last executing test programs: 1m31.846920823s ago: executing program 1 (id=671): ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8000ae83, &(0x7f0000000340)) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000feb000/0x2000)=nil, 0x0, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="04000000000000004000000000000000530000c400007a00000500000000000000060059740000000009000000000000000000020800000000"], 0x40}], 0x1, 0x0, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000080)={0x1000}) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000280)=""/152) (async) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000280)=""/152) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000880)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000008c0)=[@featur1={0x1, 0x1}], 0x1) ioctl$KVM_INTERRUPT(r6, 0x4004ae86, &(0x7f0000000980)) (async) ioctl$KVM_INTERRUPT(r6, 0x4004ae86, &(0x7f0000000980)) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000f40), 0x1) (async) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000f40), 0x1) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000001480)="ba609233e9bebb7030be5278d5c23f2bf76006a8d0c5c2b8", 0x0, 0x18) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) (async) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000640)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000680)=[@featur1={0x1, 0x3}], 0x1) close(0xffffffffffffffff) (async) close(0xffffffffffffffff) ioctl$KVM_SET_FPU(r7, 0x4000ae8d, &(0x7f0000001500)={'\x00', 0x0, 0xb359, 0x8, 0x0, 0xee3, 0x0, 0x8080000, '\x00', 0x80}) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) mmap$KVM_VCPU(&(0x7f0000ff4000/0x2000)=nil, 0x0, 0x2000000, 0x1010, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000240)={0x800, 0xee6}) (async) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000240)={0x800, 0xee6}) 1m19.02718034s ago: executing program 0 (id=672): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000004c0)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000500)=[@featur2={0x1, 0xb}], 0x1) r4 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) write$eventfd(r4, &(0x7f0000000000), 0xfffffdef) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x300000e, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) 1m17.706853575s ago: executing program 1 (id=673): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x83, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000000)={0x5}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000412000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000180)={0x5, 0x7}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x11}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000a17000/0x1000)=nil, 0x0, 0xf, 0x8010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000d60000/0x3000)=nil, 0x3000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa041, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000}) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0x4020940d, 0x20000000) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x1c1040, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000) openat$kvm(0x0, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x43033, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) 1m1.191566375s ago: executing program 0 (id=674): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x83, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x2008, 0x0}) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r8, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r8, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000140)={0xb6, 0x1000000, 0x8}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm(r9) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe6) 51.605816492s ago: executing program 1 (id=675): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x5, 0x2, 0x0, 0x0, @msi={0x80000000, 0x6, 0x0, 0xc7f}}]}) r4 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r4}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001a40)={0x0, 0x4000, 0x0, r4}) 33.443241757s ago: executing program 0 (id=676): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000000)=0x5000) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f0000000040)=""/95) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f00000000c0)={0x108093000, 0x1000, 0xe, 0x0, 0xffffff7b}) (async, rerun: 64) close(r0) (rerun: 64) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async, rerun: 32) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000100)={0xbe, 0x0, 0x1}) (async, rerun: 32) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r2, 0x2000004, 0x80010, r3, 0x0) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000180)={0xaeb9, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000001c0)={0x2710, 0x2, 0x2000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x72f, r4}) r5 = eventfd2(0x2, 0x81801) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000fec000/0x14000)=nil, r2, 0x1000000, 0x10010, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000280)={0xed, 0x0, 0x6}) (async, rerun: 64) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000340)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x80000000, 0xb}}) (rerun: 64) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000003c0)=@arm64_extra={0x603000000013c50a, &(0x7f0000000380)}) (async, rerun: 64) ioctl$KVM_CAP_HYPERV_TLBFLUSH(r1, 0x4068aea3, &(0x7f0000000400)) (rerun: 64) ioctl$KVM_CAP_VM_TYPES(r0, 0x4068aea3, &(0x7f0000000480)) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) (async, rerun: 32) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) (async) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) (async, rerun: 32) syz_kvm_vgic_v3_setup(r1, 0x3, 0x200) (rerun: 32) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f0000000540)=""/213) (async) ioctl$KVM_CAP_HYPERV_TLBFLUSH(r1, 0x4068aea3, &(0x7f0000000640)) (async) write$eventfd(r5, &(0x7f00000006c0)=0x100000001, 0x8) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x4) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f0000000700)={0x79, 0x0, 0xf6e}) 32.811308293s ago: executing program 1 (id=677): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x1000000, 0x10, r0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000000)=@arm64) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x10004, 0x0, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r1, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000100)={0x6, [0x9, 0x800, 0xfffffffffffffffe, 0x0, 0x0, 0x6]}) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f00000001c0)={0x2, 0x22221004, 0x8, 0x0, 0x800}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r4 = mmap$KVM_VCPU(&(0x7f0000ff8000/0x4000)=nil, r3, 0x1800000, 0x22010, r0, 0x0) munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) ioctl$KVM_HAS_DEVICE_ATTR_vm(r2, 0x4018aee3, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000200)={0xfffffff8, 0x9, 0x1}}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r5, 0x4068aea3, &(0x7f0000000280)) r6 = syz_kvm_add_vcpu(0x0, &(0x7f0000000900)={0x0, &(0x7f0000000300)=[@code={0x1, 0x6c, {"80eb85d20020b8f2810080d2c20180d2c30080d2640180d2020000d4000008d50000003a007008d5007008d5405883d200c0b8f2c10080d2a20180d2630080d2e40080d2020000d4000008d50030005f008c000f0068603c"}}, @code={0x1, 0x9c, {"0014c05a007008d500b8a15e207094d20080b8f2a10180d2020080d2c30080d2240180d2020000d4007008d5a0a788d200c0b8f2610180d2420080d2e30080d2040180d2020000d4000000a9000028d5601483d20020b0f2a10180d2a20080d2230080d2640080d2020000d4c09898d20000b8f2e10080d2620180d2230180d2840080d2020000d4"}}, @msr={0x2, 0x20, {0x603000000013debb, 0x4}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0xffd0, 0x81, 0x1}}, @uexit={0x0, 0x18, 0xb722}, @smc={0x3, 0x40, {0x84000052, [0x951e, 0x7ff, 0xfffffffffffff8e2, 0x1934, 0x3]}}, @smc={0x3, 0x40, {0xc4000011, [0x200, 0x9, 0x4, 0xfffffffffffffff8, 0x77a8]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0xe00, 0x6}}, @irq_setup={0x5, 0x18, {0x0, 0x334}}, @smc={0x3, 0x40, {0x84000002, [0x6, 0x9, 0x9, 0x431, 0x200]}}, @irq_setup={0x5, 0x18, {0x2, 0x39}}, @uexit={0x0, 0x18, 0x5}, @irq_setup={0x5, 0x18, {0x4, 0x5}}, @uexit={0x0, 0x18, 0xfff}, @msr={0x2, 0x20, {0x603000000013c031, 0x4}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x800}}, @irq_setup={0x5, 0x18, {0x3, 0x3c9}}, @msr={0x2, 0x20, {0x603000000013e4c8}}, @smc={0x3, 0x40, {0x4, [0x8, 0x8, 0x9, 0x23, 0x3]}}, @smc={0x3, 0x40, {0x0, [0xfffffffffffffffb, 0x10001, 0x1, 0x7]}}, @code={0x1, 0x9c, {"e04695d200c0b8f2410180d2820080d2830180d2a40080d2020000d40080a09b0054c01a007008d5603380d20020b8f2610080d2020180d2630080d2240180d2020000d40000c0ada09088d20040b8f2c10180d2c20080d2a30180d2a40180d2020000d4000020cb60e49ad200c0b8f2a10180d2620080d2230180d2640080d2020000d4000860fc"}}, @hvc={0x4, 0x40, {0x8400000e, [0x7fffffffffffffff, 0x8, 0xfffffffffffffff8, 0x2, 0x9]}}, @smc={0x3, 0x40, {0x2000000, [0x4, 0x6, 0x2, 0x7, 0x1]}}, @irq_setup={0x5, 0x18, {0x4, 0x44}}, @smc={0x3, 0x40, {0x80000001, [0x2, 0x4, 0x7fffffffffffffff, 0xeec, 0x6]}}, @hvc={0x4, 0x40, {0xc400000c, [0x4, 0x3ff, 0x5, 0x6, 0xfffffffffffffbff]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x4, 0x8}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0x100, 0x9, 0x8}}], 0x5f4}, &(0x7f0000000940)=[@featur2={0x1, 0x5e84f533f55264ca}], 0x1) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000980)=@x86={0x40, 0x5, 0x32, 0x0, 0x6, 0xff, 0x10, 0x9, 0x6, 0x6, 0x5, 0x68, 0x0, 0x7, 0x1, 0xa7, 0xc, 0x9, 0x9, '\x00', 0x4, 0x5}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000009c0)="f04e109784776aa793d23404ae57234aa6d42b30e3d2ad0d5066250340d59d658d04cc9ac71a170dba8db0c315c995e93b576d1ca5c633a099cd1b8fcd622f669f004698df3445fa", 0x0, 0x48) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x200, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm(r8) syz_kvm_add_vcpu(r9, &(0x7f0000001200)={0x0, &(0x7f0000000a80)=[@irq_setup={0x5, 0x18, {0x1, 0x3}}, @hvc={0x4, 0x40, {0x80000000, [0xe77, 0x100, 0x6, 0x7ff, 0x3e3]}}, @code={0x1, 0xb4, {"e0c594d200c0b0f2610180d2020180d2c30080d2240080d2020000d440929ad20000b8f2410180d2420080d2430080d2040180d2020000d4008008d5000008d5007008d5c0f499d20080b8f2c10080d2620080d2430080d2a40180d2020000d4001890d200c0b0f2410080d2a20180d2630180d2240080d2020000d40004002f60f78bd200a0b8f2410180d2c20080d2030180d2040080d2020000d40028c01a"}}, @memwrite={0x6, 0x30, @vgic_gicr={0x8100000, 0x40, 0x802, 0xa}}, @code={0x1, 0x9c, {"00004093a0de84d20020b8f2410180d2020080d2430180d2840080d2020000d4403f92d200c0b8f2610080d2c20080d2830080d2240080d2020000d400b0005f401d8dd20020b8f2810080d2e20180d2030180d2040080d2020000d4000008d5007008d5202188d200a0b0f2e10080d2620080d2e30180d2e40180d2020000d40000589e0098202e"}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x4, 0x10000, 0xb}}, @hvc={0x4, 0x40, {0xc4000053, [0x2, 0x2, 0x1, 0x3, 0x7]}}, @uexit={0x0, 0x18, 0x1e}, @code={0x1, 0xb4, {"c03880d20040b8f2610080d2c20080d2c30080d2c40080d2020000d4a0429cd20060b0f2210180d2420080d2830080d2c40080d2020000d40040c00de04698d20080b0f2610180d2820080d2830080d2e40180d2020000d4000008d5007008d500688dd20040b0f2a10180d2420080d2430180d2a40080d2020000d4a0df84d20060b8f2610180d2820180d2e30180d2e40180d2020000d4000040d4007008d5"}}, @code={0x1, 0x6c, {"0068603c007008d500fc209b400c95d200e0b0f2010080d2a20080d2a30180d2040080d2020000d4008008d50000c00c0084000f007008d5000028d520ef9cd20000b8f2410180d2620080d2630180d2240180d2020000d4"}}, @smc={0x3, 0x40, {0xc4000003, [0x6, 0x77c159ea, 0x10001, 0x9, 0x1]}}, @msr={0x2, 0x20, {0x603000000013deb8, 0x3}}, @hvc={0x4, 0x40, {0x84000006, [0x3, 0x4, 0x2, 0x8000000000000000, 0x7]}}, @msr={0x2, 0x20, {0x6030000000139828, 0x2}}, @msr={0x2, 0x20, {0x603000000013df6a, 0x7}}, @uexit={0x0, 0x18, 0x7}, @code={0x1, 0x54, {"803384d200a0b8f2810080d2020080d2030080d2c40180d2020000d4000040ac007008d500fc005f007008d5001ca02e007008d5008008d5007008d50054207e"}}, @smc={0x3, 0x40, {0x84000005, [0x7fff, 0x4, 0x9, 0x5, 0x1]}}, @smc={0x3, 0x40, {0x84000003, [0x4000000000000000, 0x6a9e, 0x5, 0x3, 0xa3e0]}}, @smc={0x3, 0x40, {0x1000, [0xfffffffffffffffd, 0x3, 0x9, 0x6, 0x9]}}, @smc={0x3, 0x40, {0x4000, [0xffffffffffffffc7, 0x8, 0xffffffffffffffff, 0x2, 0x82]}}, @code={0x1, 0x6c, {"000008d5007008d5000008d5e0c794d200a0b0f2610080d2820180d2030180d2040180d2020000d40000407ac0c89bd20080b8f2410180d2a20080d2630080d2040180d2020000d400b8a12e000000f1000008d5008008d5"}}, @irq_setup={0x5, 0x18, {0x1, 0xc7}}, @msr={0x2, 0x20, {0x58ce, 0x2}}, @hvc={0x4, 0x40, {0xc4000014, [0xfffffffffffff6da, 0x7, 0x999, 0xffffffffffffff7f, 0x7]}}, @msr={0x2, 0x20, {0x603000000013dee2, 0x7}}, @smc={0x3, 0x40, {0xc4000004, [0x2, 0x8, 0x3, 0xc, 0x4]}}, @msr={0x2, 0x20, {0x603000000013dcea, 0x401}}, @memwrite={0x6, 0x30, @generic={0x8080000, 0xf6c, 0x5, 0xa}}, @msr={0x2, 0x20, {0x603000000013c801, 0xfffffffffffff164}}], 0x780}, &(0x7f0000001240)=[@featur2={0x1, 0x48}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r3, 0x3000000, 0x10, r5, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000001280)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000001300)=@arm64_fp={0x60400000001000b4, &(0x7f00000012c0)=0x7c83}) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000001380)=@attr_arm64={0x0, 0x3, 0x4, &(0x7f0000001340)=0x6}) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) 24.390676228s ago: executing program 0 (id=678): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async) r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000180)=@arm64_ccsidr={0x602000000011000d, 0x0}) mmap$KVM_VCPU(&(0x7f00008c9000/0x1000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) r3 = eventfd2(0xf021, 0x800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x1, 0xdddd1000, 0x4, r3, 0x2}) 22.54385363s ago: executing program 1 (id=679): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x565700, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4010aeb5, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x1000000000000, &(0x7f00000001c0)={0x0, 0x9, 0x2}}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r5 = eventfd2(0x101, 0x800) write$eventfd(r5, &(0x7f0000000080)=0xfffffffffffffff7, 0x8) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_extra={0x603000000013c03b, &(0x7f0000000100)=0xd}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000180)={0x3, 0x0, [{0x1000, 0x5, 0x1, 0x0, @adapter={0xe4, 0x4, 0x52, 0x55, 0x9}}, {0x7, 0x5, 0x1, 0x0, @msi={0x8, 0x10001, 0xe758, 0x80000001}}, {0x39, 0x4, 0x0, 0x0, @msi={0x4, 0x1, 0x2, 0x2532}}]}) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r10, 0x2000008, 0x12, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000d64000/0x1000)=nil, r10, 0x2000006, 0x10, r6, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c000, 0x0}) 13.087332136s ago: executing program 0 (id=680): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x600040, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x8}) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0x3, 0x80000) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000080)={0x100000, 0x0, 0x1, r5, 0x1}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close(0x4) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) close(0x5) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) eventfd2(0x9, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f00000000c0)="970120e103e1865145d170390ebd172b80a3536bf1b100cf", 0x0, 0x18) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x80111500, 0xfff7fffffffffffc) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000000)={0x0, 0x0, @pic={0xf8, 0x4, 0x2, 0x9, 0x0, 0x0, 0x0, 0x3, 0x31, 0x3, 0x0, 0x0, 0x80}}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) 3.769782431s ago: executing program 1 (id=681): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xf000, 0x9000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0x3000, 0xf000}) eventfd2(0xc3f, 0x1) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0x100000000}) 0s ago: executing program 0 (id=682): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5, 0x8}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000080)=@other={0x7, &(0x7f0000000040)}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5, 0x8}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000080)=@other={0x7, &(0x7f0000000040)}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) kernel console output (not intermixed with test programs): [ 535.910103][ T3115] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:36082' (ED25519) to the list of known hosts. [ 740.844377][ T24] audit: type=1400 audit(739.770:69): avc: denied { name_bind } for pid=3281 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 742.168178][ T24] audit: type=1400 audit(741.110:70): avc: denied { execute } for pid=3283 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 742.189514][ T24] audit: type=1400 audit(741.130:71): avc: denied { execute_no_trans } for pid=3283 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 778.108745][ T24] audit: type=1400 audit(777.050:72): avc: denied { mounton } for pid=3283 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 778.176081][ T24] audit: type=1400 audit(777.110:73): avc: denied { mount } for pid=3283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 778.287164][ T3283] cgroup: Unknown subsys name 'net' [ 778.354898][ T24] audit: type=1400 audit(777.300:74): avc: denied { unmount } for pid=3283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 778.893392][ T3283] cgroup: Unknown subsys name 'cpuset' [ 779.016820][ T3283] cgroup: Unknown subsys name 'rlimit' [ 779.984270][ T24] audit: type=1400 audit(778.910:75): avc: denied { setattr } for pid=3283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 780.014083][ T24] audit: type=1400 audit(778.950:76): avc: denied { mounton } for pid=3283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 780.045924][ T24] audit: type=1400 audit(778.980:77): avc: denied { mount } for pid=3283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 781.488339][ T3287] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 781.529829][ T24] audit: type=1400 audit(780.460:78): avc: denied { relabelto } for pid=3287 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 781.547897][ T24] audit: type=1400 audit(780.490:79): avc: denied { write } for pid=3287 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 781.797045][ T24] audit: type=1400 audit(780.740:80): avc: denied { read } for pid=3283 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 781.834855][ T24] audit: type=1400 audit(780.750:81): avc: denied { open } for pid=3283 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 781.875940][ T3283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 838.476619][ T24] audit: type=1400 audit(837.420:82): avc: denied { execmem } for pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 843.026051][ T24] audit: type=1400 audit(841.970:83): avc: denied { read } for pid=3290 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 843.075643][ T24] audit: type=1400 audit(842.020:84): avc: denied { open } for pid=3290 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 843.208773][ T24] audit: type=1400 audit(842.150:85): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 843.555695][ T24] audit: type=1400 audit(842.500:86): avc: denied { module_request } for pid=3290 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 844.959563][ T24] audit: type=1400 audit(843.900:87): avc: denied { sys_module } for pid=3290 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 875.215327][ T3290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.455900][ T3290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.439541][ T3291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.646267][ T3291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 893.487311][ T3290] hsr_slave_0: entered promiscuous mode [ 893.597877][ T3290] hsr_slave_1: entered promiscuous mode [ 896.228041][ T3291] hsr_slave_0: entered promiscuous mode [ 896.388285][ T3291] hsr_slave_1: entered promiscuous mode [ 896.485442][ T3291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 896.489877][ T3291] Cannot create hsr debugfs directory [ 905.335988][ T24] audit: type=1400 audit(904.270:88): avc: denied { create } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 905.403535][ T24] audit: type=1400 audit(904.320:89): avc: denied { write } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 905.466690][ T24] audit: type=1400 audit(904.400:90): avc: denied { read } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 905.647279][ T3290] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 906.157940][ T3290] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 906.468537][ T3290] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 906.828686][ T3290] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 909.055511][ T3291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 909.334644][ T3291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 909.657026][ T3291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 909.937828][ T3291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 928.849451][ T3290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 931.817910][ T3291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1022.835725][ T3290] veth0_vlan: entered promiscuous mode [ 1024.735217][ T3290] veth1_vlan: entered promiscuous mode [ 1025.827020][ T3291] veth0_vlan: entered promiscuous mode [ 1027.265594][ T3291] veth1_vlan: entered promiscuous mode [ 1029.836737][ T3290] veth0_macvtap: entered promiscuous mode [ 1030.885704][ T3290] veth1_macvtap: entered promiscuous mode [ 1032.518619][ T3291] veth0_macvtap: entered promiscuous mode [ 1033.726927][ T3291] veth1_macvtap: entered promiscuous mode [ 1035.273159][ T3290] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.277017][ T3290] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.278822][ T3290] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.332232][ T3290] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.039710][ T3291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.104620][ T3291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.106553][ T3291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.108507][ T3291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.256558][ T24] audit: type=1400 audit(1038.190:91): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1039.656120][ T24] audit: type=1400 audit(1038.450:92): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.c4u3O4/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1039.948223][ T24] audit: type=1400 audit(1038.810:93): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1040.429548][ T24] audit: type=1400 audit(1039.370:94): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.c4u3O4/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 1040.596971][ T24] audit: type=1400 audit(1039.510:95): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.c4u3O4/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3644 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 1041.353597][ T24] audit: type=1400 audit(1040.290:96): avc: denied { unmount } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1041.793444][ T24] audit: type=1400 audit(1040.730:97): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 1042.212420][ T24] audit: type=1400 audit(1041.100:98): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1042.268362][ T24] audit: type=1400 audit(1041.210:99): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1042.362925][ T24] audit: type=1400 audit(1041.260:100): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1044.097548][ T3290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1046.019851][ T24] audit: type=1400 audit(1044.950:102): avc: denied { open } for pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1046.046199][ T24] audit: type=1400 audit(1044.870:101): avc: denied { read write } for pid=3290 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1046.047061][ T24] audit: type=1400 audit(1044.970:103): avc: denied { ioctl } for pid=3290 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1050.426561][ T24] audit: type=1400 audit(1049.350:104): avc: denied { read append } for pid=3434 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1050.626060][ T24] audit: type=1400 audit(1049.570:105): avc: denied { open } for pid=3434 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1052.736815][ T24] audit: type=1400 audit(1051.660:106): avc: denied { ioctl } for pid=3435 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1066.054110][ T24] audit: type=1400 audit(1064.980:107): avc: denied { execute } for pid=3442 comm="syz.1.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1075.294118][ T24] audit: type=1400 audit(1074.210:108): avc: denied { write } for pid=3445 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1405.287951][ T24] audit: type=1400 audit(1404.220:109): avc: denied { setattr } for pid=3621 comm="syz.1.46" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1498.964303][ T3662] kvm [3662]: Failed to find VMA for hva 0x20ff6000 [ 2207.848447][ T4036] kvm [4036]: Failed to find VMA for hva 0x20eb3000 [ 2646.440128][ T4261] KVM: debugfs: duplicate directory 4261-5 [ 2974.344528][ T24] audit: type=1400 audit(2973.250:110): avc: denied { map } for pid=4412 comm="syz.0.250" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4690.238453][ T5295] kvm [5295]: Failed to find VMA for hva 0x20eb3000 [ 5433.499268][ T5679] kvm [5679]: Failed to find VMA for hva 0x20fcc000 [ 6209.797318][ T6087] ------------[ cut here ]------------ [ 6209.800670][ T6087] WARNING: CPU: 0 PID: 6087 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394 [ 6209.804009][ T6087] Modules linked in: [ 6209.806390][ T6087] CPU: 0 UID: 0 PID: 6087 Comm: syz.0.682 Not tainted 6.12.0-rc5-syzkaller-gcc19e3405e85 #0 [ 6209.808496][ T6087] Hardware name: linux,dummy-virt (DT) [ 6209.809984][ T6087] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 6209.811441][ T6087] pc : kvm_timer_update_irq+0x21c/0x394 [ 6209.812937][ T6087] lr : kvm_timer_update_irq+0x21c/0x394 [ 6209.814435][ T6087] sp : ffff80008bc878f0 [ 6209.815574][ T6087] x29: ffff80008bc87900 x28: 00000000000003c5 x27: 31f000001153bc08 [ 6209.817726][ T6087] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 6209.819830][ T6087] x23: 0000000000000000 x22: d1ff80008bc54000 x21: 000000000000001e [ 6209.822076][ T6087] x20: 31f000001153b9a0 x19: 00000000fffffff0 x18: 0000000000000000 [ 6209.824010][ T6087] x17: 0000000000000000 x16: 00000000000000d1 x15: 6df000000b9c0a80 [ 6209.826119][ T6087] x14: 0000000000000000 x13: 0000000000000003 x12: 6df000000b9c0000 [ 6209.828289][ T6087] x11: d1ff80008bc54000 x10: 0000000000ff0100 x9 : 0000000000000000 [ 6209.830256][ T6087] x8 : 6df000000b9c0000 x7 : 0000000000000000 x6 : 000000000000003f [ 6209.832406][ T6087] x5 : 0000000000000040 x4 : 31f000001153cdc0 x3 : 0000000000000000 [ 6209.834230][ T6087] x2 : 000000000000001e x1 : 00000000fffffff0 x0 : 0000000000000000 [ 6209.836604][ T6087] Call trace: [ 6209.837573][ T6087] kvm_timer_update_irq+0x21c/0x394 [ 6209.839128][ T6087] kvm_timer_vcpu_reset+0x158/0x690 [ 6209.840458][ T6087] kvm_reset_vcpu+0x3b4/0x560 [ 6209.841795][ T6087] kvm_arch_vcpu_ioctl+0x112c/0x1b3c [ 6209.843130][ T6087] kvm_vcpu_ioctl+0x4ec/0xf74 [ 6209.844489][ T6087] __arm64_sys_ioctl+0x108/0x184 [ 6209.845695][ T6087] invoke_syscall+0x78/0x1b8 [ 6209.847009][ T6087] el0_svc_common+0xe8/0x1b0 [ 6209.848434][ T6087] do_el0_svc+0x40/0x50 [ 6209.849710][ T6087] el0_svc+0x54/0x14c [ 6209.850933][ T6087] el0t_64_sync_handler+0x84/0xfc [ 6209.852223][ T6087] el0t_64_sync+0x190/0x194 [ 6209.853692][ T6087] irq event stamp: 1936 [ 6209.854827][ T6087] hardirqs last enabled at (1935): [] _raw_read_unlock_irqrestore+0x44/0x94 [ 6209.856480][ T6087] hardirqs last disabled at (1936): [] el1_dbg+0x24/0x80 [ 6209.858135][ T6087] softirqs last enabled at (1918): [] local_bh_enable+0x10/0x34 [ 6209.860017][ T6087] softirqs last disabled at (1916): [] local_bh_disable+0x10/0x34 [ 6209.861791][ T6087] ---[ end trace 0000000000000000 ]--- [ 6209.868390][ T6087] ------------[ cut here ]------------ [ 6209.869550][ T6087] WARNING: CPU: 0 PID: 6087 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394 [ 6209.871441][ T6087] Modules linked in: [ 6209.873170][ T6087] CPU: 0 UID: 0 PID: 6087 Comm: syz.0.682 Tainted: G W 6.12.0-rc5-syzkaller-gcc19e3405e85 #0 [ 6209.875032][ T6087] Tainted: [W]=WARN [ 6209.876074][ T6087] Hardware name: linux,dummy-virt (DT) [ 6209.877296][ T6087] pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 6209.878673][ T6087] pc : kvm_timer_update_irq+0x21c/0x394 [ 6209.880131][ T6087] lr : kvm_timer_update_irq+0x21c/0x394 [ 6209.881641][ T6087] sp : ffff80008bc878f0 [ 6209.882610][ T6087] x29: ffff80008bc87900 x28: 00000000000003c5 x27: 31f000001153bc08 [ 6209.884604][ T6087] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 6209.886827][ T6087] x23: 0000000000000000 x22: d1ff80008bc54000 x21: 000000000000001b [ 6209.888945][ T6087] x20: 31f000001153b9a0 x19: 00000000fffffff0 x18: 0000000000000000 [ 6209.890920][ T6087] x17: 0000000000000000 x16: 00000000000000d1 x15: 6df000000b9c0a80 [ 6209.893050][ T6087] x14: 0000000000000000 x13: 0000000000000003 x12: 6df000000b9c0000 [ 6209.895171][ T6087] x11: d1ff80008bc54000 x10: 0000000000ff0100 x9 : 0000000000000000 [ 6209.897065][ T6087] x8 : 6df000000b9c0000 x7 : 0000000000000000 x6 : 000000000000003f [ 6209.899099][ T6087] x5 : 0000000000000040 x4 : 31f000001153ce28 x3 : 0000000000000000 [ 6209.901320][ T6087] x2 : 000000000000001b x1 : 00000000fffffff0 x0 : 0000000000000000 [ 6209.903455][ T6087] Call trace: [ 6209.904499][ T6087] kvm_timer_update_irq+0x21c/0x394 [ 6209.905848][ T6087] kvm_timer_vcpu_reset+0x178/0x690 [ 6209.907201][ T6087] kvm_reset_vcpu+0x3b4/0x560 [ 6209.908509][ T6087] kvm_arch_vcpu_ioctl+0x112c/0x1b3c [ 6209.909717][ T6087] kvm_vcpu_ioctl+0x4ec/0xf74 [ 6209.910902][ T6087] __arm64_sys_ioctl+0x108/0x184 [ 6209.912272][ T6087] invoke_syscall+0x78/0x1b8 [ 6209.913614][ T6087] el0_svc_common+0xe8/0x1b0 [ 6209.914811][ T6087] do_el0_svc+0x40/0x50 [ 6209.916072][ T6087] el0_svc+0x54/0x14c [ 6209.917269][ T6087] el0t_64_sync_handler+0x84/0xfc [ 6209.918640][ T6087] el0t_64_sync+0x190/0x194 [ 6209.919953][ T6087] irq event stamp: 1970 [ 6209.921118][ T6087] hardirqs last enabled at (1969): [] exit_to_kernel_mode+0xdc/0x10c [ 6209.922972][ T6087] hardirqs last disabled at (1970): [] el1_dbg+0x24/0x80 [ 6209.924650][ T6087] softirqs last enabled at (1968): [] handle_softirqs+0x698/0x6fc [ 6209.926278][ T6087] softirqs last disabled at (1939): [] __do_softirq+0x14/0x20 [ 6209.928154][ T6087] ---[ end trace 0000000000000000 ]--- VM DIAGNOSIS: 01:39:58 Registers: info registers vcpu 0 CPU#0 PC=ffff80008023ad84 X00=fff00000730294c0 X01=ffff8000843f51a9 X02=6df000000b9c0a78 X03=6df000000b9c0a78 X04=6df000000b9c0b30 X05=0000000000000001 X06=0000000000000000 X07=ffff8000802652f4 X08=00000000000003c0 X09=efff800000000000 X10=0000000000ff0100 X11=ffff80008526e000 X12=00000000a74548d9 X13=0000000000000028 X14=6df000000b9c0a80 X15=6df000000b9c0a80 X16=00000000000000ff X17=0000000000000000 X18=0000000000000000 X19=efff800000000000 X20=6df000000b9c0000 X21=0000000000000000 X22=ffff8000802652f4 X23=ffff800084a931e0 X24=0000000000000000 X25=0000000000000001 X26=0000000000000000 X27=ffff8000849f04c0 X28=00000000000003c0 X29=ffff80008bc870f0 X30=ffff80008023ad6c SP=ffff80008bc87090 PSTATE=604003c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffe631c290:3d188f6c5fbff900 Z02=0000ffff84ece000:ffffff80ffffffd8 Z03=0000ffffe631c320:0000ffffe631c320 Z04=0000ffffe631c320:0000ffffe631c2d8 Z05=0000ffffe631c2f0:0000ffffe631c320 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffe631c530:0000ffffe631c530 Z17=ffffff80ffffffd0:0000ffffe631c500 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000