last executing test programs: 51.499216854s ago: executing program 1 (id=939): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x2000)=nil, r1, 0x9, 0x4000010, r0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1, 0x4f832, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0xe}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000140)={0x8, 0xffff, 0x1}}) r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r4, 0x100000a, 0x12, r8, 0x100000) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000040)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) 41.433277627s ago: executing program 0 (id=940): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x480, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x54e3, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f00000000c0), 0x929482, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x8) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f00000001c0)={0xfffffffffffffffb, [0x8]}) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x541b, 0x0) 41.098871065s ago: executing program 1 (id=941): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x28031, r0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x28031, r0, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f000015e000/0x2000)=nil, 0x0, 0x0, 0x10, r0, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) openat$kvm(0x0, &(0x7f0000000040), 0x1, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000240)={0x8080000}) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000901000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0x2, 0x80803) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x9) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x0, r5}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6, 0x6000, 0x1, r5, 0x1}) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) (async) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) 32.702789649s ago: executing program 1 (id=942): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000100)={0xa, 0x8000, 0xf33d48fdd23b28c7}}) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000140)) 30.786338824s ago: executing program 0 (id=943): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae03, 0xbb) ioctl$KVM_IOEVENTFD(r3, 0xc0189436, &(0x7f0000000080)={0x0, 0x188880001, 0x8, 0xffffffffffffffff, 0xc}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000380)={0x10200, 0x0, 0xdddd1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) 26.508063465s ago: executing program 1 (id=944): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0x4b47, 0xfffffffffffffffe) r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r3 = mmap$KVM_VCPU(&(0x7f0000dee000/0x3000)=nil, r2, 0x300001e, 0x8a031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e51b9ce9a032a1ca7079bce9b3cf3ba9c7fbc2e7ab457eacc044b677d9d49c274b8d12fb382e0520cadbc6763409ffdb41911831b85a42b40c1689a8bf14be81eda4bae2d8c28ef8", 0x0, 0x48) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x40, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5}) syz_kvm_vgic_v3_setup(r7, 0x3, 0x320) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013df11, &(0x7f0000000180)=0x8001}) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000000000000060000000200000000000000000000000500000000000000010000000000000005000000000000000001000001000000060000000100000000000000000000000600000001000080000000000000000000000000000000000000000000000000407352761dcd8a3ee0db75d6db52adc800424f91510cc99d12f43d9b"]) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000000)={0x3, 0x5}) r10 = mmap$KVM_VCPU(&(0x7f0000cc1000/0x1000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r2, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0) 25.071013386s ago: executing program 0 (id=945): r0 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000f500000000000000000200000000000000aa0000000000000028000000000000000f"], 0x50}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x8, 0xfffffffffffffffd, 0xfffffffffffffffe}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r9, 0x0, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r9, 0x3, 0x30, r3, 0x0) 16.560337262s ago: executing program 0 (id=946): munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x62) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x4}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000180)=@arm64_fw={0x6030000000140000, &(0x7f00000001c0)=0x1}) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x100000000000100) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x92e6c9b291098073, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000080)=@arm64_core={0x6030000000100002, &(0x7f0000000000)=0xf51}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, &(0x7f0000000280)=ANY=[], 0x28}, 0x0, 0x0) r11 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x140) openat$kvm(0x0, 0x0, 0x2280c0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000100)=0x8010000101000001}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_ARM_VCPU_FINALIZE(r12, 0x4004aec2, &(0x7f0000000180)=0x4) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async) 14.732119267s ago: executing program 1 (id=947): syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x400, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000000)=ANY=[], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0xdddd0000, 0x108000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0x40049409, 0x20000000) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x1b) ioctl$KVM_SET_DEVICE_ATTR_vm(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x9, 0x2}}) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r10, r11, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0xc5000020, [0x3, 0x6, 0x10001, 0x100000000]}}, @irq_setup={0x46, 0x18, {0x4, 0x30c}}, @eret={0xe6, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x6, 0x7, 0x1000, 0x4}}, @code={0xa, 0x54, {"000028d50000c028008c200e0020200e007008d5000800b800f8302e0000009c40c488d200a0b8f2810080d2820180d2030080d2c40080d2020000d4003c004e"}}, @hvc={0x32, 0x40, {0x20, [0x5, 0x40, 0x3, 0x1, 0x10]}}, @msr={0x14, 0x20, {0x603000000013e6d4, 0x8}}], 0x14c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) 4.872894334s ago: executing program 0 (id=948): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000140)=ANY=[@ANYRES8=r0], 0x40}, 0x0, 0x0) r3 = eventfd2(0x836, 0x1) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x1006, 0x8000000, 0x1, r3}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.256613315s ago: executing program 1 (id=949): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000001100000000000000aa00000000000000280000000000000009"], 0x50}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0xca680, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000200000000000000aa0000000000000028"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 0 (id=950): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async, rerun: 32) close(0x5) (async, rerun: 32) syz_kvm_vgic_v3_setup(r1, 0x0, 0x200) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) close(r2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x6a002, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r6 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0x5460, 0xffffffffffffffdc) close(0x4) kernel console output (not intermixed with test programs): [ 388.465555][ T3130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 436.610158][ T3130] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:11198' (ED25519) to the list of known hosts. [ 594.870271][ T25] audit: type=1400 audit(594.020:61): avc: denied { name_bind } for pid=3288 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 596.785496][ T25] audit: type=1400 audit(595.940:62): avc: denied { execute } for pid=3289 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 596.822887][ T25] audit: type=1400 audit(595.970:63): avc: denied { execute_no_trans } for pid=3289 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 617.265941][ T25] audit: type=1400 audit(616.420:64): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 617.290461][ T25] audit: type=1400 audit(616.440:65): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 617.379176][ T3289] cgroup: Unknown subsys name 'net' [ 617.430150][ T25] audit: type=1400 audit(616.580:66): avc: denied { unmount } for pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 617.816154][ T3289] cgroup: Unknown subsys name 'cpuset' [ 617.917721][ T3289] cgroup: Unknown subsys name 'rlimit' [ 619.196256][ T25] audit: type=1400 audit(618.350:67): avc: denied { setattr } for pid=3289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 619.220133][ T25] audit: type=1400 audit(618.360:68): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 619.244876][ T25] audit: type=1400 audit(618.390:69): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 620.436106][ T3292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 620.458365][ T25] audit: type=1400 audit(619.600:70): avc: denied { relabelto } for pid=3292 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 620.485587][ T25] audit: type=1400 audit(619.630:71): avc: denied { write } for pid=3292 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 620.663864][ T25] audit: type=1400 audit(619.810:72): avc: denied { read } for pid=3289 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 620.687810][ T25] audit: type=1400 audit(619.830:73): avc: denied { open } for pid=3289 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 620.729324][ T3289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 668.027189][ T25] audit: type=1400 audit(667.180:74): avc: denied { execmem } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 671.629953][ T25] audit: type=1400 audit(670.780:75): avc: denied { read } for pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 671.658048][ T25] audit: type=1400 audit(670.810:76): avc: denied { open } for pid=3296 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 671.729626][ T25] audit: type=1400 audit(670.870:77): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 671.977743][ T25] audit: type=1400 audit(671.130:78): avc: denied { module_request } for pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 672.001645][ T25] audit: type=1400 audit(671.150:79): avc: denied { module_request } for pid=3296 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 673.145225][ T25] audit: type=1400 audit(672.290:80): avc: denied { sys_module } for pid=3295 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 701.030207][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.625454][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.889932][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.130207][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.295024][ T3295] hsr_slave_0: entered promiscuous mode [ 715.323466][ T3295] hsr_slave_1: entered promiscuous mode [ 716.036412][ T3296] hsr_slave_0: entered promiscuous mode [ 716.079222][ T3296] hsr_slave_1: entered promiscuous mode [ 716.110909][ T3296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 716.127961][ T3296] Cannot create hsr debugfs directory [ 721.704492][ T25] audit: type=1400 audit(720.850:81): avc: denied { create } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 721.765491][ T25] audit: type=1400 audit(720.890:82): avc: denied { write } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 721.826150][ T25] audit: type=1400 audit(720.980:83): avc: denied { read } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 721.930979][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 722.380615][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 722.693894][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 722.820617][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 724.597742][ T3296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 724.816762][ T3296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 725.005314][ T3296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 725.219487][ T3296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 737.244593][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 739.938741][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.169965][ T3295] veth0_vlan: entered promiscuous mode [ 796.736934][ T3295] veth1_vlan: entered promiscuous mode [ 798.837217][ T3295] veth0_macvtap: entered promiscuous mode [ 798.870405][ T3296] veth0_vlan: entered promiscuous mode [ 799.205124][ T3295] veth1_macvtap: entered promiscuous mode [ 799.472707][ T3296] veth1_vlan: entered promiscuous mode [ 801.469930][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.515482][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.533456][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.546254][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.420525][ T3296] veth0_macvtap: entered promiscuous mode [ 802.790215][ T3296] veth1_macvtap: entered promiscuous mode [ 804.134443][ T25] audit: type=1400 audit(803.280:84): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 804.268071][ T25] audit: type=1400 audit(803.410:85): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.vcB860/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 804.405343][ T25] audit: type=1400 audit(803.530:86): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 804.834869][ T25] audit: type=1400 audit(803.980:87): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.vcB860/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 805.034909][ T25] audit: type=1400 audit(804.180:88): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.vcB860/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 805.330255][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.363605][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.373552][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.388744][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.723360][ T25] audit: type=1400 audit(804.870:89): avc: denied { unmount } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 805.880966][ T25] audit: type=1400 audit(805.030:90): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 806.007714][ T25] audit: type=1400 audit(805.120:91): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="gadgetfs" ino=3280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 806.221201][ T25] audit: type=1400 audit(805.370:92): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 806.420051][ T25] audit: type=1400 audit(805.570:93): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 807.845134][ T3295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 812.070460][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 812.103333][ T25] audit: type=1400 audit(811.220:98): avc: denied { read } for pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.165217][ T25] audit: type=1400 audit(811.310:99): avc: denied { open } for pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 813.120683][ T25] audit: type=1400 audit(812.270:100): avc: denied { ioctl } for pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 814.551333][ T25] audit: type=1400 audit(813.650:101): avc: denied { append } for pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 816.468889][ T25] audit: type=1400 audit(815.620:102): avc: denied { write } for pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 929.176668][ T25] audit: type=1400 audit(928.320:103): avc: denied { setattr } for pid=3533 comm="syz.0.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 989.046658][ T3585] kvm [3585]: Failed to find VMA for hva 0x20c01000 [ 1031.485440][ T25] audit: type=1400 audit(1030.620:104): avc: denied { ioctl } for pid=3616 comm="syz.1.43" path="net:[4026532626]" dev="nsfs" ino=4026532626 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1057.330555][ T25] audit: type=1400 audit(1056.470:105): avc: denied { execute } for pid=3630 comm="syz.0.48" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=6132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1206.261162][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 1206.261162][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.317037][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.317037][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.358169][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.358169][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.405193][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.405193][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.457270][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.457270][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.484889][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.484889][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.527561][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.527561][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.557029][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.557029][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.597143][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.597143][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1206.634742][ T3722] kvm [3721]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1206.634742][ T3722] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1209.845559][ T3722] kvm [3722]: Failed to find VMA for hva 0x20000000 [ 1224.588833][ T3740] kvm [3740]: Failed to find VMA for hva 0x20c01000 [ 1324.940648][ T3817] kvm [3817]: Failed to find VMA for hva 0x20d8d000 [ 1340.107292][ T3827] kvm [3827]: Failed to find VMA for hva 0x20ffc000 [ 1341.278657][ T3827] kvm [3827]: Failed to find VMA for hva 0x20ffc000 [ 1398.356410][ T3862] kvm [3861]: Unsupported guest access at: eeef0000 [ 1398.356410][ T3862] { Op0( 2), Op1( 3), CRn(11), CRm(14), Op2( 6), func_write }, [ 1464.515112][ T3910] kvm [3910]: Failed to find VMA for hva 0x20d8d000 [ 1518.836815][ T3953] kvm [3953]: Failed to find VMA for hva 0x20d8a000 [ 1604.566723][ T4016] kvm [4016]: Failed to find VMA for hva 0x20c01000 [ 1703.198737][ T4092] kvm [4092]: Failed to find VMA for hva 0x20c01000 [ 1755.209173][ T4118] kvm [4118]: Failed to find VMA for hva 0x208a1000 [ 1880.434330][ T25] audit: type=1400 audit(1879.580:106): avc: denied { execute } for pid=4201 comm="syz.0.222" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 1888.205950][ T4206] kvm [4206]: Failed to find VMA for hva 0x20d8d000 [ 2050.710101][ T4316] KVM: debugfs: duplicate directory 4316-4 [ 2432.514494][ T4564] kvm [4564]: Failed to find VMA for hva 0x208a1000 [ 2530.628784][ T4633] kvm [4633]: Failed to find VMA for hva 0x20c01000 [ 2603.475118][ T4679] kvm [4679]: Failed to find VMA for hva 0x20d8d000 [ 2611.416180][ T4687] print_sys_reg_msg: 320 callbacks suppressed [ 2611.454769][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 2611.454769][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.481405][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.481405][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.575822][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.575822][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.618019][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.618019][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.647240][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.647240][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.700725][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.700725][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.735976][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.735976][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.817907][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.817907][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.845303][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.845303][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 2611.970752][ T4687] kvm [4686]: Unsupported guest CP15 access at: 00000100 [000001db] [ 2611.970752][ T4687] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3245.490048][ T5136] kvm [5136]: Failed to find VMA for hva 0x20c01000 [ 3266.809228][ T5147] kvm [5147]: Failed to find VMA for hva 0x21016000 [ 3372.157258][ T25] audit: type=1400 audit(3371.300:107): avc: denied { map } for pid=5233 comm="syz.1.529" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3565.249635][ T5363] print_sys_reg_msg: 140 callbacks suppressed [ 3565.284862][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 3565.284862][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.315776][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.315776][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.366595][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.366595][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.390782][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.390782][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.438503][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.438503][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.475211][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.475211][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.498568][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.498568][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.524789][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.524789][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.554895][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.554895][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3565.598060][ T5363] kvm [5362]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3565.598060][ T5363] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3689.576080][ T25] audit: type=1400 audit(3688.720:108): avc: denied { execute } for pid=5445 comm="syz.0.595" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3925.836656][ T5612] KVM: debugfs: duplicate directory 5612-4 [ 3971.618684][ T5641] debugfs: File 'vgic-its-state@0' in directory '5641-6' already present! [ 4551.297500][ T6026] kvm [6026]: Failed to find VMA for hva 0x20d8d000 [ 4589.858676][ T6049] KVM: debugfs: duplicate directory 6049-5 [ 4646.046661][ T6088] kvm [6088]: Failed to find VMA for hva 0x20d8d000 [ 4694.855300][ T6120] kvm [6120]: Failed to find VMA for hva 0x20c01000 [ 4715.910547][ T6140] KVM: debugfs: duplicate directory 6140-5 [ 4912.545673][ T25] audit: type=1400 audit(4911.690:109): avc: denied { map } for pid=6283 comm="syz.1.854" path="pipe:[2431]" dev="pipefs" ino=2431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 4912.645009][ T25] audit: type=1400 audit(4911.740:110): avc: denied { execute } for pid=6283 comm="syz.1.854" path="pipe:[2431]" dev="pipefs" ino=2431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 5019.400862][ T6358] kvm [6358]: Failed to find VMA for hva 0x21016000 [ 5065.937645][ T6389] kvm [6389]: Failed to find VMA for hva 0x21016000 [ 5237.379963][ T6497] kvm [6497]: Failed to find VMA for hva 0x20c01000 [ 5387.696434][ T6587] Unable to handle kernel paging request at virtual address ffef800000000001 [ 5387.768058][ T6587] KASAN: maybe wild-memory-access in range [0xff00000000000010-0xff0000000000001f] [ 5387.814156][ T6587] Mem abort info: [ 5387.838962][ T25] audit: type=1400 audit(5386.930:111): avc: denied { read } for pid=3089 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 5387.846940][ T6587] ESR = 0x0000000096000004 SYZFAIL: failed to recv rpc [ 5387.887443][ T25] audit: type=1400 audit(5387.020:112): avc: denied { search } for pid=3089 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5387.933614][ T6587] EC = 0x25: DABT (current EL), IL = 32 bits [ 5387.950217][ T6587] SET = 0, FnV = 0 [ 5387.957655][ T6587] EA = 0, S1PTW = 0 [ 5387.989592][ T25] audit: type=1400 audit(5387.020:113): avc: denied { search } for pid=3089 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5388.000315][ T6587] FSC = 0x04: level 0 translation fault fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5388.066789][ T6587] Data abort info: [ 5388.096466][ T6587] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 5388.100456][ T25] audit: type=1400 audit(5387.200:114): avc: denied { add_name } for pid=3089 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5388.124443][ T6587] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 5388.125942][ T25] audit: type=1400 audit(5387.240:115): avc: denied { create } for pid=3089 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 5388.153866][ T6587] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 5388.178954][ T6587] [ffef800000000001] address between user and kernel address ranges [ 5388.187112][ T6587] Internal error: Oops: 0000000096000004 [#1] SMP [ 5388.188856][ T6587] Modules linked in: [ 5388.190954][ T6587] CPU: 0 UID: 0 PID: 6587 Comm: syz.1.949 Not tainted 6.16.0-rc3-syzkaller-g7b8346bd9fce #0 PREEMPT [ 5388.192750][ T6587] Hardware name: linux,dummy-virt (DT) [ 5388.194124][ T6587] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 5388.195478][ T6587] pc : vgic_its_save_tables_v0+0x3e0/0xe38 [ 5388.197910][ T6587] lr : vgic_its_save_tables_v0+0x338/0xe38 [ 5388.199004][ T6587] sp : ffff80008e2a7bf0 [ 5388.199832][ T6587] x29: ffff80008e2a7c70 x28: 1ef000001e47c4f0 x27: 0000000000000000 [ 5388.201719][ T6587] x26: 00000000000000a2 x25: 00000000fffffdfd x24: 88f000001e1a9a00 [ 5388.203371][ T6587] x23: 1ef000001e47c438 x22: a9f000001e1a99d0 x21: 60f000001e1a9a40 [ 5388.205011][ T6587] x20: 83f000001e3c2780 x19: efff800000000000 x18: 0000000000000000 [ 5388.206641][ T6587] x17: 0000000000000084 x16: ffff800080011d9c x15: 00000000200000c0 [ 5388.208272][ T6587] x14: 0000000000000002 x13: fff000001d3b3b08 x12: 0ff0000000000001 [ 5388.209934][ T6587] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000 [ 5388.211625][ T6587] x8 : 0001000000000000 x7 : ffff80008023c60c x6 : 0000000000000000 [ 5388.213235][ T6587] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000801648c0 [ 5388.214831][ T6587] x2 : 60f000001e1a9a40 x1 : 0000000000000001 x0 : 0000000000000000 [ 5388.216637][ T6587] Call trace: [ 5388.217675][ T6587] vgic_its_save_tables_v0+0x3e0/0xe38 (P) [ 5388.219111][ T6587] vgic_its_set_attr+0x65c/0x860 [ 5388.220253][ T6587] kvm_device_ioctl+0x354/0x418 [ 5388.221254][ T6587] __arm64_sys_ioctl+0x18c/0x244 [ 5388.222289][ T6587] invoke_syscall+0x90/0x2b4 [ 5388.223319][ T6587] el0_svc_common+0x180/0x2f4 [ 5388.224267][ T6587] do_el0_svc+0x58/0x74 [ 5388.225258][ T6587] el0_svc+0x58/0x160 [ 5388.226225][ T6587] el0t_64_sync_handler+0x78/0x108 [ 5388.227282][ T6587] el0t_64_sync+0x198/0x19c [ 5388.228811][ T6587] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) [ 5388.230739][ T6587] ---[ end trace 0000000000000000 ]--- [ 5388.232491][ T6587] Kernel panic - not syncing: Oops: Fatal exception [ 5388.234814][ T6587] Kernel Offset: disabled [ 5388.235769][ T6587] CPU features: 0x00000,00000d18,0bef1be1,057ffe1f [ 5388.237006][ T6587] Memory Limit: none [ 5388.238513][ T6587] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:59:47 Registers: info registers vcpu 0 CPU#0 PC=ffff800080567168 X00=0000000000000001 X01=000004e63a790980 X02=0000000000000000 X03=ffff8000864aa748 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff80008194e9ec X08=a4f000000d5b9d80 X09=0000000000010102 X10=fff0000072d780e8 X11=00000000000000fe X12=000000000000003f X13=0fff0000072d7804 X14=0000000000006000 X15=00000000000000fe X16=0000000002d73e68 X17=0000000015e14a66 X18=0fff0000072d88e5 X19=ffff800080565b30 X20=ffff8000864d4988 X21=fff0000072d78018 X22=00000000000000ff X23=fff0000072d78268 X24=00000000000000c0 X25=fff0000072d78268 X26=000004e63a790980 X27=fff0000072d781e8 X28=fff0000072d7804c X29=ffff8000800076b0 X30=ffff800080593468 SP=ffff800080007660 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:ffffffff00000007 Z01=0000000000274000:0000000000000000 Z02=0000ffffd60198f0:ffffff80ffffffd8 Z03=0000ffffd60199a0:0000ffffd60199a0 Z04=0000ffffd60199a0:0000ffffbd3370c8 Z05=0000ffffd6019970:0000ffffd60199a0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd6019bc0:0000ffffd6019bc0 Z17=ffffff80ffffffd0:0000ffffd6019b90 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000