmount } for pid=3282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 609.021481][ T3282] cgroup: Unknown subsys name 'cpuset' [ 609.122675][ T3282] cgroup: Unknown subsys name 'rlimit' [ 610.072204][ T25] audit: type=1400 audit(609.220:67): avc: denied { setattr } for pid=3282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 610.091489][ T25] audit: type=1400 audit(609.240:68): avc: denied { mounton } for pid=3282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 610.115739][ T25] audit: type=1400 audit(609.270:69): avc: denied { mount } for pid=3282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 611.283238][ T3285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 611.303608][ T25] audit: type=1400 audit(610.450:70): avc: denied { relabelto } for pid=3285 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.324041][ T25] audit: type=1400 audit(610.470:71): avc: denied { write } for pid=3285 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 611.507530][ T25] audit: type=1400 audit(610.660:72): avc: denied { read } for pid=3282 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.535173][ T25] audit: type=1400 audit(610.680:73): avc: denied { open } for pid=3282 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 611.577362][ T3282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 663.174219][ T25] audit: type=1400 audit(662.330:74): avc: denied { execmem } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 666.676269][ T25] audit: type=1400 audit(665.830:75): avc: denied { read } for pid=3293 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 666.713731][ T25] audit: type=1400 audit(665.870:76): avc: denied { open } for pid=3293 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 666.787433][ T25] audit: type=1400 audit(665.940:77): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 667.067563][ T25] audit: type=1400 audit(666.220:78): avc: denied { module_request } for pid=3293 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 667.085826][ T25] audit: type=1400 audit(666.240:79): avc: denied { module_request } for pid=3294 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 668.238009][ T25] audit: type=1400 audit(667.390:80): avc: denied { sys_module } for pid=3294 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 692.020457][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 692.376194][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 692.441827][ T3293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 692.683332][ T3293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.964739][ T3294] hsr_slave_0: entered promiscuous mode [ 710.006974][ T3294] hsr_slave_1: entered promiscuous mode [ 711.044548][ T3293] hsr_slave_0: entered promiscuous mode [ 711.080708][ T3293] hsr_slave_1: entered promiscuous mode [ 711.112675][ T3293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 711.117410][ T3293] Cannot create hsr debugfs directory [ 716.521431][ T25] audit: type=1400 audit(715.670:81): avc: denied { create } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.602709][ T25] audit: type=1400 audit(715.710:82): avc: denied { write } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.662249][ T25] audit: type=1400 audit(715.810:83): avc: denied { read } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.781527][ T3294] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 717.132528][ T3294] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 717.471255][ T3294] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 717.766583][ T3294] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 719.191925][ T3293] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 719.367566][ T3293] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 719.558333][ T3293] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 719.746546][ T3293] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 732.183005][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.562238][ T3293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 790.467229][ T3294] veth0_vlan: entered promiscuous mode [ 790.982631][ T3294] veth1_vlan: entered promiscuous mode [ 792.793026][ T3293] veth0_vlan: entered promiscuous mode [ 793.263972][ T3294] veth0_macvtap: entered promiscuous mode [ 793.516791][ T3294] veth1_macvtap: entered promiscuous mode [ 793.635098][ T3293] veth1_vlan: entered promiscuous mode [ 795.997891][ T3294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.021350][ T3294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.030378][ T3294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.041800][ T3294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.274647][ T3293] veth0_macvtap: entered promiscuous mode [ 796.677665][ T3293] veth1_macvtap: entered promiscuous mode [ 798.630954][ T25] audit: type=1400 audit(797.780:84): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 798.903575][ T25] audit: type=1400 audit(798.030:85): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.KOupUd/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 799.140595][ T25] audit: type=1400 audit(798.280:86): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 799.507070][ T3293] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.533547][ T3293] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.544056][ T3293] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.554222][ T3293] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.615443][ T25] audit: type=1400 audit(798.720:87): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.KOupUd/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 799.728126][ T25] audit: type=1400 audit(798.850:88): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzkaller.KOupUd/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 800.254190][ T25] audit: type=1400 audit(799.410:89): avc: denied { unmount } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 800.473940][ T25] audit: type=1400 audit(799.620:90): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 800.548476][ T25] audit: type=1400 audit(799.700:91): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="gadgetfs" ino=3256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 800.992134][ T25] audit: type=1400 audit(800.140:92): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 801.171879][ T25] audit: type=1400 audit(800.300:93): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 802.320877][ T3294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 806.453623][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 806.454788][ T25] audit: type=1400 audit(805.590:98): avc: denied { read } for pid=3444 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 806.564676][ T25] audit: type=1400 audit(805.650:99): avc: denied { open } for pid=3444 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 806.875308][ T25] audit: type=1400 audit(806.030:100): avc: denied { ioctl } for pid=3444 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 808.641376][ T25] audit: type=1400 audit(807.760:101): avc: denied { append } for pid=3444 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 810.661715][ T25] audit: type=1400 audit(809.700:102): avc: denied { execute } for pid=3444 comm="syz.0.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3465 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 810.874940][ T25] audit: type=1400 audit(810.020:103): avc: denied { write } for pid=3444 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.401926][ T3447] kvm [3447]: Failed to find VMA for hva 0x20c01000 [ 948.790944][ T25] audit: type=1400 audit(947.930:104): avc: denied { ioctl } for pid=3543 comm="syz.0.29" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1047.550470][ T3613] kvm [3613]: Failed to find VMA for hva 0x20d8d000 [ 1114.868223][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 1114.868223][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1114.913121][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1114.913121][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1114.966993][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1114.966993][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.008499][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.008499][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.061524][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.061524][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.083913][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.083913][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.108016][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.108016][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.162740][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.162740][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.196724][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.196724][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1115.235513][ T3655] kvm [3653]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1115.235513][ T3655] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 1186.042059][ T3698] kvm [3698]: Failed to find VMA for hva 0x20d8d000 [ 1466.437718][ T25] audit: type=1400 audit(1465.590:105): avc: denied { setattr } for pid=3886 comm="syz.1.131" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1563.234874][ T3954] kvm [3953]: Unsupported guest access at: eeef0000 [ 1563.234874][ T3954] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1577.502876][ T3962] kvm [3962]: Failed to find VMA for hva 0x20c00000 [ 1582.948486][ T25] audit: type=1400 audit(1582.100:106): avc: denied { map } for pid=3963 comm="syz.0.154" path="pipe:[2398]" dev="pipefs" ino=2398 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1584.786642][ T3968] KVM: debugfs: duplicate directory 3968-5 [ 1596.241287][ T3974] kvm [3974]: Failed to find VMA for hva 0x20d8d000 [ 1655.207418][ T4014] kvm [4014]: Failed to find VMA for hva 0x21016000 [ 1848.231847][ T4153] kvm [4153]: Failed to find VMA for hva 0x21016000 [ 1866.772910][ T4163] KVM: debugfs: duplicate directory 4163-16 [ 2601.353230][ T4648] kvm [4648]: Failed to find VMA for hva 0x20c01000 [ 2633.413213][ T4672] debugfs: File 'vgic-its-state@8080000' in directory '4672-6' already present! [ 2848.400682][ T4798] kvm [4798]: Failed to find VMA for hva 0x20c01000 [ 3028.326112][ T4910] KVM: debugfs: duplicate directory 4910-5 [ 3046.272283][ T4923] debugfs: File 'vgic-its-state@0' in directory '4923-4' already present! [ 3536.955935][ T5277] kvm [5277]: Failed to find VMA for hva 0x20d8d000 [ 3687.580495][ T5379] KVM: debugfs: duplicate directory 5379-4 [ 3877.345524][ T5522] kvm [5522]: Failed to find VMA for hva 0x20c01000 [ 4025.440607][ T25] audit: type=1400 audit(4024.580:107): avc: denied { execute } for pid=5640 comm="syz.0.640" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 4113.613008][ T5697] kvm [5697]: Failed to find VMA for hva 0x21016000 [ 4117.983930][ T25] audit: type=1400 audit(4117.130:108): avc: denied { map } for pid=5699 comm="syz.1.655" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4304.415215][ T5825] kvm [5825]: Failed to find VMA for hva 0x20c01000 [ 4348.434815][ T5854] kvm [5854]: Failed to find VMA for hva 0x208a1000 [ 4411.485302][ T5893] kvm [5893]: Failed to find VMA for hva 0x20c01000 [ 4497.640698][ T5950] kvm [5950]: Failed to find VMA for hva 0x20d8d000 [ 4653.312128][ T6063] kvm [6063]: Failed to find VMA for hva 0x20c01000 [ 4744.647567][ T25] audit: type=1400 audit(4743.780:109): avc: denied { execute } for pid=6126 comm="syz.1.783" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4951.507404][ T6272] kvm [6272]: Failed to find VMA for hva 0x21016000 [ 5449.644223][ T6643] kvm [6643]: Failed to find VMA for hva 0x21016000 [ 6507.504779][ T7344] kvm [7344]: Failed to find VMA for hva 0x208a1000 [ 6566.866503][ T7380] kvm [7380]: Failed to find VMA for hva 0x21016000 [ 6782.673668][ T7533] debugfs: File 'vgic-its-state@0' in directory '7533-4' already present! [ 6840.264662][ T5490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6841.928156][ T5490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6843.555824][ T5490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6845.254735][ T5490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6867.093940][ T5490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6867.352964][ T5490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6867.500645][ T5490] bond0 (unregistering): Released all slaves [ 6869.923863][ T5490] hsr_slave_0: left promiscuous mode [ 6870.004126][ T5490] hsr_slave_1: left promiscuous mode [ 6870.657329][ T5490] veth1_macvtap: left promiscuous mode [ 6870.662981][ T5490] veth0_macvtap: left promiscuous mode [ 6870.686471][ T5490] veth1_vlan: left promiscuous mode [ 6870.713820][ T5490] veth0_vlan: left promiscuous mode [ 6946.631820][ T7568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6946.938086][ T7568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6981.845886][ T7568] hsr_slave_0: entered promiscuous mode [ 6981.946774][ T7568] hsr_slave_1: entered promiscuous mode [ 6991.097471][ T7679] kvm [7679]: Failed to find VMA for hva 0x201e3000 [ 6991.218272][ T7679] kvm [7679]: Failed to find VMA for hva 0x201e3000 [ 7003.951169][ T7568] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7004.302970][ T7568] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7004.626898][ T7568] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7004.971503][ T7568] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7031.614984][ T7568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7104.262272][ T7776] kvm [7776]: Failed to find VMA for hva 0x21016000 [ 7127.674575][ T7568] veth0_vlan: entered promiscuous mode [ 7128.483270][ T7568] veth1_vlan: entered promiscuous mode [ 7131.425062][ T7568] veth0_macvtap: entered promiscuous mode [ 7131.874534][ T7568] veth1_macvtap: entered promiscuous mode [ 7134.728272][ T7568] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7134.775008][ T7568] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7134.793426][ T7568] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7134.817659][ T7568] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7168.670662][ T5490] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7170.127606][ T5490] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7171.172397][ T5490] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7172.313027][ T5490] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7188.608145][ T5490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7188.831815][ T5490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7189.014576][ T5490] bond0 (unregistering): Released all slaves [ 7190.681693][ T5490] hsr_slave_0: left promiscuous mode [ 7190.747042][ T5490] hsr_slave_1: left promiscuous mode [ 7191.382596][ T5490] veth1_macvtap: left promiscuous mode [ 7191.402471][ T5490] veth0_macvtap: left promiscuous mode [ 7191.422462][ T5490] veth1_vlan: left promiscuous mode [ 7191.452167][ T5490] veth0_vlan: left promiscuous mode [ 7271.777734][ T7819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7272.160456][ T7819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7302.144943][ T7819] hsr_slave_0: entered promiscuous mode [ 7302.221855][ T7819] hsr_slave_1: entered promiscuous mode [ 7302.275489][ T7819] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7302.290739][ T7819] Cannot create hsr debugfs directory [ 7325.067609][ T7819] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7325.521080][ T7819] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7326.054578][ T7819] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7326.497791][ T7819] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7354.812795][ T7819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7412.336122][ T8007] kvm [8007]: Failed to find VMA for hva 0x20c01000 [ 7423.296670][ T8018] kvm [8018]: Failed to find VMA for hva 0x20c01000 [ 7453.753170][ T7819] veth0_vlan: entered promiscuous mode [ 7454.715409][ T7819] veth1_vlan: entered promiscuous mode [ 7458.031844][ T7819] veth0_macvtap: entered promiscuous mode [ 7458.667065][ T7819] veth1_macvtap: entered promiscuous mode [ 7461.732099][ T7819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7461.746228][ T7819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7461.761171][ T7819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7461.767875][ T7819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7957.774213][ T8372] kvm [8372]: Failed to find VMA for hva 0x21016000 [ 8335.606320][ T8664] kvm [8664]: Failed to find VMA for hva 0x20d8d000 [ 8459.406003][ T8749] ------------[ cut here ]------------ [ 8459.406914][ T8749] WARNING: CPU: 0 PID: 8749 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [ 8459.410556][ T8749] Modules linked in: [ 8459.413254][ T8749] CPU: 0 UID: 0 PID: 8749 Comm: syz.1.1453 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 8459.414865][ T8749] Hardware name: linux,dummy-virt (DT) [ 8459.416193][ T8749] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 8459.417469][ T8749] pc : pend_sync_exception+0x198/0x5ac [ 8459.418466][ T8749] lr : pend_sync_exception+0x198/0x5ac [ 8459.419437][ T8749] sp : ffff8000a03478c0 [ 8459.420282][ T8749] x29: ffff8000a03478c0 x28: 000000000000005d x27: 5df000001d3ba028 [ 8459.422125][ T8749] x26: 000000000000005d x25: 0000000000000000 x24: 0000000000000000 [ 8459.423756][ T8749] x23: 0000000000000000 x22: 000000000000005d x21: 5df000001d3bac01 [ 8459.425391][ T8749] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 8459.426998][ T8749] x17: 0000000000000089 x16: ffff800080011d9c x15: 0000000020000880 [ 8459.428584][ T8749] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000e9 [ 8459.430113][ T8749] x11: e9f000001d425064 x10: 0000000000ff0100 x9 : 0000000000000000 [ 8459.431816][ T8749] x8 : e9f000001d423b00 x7 : ffff800080b08704 x6 : ffff8000a0347a88 [ 8459.433439][ T8749] x5 : ffff8000a0347a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 8459.434965][ T8749] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 8459.436809][ T8749] Call trace: [ 8459.437868][ T8749] pend_sync_exception+0x198/0x5ac (P) [ 8459.439154][ T8749] __kvm_inject_sea+0x268/0x96c [ 8459.440239][ T8749] kvm_inject_sea+0x98/0x72c [ 8459.441258][ T8749] __kvm_arm_vcpu_set_events+0x134/0x238 [ 8459.442316][ T8749] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 8459.443294][ T8749] kvm_vcpu_ioctl+0x5c4/0xc2c [ 8459.444324][ T8749] __arm64_sys_ioctl+0x18c/0x244 [ 8459.445268][ T8749] invoke_syscall+0x90/0x2b4 [ 8459.446257][ T8749] el0_svc_common+0x180/0x2f4 [ 8459.447255][ T8749] do_el0_svc+0x58/0x74 [ 8459.448201][ T8749] el0_svc+0x58/0x160 [ 8459.449133][ T8749] el0t_64_sync_handler+0x78/0x108 [ 8459.450070][ T8749] el0t_64_sync+0x198/0x19c [ 8459.451368][ T8749] irq event stamp: 1996 [ 8459.452184][ T8749] hardirqs last enabled at (1995): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 8459.453611][ T8749] hardirqs last disabled at (1996): [] el1_dbg+0x24/0x80 [ 8459.454766][ T8749] softirqs last enabled at (1978): [] local_bh_enable+0x10/0x34 [ 8459.456032][ T8749] softirqs last disabled at (1976): [] local_bh_disable+0x10/0x34 [ 8459.457461][ T8749] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 8472.213686][ T5260] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8473.797671][ T5260] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8475.252371][ T5260] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8476.638178][ T5260] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 00:49:59 Registers: info registers vcpu 0 CPU#0 PC=ffff800080453860 X00=0000000000000001 X01=ffff8000872b1fa2 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff8000a0346f20 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18 X08=00000000000003c0 X09=0000000000000000 X10=00000000000000e9 X11=0000000000000144 X12=0000000000000044 X13=0000000000000002 X14=00000000000000c8 X15=ffff800087f39a30 X16=ffff800080011d9c X17=0000000000000089 X18=0000000000000000 X19=0000000000000000 X20=0000000000000000 X21=ffff80008047db18 X22=ffff8000877e6618 X23=0000000000000000 X24=0000000000000001 X25=0000000000000000 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff8000a03470e0 X30=ffff800080451698 SP=ffff8000a0347090 PSTATE=204023c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffc2626730:4e77d18aac7f1b00 Z02=0000ffffc2626710:ffffff80ffffffd8 Z03=0000ffffc26267c0:0000ffffc26267c0 Z04=0000ffffc26267c0:0000ffff91536d08 Z05=0000ffffc2626790:0000ffffc26267c0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc26269e0:0000ffffc26269e0 Z17=ffffff80ffffffd0:0000ffffc26269b0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000