last executing test programs: 1m1.231550595s ago: executing program 1 (id=27): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) (async) r5 = eventfd2(0xd, 0x1) close(r5) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async) write$eventfd(r5, 0x0, 0x500) (async) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r7, 0x0) 53.182100014s ago: executing program 0 (id=28): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x9610, 0x7fff, 0x0}) (async, rerun: 64) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (rerun: 64) 53.083874344s ago: executing program 1 (id=29): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x400400, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1001, 0x2}}) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r6, 0x0, 0xcb3993e4c7433bb8, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = eventfd2(0x7, 0x1) ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x0, 0x1000, 0x2, r9, 0x8}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = eventfd2(0x8, 0x80800) r13 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r13}) ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r12, 0x2}) ioctl$KVM_IOEVENTFD(r11, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x4, r12, 0x3}) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000140)={r9, 0xff, 0x2, r12}) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}}) r14 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r16, 0xae03, 0x5d) ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100006, &(0x7f00000000c0)=0x7ffffffc}) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r17 = syz_kvm_vgic_v3_setup(r1, 0x1, 0xdef1e022a7a5c82c) ioctl$KVM_GET_DEVICE_ATTR(r17, 0x4018aee2, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x5, 0x0}) 44.562148293s ago: executing program 0 (id=30): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r5, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x18000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x18000}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r7, 0x2000009, 0x213011, r3, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r9, 0x40000) (async) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r9, 0x40000) 39.596234662s ago: executing program 1 (id=31): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000540)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x8400000d, [0x4, 0x7, 0x3, 0x4, 0xbaaa]}}, @mrs={0xbe, 0x18, {0x603000000013c708}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0xb, 0x8a, 0xfffffffc, 0x3}}, @code={0xa, 0x9c, {"007008d5c0f993d20000b0f2210080d2620180d2a30080d2040080d2020000d4000c403c007008d5a06a97d200e0b0f2c10180d2e20080d2430180d2840080d2020000d4005687d200c0b0f2410080d2a20080d2230180d2240080d2020000d4007008d520ef8cd200c0b8f2610180d2420080d2a30180d2e40080d2020000d400a0002f00fc209b"}}, @svc={0x122, 0x40, {0x4000, [0x0, 0x100000001, 0x6, 0x4, 0x3ff]}}, @svc={0x122, 0x40, {0x84000007, [0x4, 0x8000000000000001, 0xd4, 0x1000, 0x6]}}, @msr={0x14, 0x20, {0x603000000013d801, 0x101}}, @irq_setup={0x46, 0x18, {0x1, 0x165}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x228}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x1b6}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x106}}, @eret={0xe6, 0x18, 0x1}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xffd0, 0x5, 0x4}}, @irq_setup={0x46, 0x18, {0x3, 0x291}}, @irq_setup={0x46, 0x18, {0x1, 0x22}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0xf, 0x4, 0xe, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x4, 0xa, 0x100, 0x7, 0x4}}, @code={0xa, 0x9c, {"0060c00ca0409ed20000b0f2810180d2820180d2a30180d2240080d2020000d4c08391d20040b8f2410180d2420080d2a30080d2a40080d2020000d4000008d5809599d200c0b0f2210080d2e20080d2c30180d2440080d2020000d40084a00d00fca05e0094002f008008d5c0299cd20020b0f2c10080d2e20080d2030080d2440180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x9, 0xa}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x270}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x3e9}}, @svc={0x122, 0x40, {0x84000007, [0xffffffffffffffff, 0x5, 0x7, 0x10, 0x9]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x394}}, @msr={0x14, 0x20, {0x603000000013c600}}, @eret={0xe6, 0x18}, @svc={0x122, 0x40, {0x84000011, [0x5e1968c9, 0x80000000, 0x9, 0x9, 0x68a]}}], 0x510}, &(0x7f0000000580), 0x1) r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x9) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000005c0)={0x3, 0xffffffffffffffff}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) close(r4) r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b00)={0x0, &(0x7f0000000600)=[@svc={0x122, 0x40, {0x84000050, [0x5, 0x1, 0x0, 0x9, 0x6]}}, @svc={0x122, 0x40, {0x20, [0x9, 0xb, 0x4, 0x7fffffffffffffff, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x78, 0x7, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013df70}}, @mrs={0xbe, 0x18, {0x603000000013f664}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x30e}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x0, 0x2, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e64a}}, @uexit={0x0, 0x18, 0xd6000000000}, @code={0xa, 0xb4, {"402087d20080b0f2210080d2e20080d2c30080d2c40080d2020000d4008008d5e0a994d20040b8f2810180d2a20080d2030080d2c40180d2020000d40034200e0078214ea03d80d200a0b8f2410180d2820180d2e30080d2040180d2020000d400be98d20020b8f2610180d2e20080d2e30180d2e40080d2020000d400d0205e60259ed20000b0f2c10080d2820180d2430180d2040180d2020000d40090204e"}}, @msr={0x14, 0x20, {0x603000000013800e, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013df47}}, @eret={0xe6, 0x18, 0x38}, @svc={0x122, 0x40, {0x84000053, [0x6, 0x8, 0xe, 0xfb, 0x9]}}, @hvc={0x32, 0x40, {0x80000000, [0xffffffffffffffdd, 0x9, 0x71, 0x3, 0x4]}}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x80007fff, [0x7, 0x8, 0x20, 0x0, 0x8000000000000001]}}, @uexit={0x0, 0x18, 0x1}, @irq_setup={0x46, 0x18, {0x3, 0x3bc}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x3a7}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0x5, 0x5, 0x73c, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x7, 0x2, 0x9, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0xa, 0x8, 0x8001, 0x1}}, @code={0xa, 0x54, {"5f3003d5007008d5008080881f2003d5008040885f3003d5000028d5008008d50014000fa06590d200c0b0f2e10080d2020180d2c30080d2240080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x5, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x10000, 0x8dd, 0xffffffffffffffff, 0x1}}, @uexit={0x0, 0x18, 0x5}], 0x4d0}, &(0x7f0000000b40), 0x1) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000b80)={0x1ff, 0x0, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000c00)=@arm64_extra={0x603000000013c03d, &(0x7f0000000bc0)=0x1000}) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000c80)=@attr_arm64={0x0, 0x4, 0x1, &(0x7f0000000c40)=0xd}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000d40)={0x0, &(0x7f0000000cc0)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x2e5}}, @smc={0x1e, 0x40, {0x8000, [0x0, 0x30000000000, 0x4, 0x9904, 0x10000]}}], 0x68}, &(0x7f0000000d80)=[@featur2={0x1, 0x42}], 0x1) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000dc0)={0x4, 0x3}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000e40)=@attr_other={0x0, 0x2cf, 0x5, &(0x7f0000000e00)=0x401}) r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000001380)={0x0, &(0x7f0000000e80)=[@its_setup={0x82, 0x28, {0x4, 0x0, 0x3}}, @smc={0x1e, 0x40, {0x8400000a, [0x8, 0xd60, 0x1c, 0x8000000000000001, 0x9]}}, @irq_setup={0x46, 0x18, {0x1, 0x31d}}, @svc={0x122, 0x40, {0x4, [0x7, 0x6, 0xf76, 0x1, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x2, 0xf, 0x1, 0x5, 0x1}}, @code={0xa, 0x6c, {"e0ae9ad20020b0f2010080d2820180d2c30180d2c40180d2020000d40050005e000008d50088601e00a0400c40109ed20000b8f2610180d2e20080d2830180d2640080d2020000d40018601e000028d500a4a00d0060200d"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x0, 0x10, 0x2, 0x4, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x9, 0x1f}}, @uexit={0x0, 0x18, 0x200}, @msr={0x14, 0x20, {0x603000000013c2a4, 0xffffffffffff6750}}, @svc={0x122, 0x40, {0x84000001, [0xaff, 0x3, 0x40, 0x9, 0x2]}}, @mrs={0xbe, 0x18, {0x6030000000130719}}, @uexit={0x0, 0x18, 0x7}, @code={0xa, 0x6c, {"00d8210e002c200e0004007fc04b81d20080b8f2210180d2820180d2030180d2a40080d2020000d40060ff0d0098207e000028d50024002f0040002f401790d20040b8f2a10180d2a20080d2830080d2c40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x603000000013c65d}}, @irq_setup={0x46, 0x18, {0x2, 0xd}}, @msr={0x14, 0x20, {0x0, 0xffff}}, @code={0xa, 0x6c, {"c01182d20000b8f2c10080d2020080d2030180d2640080d2020000d4007008d50000c09b0000609e0088601e0084000da0ef95d20020b8f2010080d2220080d2830180d2240180d2020000d4000008d5007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x603000000013e719}}, @eret={0xe6, 0x18, 0xb}, @mrs={0xbe, 0x18, {0x603000000013f201}}, @svc={0x122, 0x40, {0x0, [0x81, 0x3, 0x9, 0x2, 0x5]}}, @irq_setup={0x46, 0x18, {0x4, 0x3b8}}, @eret={0xe6, 0x18, 0xd}, @mrs={0xbe, 0x18, {0x603000000013e711}}, @hvc={0x32, 0x40, {0x2, [0xc5, 0x4, 0x6, 0x7, 0x4]}}, @eret={0xe6, 0x18, 0xfffffffffffffffe}, @mrs={0xbe, 0x18, {0x603000000013802c}}, @mrs={0xbe, 0x18, {0x603000000013dcf3}}, @eret={0xe6, 0x18}], 0x4ec}, &(0x7f00000013c0)=[@featur1={0x1, 0xa}], 0x1) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8000ae83, &(0x7f0000001400)) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000001540)={0x1, 0x0, &(0x7f0000c9b000/0x3000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000015c0)=@attr_other={0x0, 0xffffffff, 0xfcd, &(0x7f0000001580)=0x800}) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000001600)) ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7) write$eventfd(r1, &(0x7f0000001640)=0x1000, 0x8) r9 = ioctl$KVM_GET_STATS_FD_cpu(r8, 0xaece) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000016c0)=@attr_other={0x0, 0x9, 0x7fa, &(0x7f0000001680)=0x8}) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DEVICE_ATTR_vm(r2, 0x4018aee2, &(0x7f0000001740)=@attr_other={0x0, 0x2, 0xe, &(0x7f0000001700)=0x7fffffff}) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000001780)={0xeeee0000, 0x4000}) 33.356244807s ago: executing program 0 (id=32): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000280)=[@mrs={0xbe, 0x18, {0x603000000013c290}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x150}}, @code={0xa, 0x3c, {"007008d5001c004e0004002f008008d5008008d50020000c0040c00c0008603c0000681e000028d5"}}, @hvc={0x32, 0x40, {0x2000, [0x7, 0x2, 0x4, 0x8000, 0x9]}}, @eret={0xe6, 0x18, 0x800}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0x7, 0x80000001, 0x0, 0x3}}, @msr={0x14, 0x20, {0x603000000013e510, 0x5f0}}, @msr={0x14, 0x20, {0x603000000013c289, 0x1000}}, @eret={0xe6, 0x18, 0x6c}, @eret={0xe6, 0x18, 0x9}, @svc={0x122, 0x40, {0x20, [0xa, 0x2, 0x1, 0x1, 0x1]}}, @uexit={0x0, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x33f}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x141}}, @hvc={0x32, 0x40, {0x400, [0x0, 0x7, 0xffffffffffffffff, 0x40, 0xfff]}}], 0x254}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x10}], 0x1) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3200000000000000400000000000000001ff0086000000000700000000000000090000f8ffffffffffffff000100"/64], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 31.233246873s ago: executing program 1 (id=33): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xea12157bff932e6}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0x40086602, 0x20000000) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r3, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xdddd0000, 0x10000}) 20.719863514s ago: executing program 0 (id=34): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100004, &(0x7f0000000000)=0x300000000000}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xfffffffffffffff9) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64) r5 = eventfd2(0xeffffffd, 0x801) (rerun: 64) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r5, 0x1}) (async) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r5, 0x3}) (async) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r5, 0xf}) 16.769307054s ago: executing program 1 (id=35): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x40202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x37) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_vgic_v3_setup(r3, 0x3, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f00000002c0)=0x5}) (async) r5 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000000)={0x5, 0x0, &(0x7f0000fa3000/0x4000)=nil}) 9.234122417s ago: executing program 0 (id=36): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r6, 0x4010aeb5, 0x0) ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000000)={0x8080000, 0x0, 0x3c36, 0x0, 0x9}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f000055a000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000000)={0x800035a3, 0x9}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r11 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013e729}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) r15 = syz_kvm_vgic_v3_setup(r14, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r15, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0xffd0, 0x0}) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 7.064771408s ago: executing program 1 (id=37): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x800, 0x1, 0x10}}, @hvc={0x32, 0x40, {0xc400000e, [0x8, 0xda84, 0x800, 0x8, 0x3860]}}, @hvc={0x32, 0x40, {0xffff, [0x6, 0x5, 0x9, 0x4, 0x7]}}, @hvc={0x32, 0x40, {0x80008000, [0x6, 0x8000000000000001, 0x68b0d76a, 0x5, 0x4]}}, @hvc={0x32, 0x40, {0x8600ff01, [0x1, 0xc, 0x8000000000000001, 0x400, 0x8]}}, @code={0xa, 0x54, {"000008d5000008d5007008d500c0600d0090802f805180d20080b0f2810180d2a20180d2230180d2840080d2020000d4000c80b80068201e0000206e000008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x399}}, @smc={0x1e, 0x40, {0x200, [0x401, 0xf2f, 0x7, 0x9, 0x5]}}, @irq_setup={0x46, 0x18, {0x3, 0x89}}, @eret={0xe6, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x2, 0x7}}, @code={0xa, 0xcc, {"002cc01a80b189d20000b0f2e10080d2c20180d2230180d2640180d2020000d4202992d200a0b0f2c10180d2a20080d2830180d2e40080d2020000d4804e84d200e0b8f2a10080d2e20180d2a30180d2040080d2020000d4207590d200c0b0f2010080d2e20080d2a30180d2040180d2020000d4007008d50068603ce05695d200a0b8f2610080d2820080d2430180d2440180d2020000d4008008d5a0618ed200e0b8f2a10180d2020180d2e30180d2440180d2020000d4"}}, @irq_setup={0x46, 0x18, {0x4, 0x1de}}, @hvc={0x32, 0x40, {0x84000006, [0x6, 0x2, 0x100, 0x8, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x2, 0x4}}, @eret={0xe6, 0x18, 0x1}, @irq_setup={0x46, 0x18, {0x2, 0x254}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0x3, 0x476f, 0x3ff, 0x2}}], 0x3f8}, &(0x7f00000004c0)=[@featur1={0x1, 0x20}], 0x1) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0xc, &(0x7f0000000240)=0x80000001}) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r14 = eventfd2(0x8801, 0x800) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r15, 0xc0189436, 0x172) r16 = eventfd2(0x3ff, 0x0) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000080)={r14, 0x5, 0x2, r16}) close(r14) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 0 (id=38): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x10d032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) openat$kvm(0x0, 0x0, 0x280, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c3c000/0x1000)=nil, 0x0, 0x6000006, 0x10010, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x8010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000e, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000acb000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 461.541209][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:51838' (ED25519) to the list of known hosts. [ 640.734794][ T25] audit: type=1400 audit(639.860:61): avc: denied { name_bind } for pid=3305 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 642.745238][ T25] audit: type=1400 audit(641.860:62): avc: denied { execute } for pid=3306 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 642.762675][ T25] audit: type=1400 audit(641.910:63): avc: denied { execute_no_trans } for pid=3306 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 667.671460][ T25] audit: type=1400 audit(666.820:64): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 667.708708][ T25] audit: type=1400 audit(666.850:65): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 667.792451][ T3306] cgroup: Unknown subsys name 'net' [ 667.842285][ T25] audit: type=1400 audit(666.990:66): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 668.256920][ T3306] cgroup: Unknown subsys name 'cpuset' [ 668.369328][ T3306] cgroup: Unknown subsys name 'rlimit' [ 669.357871][ T25] audit: type=1400 audit(668.500:67): avc: denied { setattr } for pid=3306 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 669.382714][ T25] audit: type=1400 audit(668.520:68): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 669.402229][ T25] audit: type=1400 audit(668.540:69): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 670.652757][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 670.675941][ T25] audit: type=1400 audit(669.820:70): avc: denied { relabelto } for pid=3309 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 670.702602][ T25] audit: type=1400 audit(669.850:71): avc: denied { write } for pid=3309 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 670.899546][ T25] audit: type=1400 audit(670.050:72): avc: denied { read } for pid=3306 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 670.917138][ T25] audit: type=1400 audit(670.060:73): avc: denied { open } for pid=3306 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 670.965633][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 724.046403][ T25] audit: type=1400 audit(723.200:74): avc: denied { execmem } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 728.651175][ T25] audit: type=1400 audit(727.800:75): avc: denied { read } for pid=3312 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 728.672641][ T25] audit: type=1400 audit(727.820:76): avc: denied { open } for pid=3312 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 728.765031][ T25] audit: type=1400 audit(727.910:77): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 729.034639][ T25] audit: type=1400 audit(728.180:78): avc: denied { module_request } for pid=3312 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 729.059527][ T25] audit: type=1400 audit(728.200:79): avc: denied { module_request } for pid=3313 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 730.239856][ T25] audit: type=1400 audit(729.380:80): avc: denied { sys_module } for pid=3312 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 755.512502][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.818086][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 756.055439][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 756.419581][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 773.162638][ T3312] hsr_slave_0: entered promiscuous mode [ 773.220841][ T3312] hsr_slave_1: entered promiscuous mode [ 774.817171][ T3313] hsr_slave_0: entered promiscuous mode [ 774.868506][ T3313] hsr_slave_1: entered promiscuous mode [ 774.928802][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 774.947553][ T3313] Cannot create hsr debugfs directory [ 781.204718][ T25] audit: type=1400 audit(780.350:81): avc: denied { create } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 781.266648][ T25] audit: type=1400 audit(780.410:82): avc: denied { write } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 781.305667][ T25] audit: type=1400 audit(780.450:83): avc: denied { read } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 781.467392][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 781.809309][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 782.032796][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 782.542067][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 783.889991][ T3313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 784.277067][ T3313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 784.449955][ T3313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 784.660191][ T3313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 798.345427][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 800.626770][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.148737][ T3312] veth0_vlan: entered promiscuous mode [ 861.676677][ T3312] veth1_vlan: entered promiscuous mode [ 863.370164][ T3313] veth0_vlan: entered promiscuous mode [ 864.185870][ T3312] veth0_macvtap: entered promiscuous mode [ 864.309774][ T3313] veth1_vlan: entered promiscuous mode [ 864.851099][ T3312] veth1_macvtap: entered promiscuous mode [ 866.983846][ T3313] veth0_macvtap: entered promiscuous mode [ 867.320938][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.385709][ T3403] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.409152][ T3403] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.461995][ T3313] veth1_macvtap: entered promiscuous mode [ 867.576726][ T3403] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 870.186354][ T25] audit: type=1400 audit(869.330:84): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 870.426784][ T25] audit: type=1400 audit(869.570:85): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.y01913/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 870.601342][ T25] audit: type=1400 audit(869.750:86): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 870.639701][ T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 870.665377][ T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 870.669236][ T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 870.670234][ T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 870.944745][ T25] audit: type=1400 audit(870.060:87): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.y01913/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 871.091124][ T25] audit: type=1400 audit(870.240:88): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzkaller.y01913/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3798 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 871.812660][ T25] audit: type=1400 audit(870.960:89): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 872.031955][ T25] audit: type=1400 audit(871.180:90): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 872.217601][ T25] audit: type=1400 audit(871.290:91): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="gadgetfs" ino=3809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 872.480349][ T25] audit: type=1400 audit(871.630:92): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 872.660823][ T25] audit: type=1400 audit(871.810:93): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 873.776447][ T3312] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 884.285353][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 884.306167][ T25] audit: type=1400 audit(883.430:98): avc: denied { read write } for pid=3463 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 884.386503][ T25] audit: type=1400 audit(883.530:99): avc: denied { open } for pid=3463 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 885.746940][ T25] audit: type=1400 audit(884.740:100): avc: denied { execute } for pid=3463 comm="syz.0.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3844 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 888.134264][ T25] audit: type=1400 audit(887.250:101): avc: denied { append } for pid=3465 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 888.286457][ T25] audit: type=1400 audit(887.430:102): avc: denied { ioctl } for pid=3465 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 942.862417][ T25] audit: type=1400 audit(942.010:103): avc: denied { ioctl } for pid=3504 comm="syz.1.14" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1035.351664][ T25] audit: type=1400 audit(1034.500:104): avc: denied { setattr } for pid=3566 comm="syz.1.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1068.427519][ T3586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e3d5 [ 1068.466224][ T3586] flags: 0x1fffa8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xea) [ 1068.498215][ T3586] raw: 01fffa8000000000 ffffc1ffc078fd88 ffffc1ffc04b8888 0000000000000000 [ 1068.520256][ T3586] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1068.535788][ T3586] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 1068.566271][ T3586] ------------[ cut here ]------------ [ 1068.566566][ T3586] kernel BUG at ./include/linux/mm.h:1036! [ 1068.568303][ T3586] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 1068.573138][ T3586] Modules linked in: [ 1068.575274][ T3586] CPU: 0 UID: 0 PID: 3586 Comm: syz.1.37 Not tainted syzkaller #0 PREEMPT [ 1068.576824][ T3586] Hardware name: linux,dummy-virt (DT) [ 1068.578119][ T3586] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1068.579475][ T3586] pc : kvm_s2_put_page+0x374/0x3a0 [ 1068.581758][ T3586] lr : kvm_s2_put_page+0x374/0x3a0 [ 1068.582799][ T3586] sp : ffff8000a3f47570 [ 1068.583573][ T3586] x29: ffff8000a3f47570 x28: 31f0000012e22000 x27: 31f0000012e22000 [ 1068.585235][ T3586] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 1068.586689][ T3586] x23: ffffc1ffc078f548 x22: 0000000000000000 x21: ffffc1ffc078f574 [ 1068.588094][ T3586] x20: 0000000000000000 x19: ffffc1ffc078f540 x18: 000000004052238a [ 1068.589339][ T3586] x17: 0000000004952ba8 x16: 000000004051f9d2 x15: 000000007b86bc4d [ 1068.590774][ T3586] x14: ffffffffffffffff x13: fff000001e8d0008 x12: 0000000000000001 [ 1068.592119][ T3586] x11: 0000000000080000 x10: 0000000000059900 x9 : 4b6b60815d3c0900 [ 1068.593586][ T3586] x8 : 4b6b60815d3c0900 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 1068.595003][ T3586] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff8000803915d0 [ 1068.596352][ T3586] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 1068.598011][ T3586] Call trace: [ 1068.598934][ T3586] kvm_s2_put_page+0x374/0x3a0 (P) [ 1068.600270][ T3586] stage2_free_walker+0x1b0/0x264 [ 1068.601374][ T3586] __kvm_pgtable_walk+0x7d8/0xa68 [ 1068.602448][ T3586] kvm_pgtable_walk+0x294/0x468 [ 1068.603400][ T3586] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1068.604409][ T3586] kvm_free_stage2_pgd+0x198/0x28c [ 1068.605463][ T3586] kvm_uninit_stage2_mmu+0x20/0x38 [ 1068.606492][ T3586] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1068.607587][ T3586] kvm_mmu_notifier_release+0x48/0xa8 [ 1068.608503][ T3586] mmu_notifier_unregister+0x128/0x42c [ 1068.609534][ T3586] kvm_put_kvm+0x6a0/0xfa8 [ 1068.610452][ T3586] kvm_vcpu_release+0x70/0x9c [ 1068.611461][ T3586] __fput+0x4ac/0x980 [ 1068.612202][ T3586] ____fput+0x20/0x58 [ 1068.613005][ T3586] task_work_run+0x1bc/0x254 [ 1068.613894][ T3586] get_signal+0x13ec/0x1554 [ 1068.614849][ T3586] do_signal+0x23c/0x4dd0 [ 1068.615706][ T3586] do_notify_resume+0xb0/0x270 [ 1068.616622][ T3586] el0_svc+0xb8/0x164 [ 1068.617489][ T3586] el0t_64_sync_handler+0x84/0x12c [ 1068.618477][ T3586] el0t_64_sync+0x198/0x19c [ 1068.620007][ T3586] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 1068.621821][ T3586] ---[ end trace 0000000000000000 ]--- [ 1068.623416][ T3586] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 1068.625572][ T3586] Kernel Offset: disabled [ 1068.626333][ T3586] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1068.627494][ T3586] Memory Limit: none [ 1068.629219][ T3586] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:45:59 Registers: info registers vcpu 0 CPU#0 PC=ffff80008049069c X00=0000000000000001 X01=0000000000000008 X02=0000000000000000 X03=ffff800080490688 X04=0000000000000000 X05=0000000000000000 X06=ffff80008048b334 X07=ffff800080015834 X08=00000000000000fe X09=c2ff80008f56a000 X10=000000000005abac X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000 X17=0000000004952ba8 X18=000000004052238a X19=00000000000003c6 X20=efff800000000000 X21=ffff80008795f110 X22=00000000000003c5 X23=00000000000000ff X24=ffff80008795f110 X25=00000000000003c5 X26=7ef000001e8d0010 X27=00000000000003c0 X28=ffff800087735000 X29=ffff8000a3f46fd0 X30=ffff800080490688 SP=ffff8000a3f46f90 PSTATE=204023c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2c2c2c2c2c2c2c2c:2c2c2c2c2c2c2c2c Z01=727720726f727265:0000000000006577 Z02=0000000000000000:cccccccccccc0000 Z03=0000000000000000:0000000000000000 Z04=3333333333333333:3333333333333333 Z05=0000000000000000:00000000cccccc00 Z06=0000000000000073:0000aaaaf4ece3c0 Z07=0000000000000074:0000aaaaf4ecb600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc80cdc20:0000ffffc80cdc20 Z17=ffffff80ffffffd0:0000ffffc80cdbf0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000