last executing test programs: 53.339569747s ago: executing program 0 (id=1109): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x102091e}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r4, 0xae80, 0x0) 42.61969166s ago: executing program 0 (id=1111): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) close(r4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x200000b, 0x13, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4) r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x9, 0x504d, &(0x7f0000000080)=0x22e0}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) 37.00937775s ago: executing program 1 (id=1112): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x3, 0x3, 0x1000, 0x1000, &(0x7f0000001000/0x1000)=nil}) (async) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, r1, 0x0, 0x2010, r2, 0x0) (async) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e0000000000000040000000000000000a00008400ffffffffffff44"], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x2}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 32.303863081s ago: executing program 0 (id=1113): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000100)={0x774, 0x8}) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000200)={0x10004, 0x2, 0x4000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x1, r3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) munmap(&(0x7f0000ad4000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0xd000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000180)={0x0, 0x41}) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x102, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x30) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x7, 0x28, {0x0, 0x1, 0x17}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r15, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x5, 0x7fffffff, 0x0}) 29.727469136s ago: executing program 1 (id=1114): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r1 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async, rerun: 64) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x400454c8, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 32) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="140000000000000020000000000000005fc60000306000020080"], 0x20}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async, rerun: 32) r12 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (rerun: 32) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000340)={0x5}) (async, rerun: 32) r14 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (rerun: 32) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r14, 0x4010ae68, &(0x7f00000000c0)={0x4, 0x1c000, 0x1}) (async, rerun: 32) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000080)=@arm64_core={0x6030000000100014, &(0x7f0000000040)=0x5}) (async, rerun: 32) ioctl$KVM_GET_REG_LIST(r13, 0xc008aeb0, &(0x7f0000000000)={0x1, [0x4]}) ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYRES64=r6]) 21.186338887s ago: executing program 1 (id=1115): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x14}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x6030000000140000, &(0x7f00000001c0)=0x10003}) mmap$KVM_VCPU(&(0x7f0000eb4000/0x3000)=nil, 0x930, 0x200000c, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000140)=@arm64_sve={0x608000000015010d, &(0x7f00000000c0)=0x2}) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000000)=@arm64_sve={0x60800000001501bd, &(0x7f0000000080)=0xff}) 18.281413744s ago: executing program 0 (id=1116): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000f71000/0x6000)=nil, 0x6000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000400)={0xb6, 0x0, 0x23000000000000}) 14.198201075s ago: executing program 1 (id=1117): munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000006c0)={0x0, &(0x7f0000000000)=[@its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0xb, 0x10000, 0x49, 0xffffffff}}, @code={0xa, 0x84, {"0000000a00009f0d60ea83d20000b8f2010080d2220180d2230080d2c40180d2020000d4008008d5000008d5607d8ad20060b0f2810080d2a20080d2e30080d2c40180d2020000d4000028d5c04893d200c0b8f2e10080d2820180d2c30080d2c40180d2020000d400a8300e000800b8"}}, @memwrite={0x6e, 0x30, @generic={0x2000, 0x6db, 0x3, 0x1}}, @smc={0x1e, 0x40, {0xc40000d3, [0x6, 0x0, 0x4, 0x75, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x280, 0xa, 0xa}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0x8, 0x88fb, 0xffff, 0x3}}, @code={0xa, 0x84, {"007008d5007008d5008008d5000028d5c0a98dd200c0b0f2a10080d2220080d2030180d2a40180d2020000d4e0ae97d20080b8f2210080d2a20180d2030180d2640080d2020000d40098205e007008d5007008d5a08885d200e0b0f2010180d2c20080d2a30080d2040080d2020000d4"}}, @hvc={0x32, 0x40, {0x1, [0x1, 0x2, 0x2, 0x2, 0x7]}}, @smc={0x1e, 0x40, {0x0, [0x8, 0x10000, 0xffff, 0x3, 0x10006]}}, @msr={0x14, 0x20, {0x603000000013dea4, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0x19a}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x1e0}}, @msr={0x14, 0x20, {0x603000000013c2a3, 0x3}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0x4ef, 0x80000000, 0x19}}, @code={0xa, 0x54, {"000028d5007008d5003c202e008008d5008008d500d288d200c0b0f2c10180d2a20180d2e30180d2040080d2020000d4008008d50000291e008008d5008008d5"}}, @uexit={0x0, 0x18, 0xe8af}, @msr={0x14, 0x20, {0x603000000013e6dd, 0x5}}, @msr={0x14, 0x20, {0x603000000013f200, 0x6}}, @hvc={0x32, 0x40, {0x200, [0x5, 0x7, 0x9, 0x401, 0x4]}}, @code={0xa, 0x84, {"007008d5007008d500044078007008d5007008d5c0ab81d20080b8f2210180d2820080d2430080d2640180d2020000d40080a00d205c8fd20040b8f2010080d2820180d2630180d2240080d2020000d40080400ce0839ad200c0b8f2c10080d2420080d2c30080d2840080d2020000d4"}}, @smc={0x1e, 0x40, {0xc5000021, [0x40, 0x5, 0x5, 0x6, 0x8001]}}, @msr={0x14, 0x20, {0x603000000013e289, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013deba}}, @irq_setup={0x46, 0x18, {0x1, 0x338}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x4, 0x8, 0x7fffffff}}, @irq_setup={0x46, 0x18, {0x4c9, 0x14e}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x156}}, @smc={0x1e, 0x40, {0x84000002, [0xa3, 0xe4, 0x1, 0xffff, 0x80]}}, @code={0xa, 0xb4, {"e0fc8ad200e0b8f2610180d2420180d2630080d2a40080d2020000d40050000e008008d5000028d540bd9cd20080b0f2810180d2220080d2c30080d2640180d2020000d4007008d5e02698d20040b8f2810080d2a20080d2030180d2040080d2020000d460a38ed20080b0f2e10180d2420180d2030080d2440080d2020000d4003e9dd20060b8f2610080d2620180d2830080d2840080d2020000d40000200e"}}], 0x684}, &(0x7f0000000700)=[@featur2={0x1, 0x34}], 0x1) mmap$KVM_VCPU(&(0x7f0000bc8000/0x2000)=nil, 0x930, 0x1, 0x20031, r0, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) munmap(&(0x7f0000652000/0x1000)=nil, 0x1000) munmap(&(0x7f00007df000/0x1000)=nil, 0x1000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x10010, r1, 0x0) munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000) 10.348431695s ago: executing program 0 (id=1118): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x4, 0x1, 0x0}) (async) r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r7, 0x4068aea3, &(0x7f00000002c0)={0xdf, 0x0, 0x10000}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x3, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000340)={0x5}) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x2, 0x2010, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) (async) ioctl$KVM_IRQ_LINE_STATUS(r10, 0xc008ae67, &(0x7f0000000200)={0xfffff76a, 0xe}) (async) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f00000002c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000200)={0x7, 0x800, 0x1}}) (async) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100008, &(0x7f0000000180)=0x9}) 7.92754497s ago: executing program 1 (id=1119): openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c}) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x0, 0x3, 0x8010, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) (async) r7 = eventfd2(0x0, 0x0) close(r7) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x408) (async) write$eventfd(r7, &(0x7f0000000180)=0x5, 0xfffffde3) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100002, &(0x7f0000000240)=0xfffffffffffffff8}) (async) r8 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000100)={0xf000, 0x117800}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000040)={0x10000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r9, 0x4010ae68, &(0x7f0000000080)={0xdddd1000, 0x0, 0x1}) (async) r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa000000000000002800000000000000080019a915b7a5cc9d"], 0x50}, 0x0, 0x0) 328.401998ms ago: executing program 0 (id=1120): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) r3 = syz_kvm_vgic_v3_setup(r2, 0x2, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f00000000c0)=0x3000e5ed}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000003, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4010aeab, 0xfffffffffffffffe) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) munmap(&(0x7f0000fbd000/0x1000)=nil, 0x1000) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r4, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000}) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000040)={0x10200, 0x0, &(0x7f0000e4e000/0x2000)=nil}) 0s ago: executing program 1 (id=1121): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) (async) ioctl$KVM_CREATE_VCPU(r5, 0xb702, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x141001, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)) (async) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r12 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000"], 0x18}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r9, 0x2, 0x100) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) kernel console output (not intermixed with test programs): [ 399.263170][ T3128] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:36225' (ED25519) to the list of known hosts. [ 582.753885][ T25] audit: type=1400 audit(581.900:59): avc: denied { name_bind } for pid=3285 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 583.679959][ T25] audit: type=1400 audit(582.830:60): avc: denied { execute } for pid=3286 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 583.700836][ T25] audit: type=1400 audit(582.840:61): avc: denied { execute_no_trans } for pid=3286 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 602.329107][ T25] audit: type=1400 audit(601.470:62): avc: denied { mounton } for pid=3286 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 602.354344][ T25] audit: type=1400 audit(601.500:63): avc: denied { mount } for pid=3286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 602.442882][ T3286] cgroup: Unknown subsys name 'net' [ 602.491924][ T25] audit: type=1400 audit(601.640:64): avc: denied { unmount } for pid=3286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 602.948845][ T3286] cgroup: Unknown subsys name 'cpuset' [ 603.052647][ T3286] cgroup: Unknown subsys name 'rlimit' [ 604.029466][ T25] audit: type=1400 audit(603.180:65): avc: denied { setattr } for pid=3286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 604.054437][ T25] audit: type=1400 audit(603.190:66): avc: denied { mounton } for pid=3286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 604.072365][ T25] audit: type=1400 audit(603.220:67): avc: denied { mount } for pid=3286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 605.265215][ T3289] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 605.284920][ T25] audit: type=1400 audit(604.430:68): avc: denied { relabelto } for pid=3289 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 605.311951][ T25] audit: type=1400 audit(604.460:69): avc: denied { write } for pid=3289 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 605.490643][ T25] audit: type=1400 audit(604.640:70): avc: denied { read } for pid=3286 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 605.515175][ T25] audit: type=1400 audit(604.650:71): avc: denied { open } for pid=3286 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 605.552275][ T3286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 652.970406][ T25] audit: type=1400 audit(652.120:72): avc: denied { execmem } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 656.541991][ T25] audit: type=1400 audit(655.690:73): avc: denied { read } for pid=3292 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 656.580417][ T25] audit: type=1400 audit(655.730:74): avc: denied { open } for pid=3292 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 656.661763][ T25] audit: type=1400 audit(655.810:75): avc: denied { mounton } for pid=3292 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 656.966720][ T25] audit: type=1400 audit(656.080:76): avc: denied { module_request } for pid=3292 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 658.104922][ T25] audit: type=1400 audit(657.210:77): avc: denied { sys_module } for pid=3292 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 681.843208][ T3293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 681.974042][ T3293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.141581][ T3292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.262853][ T3292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 697.504097][ T3293] hsr_slave_0: entered promiscuous mode [ 697.562998][ T3293] hsr_slave_1: entered promiscuous mode [ 699.923184][ T3292] hsr_slave_0: entered promiscuous mode [ 699.980235][ T3292] hsr_slave_1: entered promiscuous mode [ 700.021531][ T3292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 700.048848][ T3292] Cannot create hsr debugfs directory [ 706.358156][ T25] audit: type=1400 audit(705.500:78): avc: denied { create } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 706.420085][ T25] audit: type=1400 audit(705.520:79): avc: denied { write } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 706.438736][ T25] audit: type=1400 audit(705.580:80): avc: denied { read } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 706.572482][ T3293] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 706.997032][ T3293] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 707.314599][ T3293] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 707.611115][ T3293] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 709.040354][ T3292] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 709.192814][ T3292] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 709.362434][ T3292] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 709.583592][ T3292] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 722.030484][ T3293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 724.387685][ T3292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 779.737897][ T3293] veth0_vlan: entered promiscuous mode [ 780.200968][ T3293] veth1_vlan: entered promiscuous mode [ 781.740088][ T3292] veth0_vlan: entered promiscuous mode [ 782.414517][ T3292] veth1_vlan: entered promiscuous mode [ 782.610657][ T3293] veth0_macvtap: entered promiscuous mode [ 783.111585][ T3293] veth1_macvtap: entered promiscuous mode [ 784.842992][ T3292] veth0_macvtap: entered promiscuous mode [ 785.095011][ T3293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.107403][ T3293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.120128][ T3293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.130191][ T3293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.370772][ T3292] veth1_macvtap: entered promiscuous mode [ 787.952586][ T25] audit: type=1400 audit(787.100:81): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 788.156917][ T25] audit: type=1400 audit(787.300:82): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzkaller.PqHjZa/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 788.282899][ T3292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.297751][ T25] audit: type=1400 audit(787.440:83): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 788.305151][ T3292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.322794][ T3292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.333055][ T3292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 788.659458][ T25] audit: type=1400 audit(787.790:84): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzkaller.PqHjZa/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 788.743109][ T25] audit: type=1400 audit(787.890:85): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzkaller.PqHjZa/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 789.551578][ T25] audit: type=1400 audit(788.660:86): avc: denied { unmount } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 789.854036][ T25] audit: type=1400 audit(789.000:87): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 789.960343][ T25] audit: type=1400 audit(789.080:88): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="gadgetfs" ino=3273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 790.314968][ T25] audit: type=1400 audit(789.460:89): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 790.412492][ T25] audit: type=1400 audit(789.560:90): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 791.394306][ T3293] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 795.628538][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 795.651337][ T25] audit: type=1400 audit(794.710:95): avc: denied { read } for pid=3433 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 795.702753][ T25] audit: type=1400 audit(794.850:96): avc: denied { open } for pid=3433 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 796.368961][ T25] audit: type=1400 audit(795.510:97): avc: denied { ioctl } for pid=3433 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 808.269048][ T25] audit: type=1400 audit(807.400:98): avc: denied { ioctl } for pid=3443 comm="syz.1.4" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 809.513241][ T25] audit: type=1400 audit(808.660:99): avc: denied { write } for pid=3443 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 819.618539][ T25] audit: type=1400 audit(818.760:100): avc: denied { execute } for pid=3449 comm="syz.0.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 826.322262][ T25] audit: type=1400 audit(825.470:101): avc: denied { append } for pid=3452 comm="syz.1.6" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 900.632639][ T3504] kvm [3504]: Failed to find VMA for hva 0x20fcc000 [ 946.332964][ T25] audit: type=1400 audit(945.480:102): avc: denied { map } for pid=3529 comm="syz.1.28" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 967.042555][ T3547] kvm [3547]: Failed to find VMA for hva 0x20c01000 [ 1038.157356][ T25] audit: type=1400 audit(1037.270:103): avc: denied { setattr } for pid=3602 comm="syz.1.44" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1111.068175][ T3644] kvm [3644]: Failed to find VMA for hva 0x20c01000 [ 1356.143481][ T3828] kvm [3828]: Failed to find VMA for hva 0x20fcc000 [ 1388.951300][ T3851] KVM: debugfs: duplicate directory 3851-5 [ 1462.248539][ T3897] kvm [3897]: Failed to find VMA for hva 0x20d8d000 [ 1487.797198][ T3913] kvm [3913]: Failed to find VMA for hva 0x20d8d000 [ 1520.915284][ T3937] kvm [3937]: Failed to find VMA for hva 0x20c01000 [ 1520.987829][ T3933] kvm [3933]: Failed to find VMA for hva 0x20000000 [ 1521.128813][ T3940] kvm [3940]: Failed to find VMA for hva 0x20c01000 [ 1890.982551][ T4185] kvm [4185]: Failed to find VMA for hva 0x20e8a000 [ 1891.079369][ T4186] kvm [4186]: Failed to find VMA for hva 0x20e8a000 [ 2478.733459][ T4595] kvm [4595]: Failed to find VMA for hva 0x21016000 [ 2478.842874][ T4595] kvm [4595]: Failed to find VMA for hva 0x21016000 [ 3066.580701][ T4997] kvm [4997]: Failed to find VMA for hva 0x21016000 [ 3091.834935][ T5018] kvm [5018]: Failed to find VMA for hva 0x20d80000 [ 3582.169891][ T5355] kvm [5354]: Unsupported guest access at: eeef0000 [ 3582.169891][ T5355] { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_write }, [ 4690.031960][ T6141] KVM: debugfs: duplicate directory 6141-5 [ 4883.301097][ T6284] kvm [6284]: Failed to find VMA for hva 0x20c01000 [ 5172.109722][ T6480] KVM: debugfs: duplicate directory 6480-5 [ 5359.703364][ T6618] kvm [6618]: Failed to find VMA for hva 0x20d8d000 [ 5522.668648][ T25] audit: type=1400 audit(5521.810:104): avc: denied { execute } for pid=6724 comm="syz.1.937" path=2F3436302FE16F8F1F449A7A8356 dev="tmpfs" ino=2351 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 5837.130724][ T25] audit: type=1400 audit(5836.280:105): avc: denied { execute } for pid=6942 comm="syz.1.997" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 6018.637354][ T7071] kvm [7071]: Failed to find VMA for hva 0x20d8d000 [ 6462.948110][ T7394] ================================================================== [ 6462.948942][ T7394] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [ 6462.950908][ T7394] Read of size 1 at addr 00000000000013c8 by task syz.1.1121/7394 [ 6462.951284][ T7394] [ 6462.952427][ T7394] CPU: 0 UID: 0 PID: 7394 Comm: syz.1.1121 Not tainted 6.15.0-rc4-syzkaller-g93845aa1aec8 #0 PREEMPT [ 6462.952942][ T7394] Hardware name: linux,dummy-virt (DT) [ 6462.953423][ T7394] Call trace: [ 6462.953762][ T7394] show_stack+0x2c/0x3c (C) [ 6462.954330][ T7394] __dump_stack+0x30/0x40 [ 6462.954614][ T7394] dump_stack_lvl+0xd8/0x12c [ 6462.954814][ T7394] print_report+0x5c/0xa0 [ 6462.955046][ T7394] kasan_report+0xb0/0x110 [ 6462.955289][ T7394] __kasan_check_byte+0x3c/0x54 [ 6462.955551][ T7394] lock_acquire+0xb0/0x2e0 [ 6462.955812][ T7394] _raw_spin_lock_irqsave+0x5c/0x7c [ 6462.956090][ T7394] kvm_vgic_set_owner+0x18c/0x294 [ 6462.956339][ T7394] kvm_timer_enable+0x1c4/0x794 [ 6462.956573][ T7394] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 6462.956788][ T7394] kvm_vcpu_ioctl+0xae8/0xc24 [ 6462.957014][ T7394] __arm64_sys_ioctl+0x18c/0x244 [ 6462.957230][ T7394] invoke_syscall+0x90/0x2b4 [ 6462.957521][ T7394] el0_svc_common+0x180/0x2f4 [ 6462.957779][ T7394] do_el0_svc+0x58/0x74 [ 6462.958031][ T7394] el0_svc+0x58/0x134 [ 6462.958294][ T7394] el0t_64_sync_handler+0x78/0x108 [ 6462.958596][ T7394] el0t_64_sync+0x198/0x19c [ 6462.959145][ T7394] ================================================================== [ 6462.961517][ T7394] Disabling lock debugging due to kernel taint [ 6462.962685][ T7394] Unable to handle kernel paging request at virtual address ffef80000000013b [ 6462.963152][ T7394] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [ 6462.963536][ T7394] Mem abort info: [ 6462.963770][ T7394] ESR = 0x0000000096000004 [ 6462.964071][ T7394] EC = 0x25: DABT (current EL), IL = 32 bits [ 6462.964378][ T7394] SET = 0, FnV = 0 [ 6462.964659][ T7394] EA = 0, S1PTW = 0 [ 6462.964920][ T7394] FSC = 0x04: level 0 translation fault [ 6462.965250][ T7394] Data abort info: [ 6462.965544][ T7394] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 6462.965814][ T7394] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 6462.966102][ T7394] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 6462.966541][ T7394] [ffef80000000013b] address between user and kernel address ranges [ 6462.967397][ T7394] Internal error: Oops: 0000000096000004 [#1] SMP [ 6462.992837][ T7394] Modules linked in: [ 6462.994903][ T7394] CPU: 0 UID: 0 PID: 7394 Comm: syz.1.1121 Tainted: G B 6.15.0-rc4-syzkaller-g93845aa1aec8 #0 PREEMPT [ 6462.996721][ T7394] Tainted: [B]=BAD_PAGE [ 6462.997542][ T7394] Hardware name: linux,dummy-virt (DT) [ 6462.998679][ T7394] pstate: 604020c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 6463.000072][ T7394] pc : do_raw_spin_lock+0x4c/0x2b4 [ 6463.001082][ T7394] lr : _raw_spin_lock_irqsave+0x64/0x7c [ 6463.002234][ T7394] sp : ffff8000a8a47930 [ 6463.002992][ T7394] x29: ffff8000a8a47940 x28: 2df000001d73d7c0 x27: 2df000001d73ec30 [ 6463.004871][ T7394] x26: 0000000000000001 x25: 2df000001d73ee10 x24: 0000000000000010 [ 6463.006569][ T7394] x23: 23ff8000a8a49000 x22: 2df000001d73d7c0 x21: ffff80008020b234 [ 6463.008017][ T7394] x20: 00000000000013b0 x19: efff800000000000 x18: 0000000005cdd0b8 [ 6463.009665][ T7394] x17: 0000000000000067 x16: 00000000000000fe x15: 0000000000000000 [ 6463.011121][ T7394] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [ 6463.012738][ T7394] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [ 6463.014459][ T7394] x8 : 00000000000013b4 x7 : ffff8000870bb12d x6 : ffff800086592f3c [ 6463.015846][ T7394] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802b42dc [ 6463.017348][ T7394] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [ 6463.018991][ T7394] Call trace: [ 6463.019764][ T7394] do_raw_spin_lock+0x4c/0x2b4 (P) [ 6463.020738][ T7394] _raw_spin_lock_irqsave+0x64/0x7c [ 6463.021852][ T7394] kvm_vgic_set_owner+0x18c/0x294 [ 6463.022898][ T7394] kvm_timer_enable+0x1c4/0x794 [ 6463.023773][ T7394] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 6463.024852][ T7394] kvm_vcpu_ioctl+0xae8/0xc24 [ 6463.025839][ T7394] __arm64_sys_ioctl+0x18c/0x244 [ 6463.026789][ T7394] invoke_syscall+0x90/0x2b4 [ 6463.027688][ T7394] el0_svc_common+0x180/0x2f4 [ 6463.028694][ T7394] do_el0_svc+0x58/0x74 [ 6463.029685][ T7394] el0_svc+0x58/0x134 [ 6463.030667][ T7394] el0t_64_sync_handler+0x78/0x108 [ 6463.031730][ T7394] el0t_64_sync+0x198/0x19c [ 6463.033066][ T7394] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [ 6463.034989][ T7394] ---[ end trace 0000000000000000 ]--- [ 6463.036769][ T7394] Kernel panic - not syncing: Oops: Fatal exception [ 6463.039066][ T7394] Kernel Offset: disabled [ 6463.040037][ T7394] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f [ 6463.041224][ T7394] Memory Limit: none [ 6463.042762][ T7394] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:16:02 Registers: info registers vcpu 0 CPU#0 PC=ffff80008209d73c X00=0000000000000003 X01=0000000000000002 X02=000000000000007b X03=ffff80008209d530 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e87f2c X07=ffff8000870bb12d X08=89ff80008c42b000 X09=0000000000000043 X10=0000000000000043 X11=00000000000000fe X12=0000000000000078 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=0000000000000067 X18=0000000005cdd0b8 X19=efff800000000000 X20=78f000000e049080 X21=89ff80008c42b018 X22=0000000000000002 X23=78f000000e04917a X24=0000000000000078 X25=0000000000000000 X26=89ff80008c42b000 X27=0000000000000078 X28=0000000000000078 X29=ffff8000a8a47090 X30=ffff80008209d730 SP=ffff8000a8a47080 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ff0000ff0000:ffff00000000706d Z02=c0fc00fcc000c0fc:0000c0fcc0fc0000 Z03=0000000000000000:0000000000000000 Z04=3303330333033303:3303330333033303 Z05=bcfcc0bc00bcbc00:bcfcc0bc00bcbc00 Z06=0000000000000073:0000aaaaf5e7e3e0 Z07=0000000000000074:0000aaaaf5e7b620 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc3bfa350:0000ffffc3bfa350 Z17=ffffff80ffffffd0:0000ffffc3bfa320 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000