last executing test programs: 20.20147308s ago: executing program 1 (id=2): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000240)=0xfffffffffffffffe}) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x400001, 0x1}}) ioctl$KVM_SET_DEVICE_ATTR_vm(r11, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r13, 0x3, 0x11, r9, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20b8}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x4010, r9, 0x0) 17.82027354s ago: executing program 0 (id=1): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8003}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.770538048s ago: executing program 0 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000180)=@arm64_sve={0x608000000015036d, &(0x7f0000000200)=0xfffffffffffffffc}) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0xeeee8000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000000180)=@attr_arm64={0x0, 0x4, 0x2, &(0x7f0000000080)=0xd450}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x101000, 0x1000, &(0x7f0000d42000/0x1000)=nil}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) 0s ago: executing program 1 (id=4): openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x2, 0xdddd0000, 0x1000, &(0x7f0000e3b000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0xfffffec7) (async) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0xfffffec7) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_sve={0x6080000000150537, 0x0}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) ioctl$KVM_SET_USER_MEMORY_REGION2(r5, 0x40a0ae49, &(0x7f0000000040)={0x1fd, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x1ff}) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x11) (async) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x11) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x7}) (async) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x5, 0x0}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, r10, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, r10, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x1a) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) kernel console output (not intermixed with test programs): [ 399.388317][ T3156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.057800][ T3156] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:22524' (ED25519) to the list of known hosts. [ 594.650163][ T25] audit: type=1400 audit(593.870:61): avc: denied { name_bind } for pid=3312 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 595.600152][ T25] audit: type=1400 audit(594.830:62): avc: denied { execute } for pid=3313 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 595.619569][ T25] audit: type=1400 audit(594.840:63): avc: denied { execute_no_trans } for pid=3313 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 618.333779][ T25] audit: type=1400 audit(617.560:64): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 618.369529][ T25] audit: type=1400 audit(617.590:65): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.449457][ T3313] cgroup: Unknown subsys name 'net' [ 618.496823][ T25] audit: type=1400 audit(617.720:66): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.861728][ T3313] cgroup: Unknown subsys name 'cpuset' [ 618.961404][ T3313] cgroup: Unknown subsys name 'rlimit' [ 619.877249][ T25] audit: type=1400 audit(619.090:67): avc: denied { setattr } for pid=3313 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 619.883692][ T25] audit: type=1400 audit(619.100:68): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 619.911429][ T25] audit: type=1400 audit(619.140:69): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 621.083888][ T3316] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 621.103558][ T25] audit: type=1400 audit(620.330:70): avc: denied { relabelto } for pid=3316 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.123510][ T25] audit: type=1400 audit(620.350:71): avc: denied { write } for pid=3316 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 621.359009][ T25] audit: type=1400 audit(620.590:72): avc: denied { read } for pid=3313 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.377347][ T25] audit: type=1400 audit(620.600:73): avc: denied { open } for pid=3313 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.419265][ T3313] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 671.666875][ T25] audit: type=1400 audit(670.890:74): avc: denied { execmem } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 676.280458][ T25] audit: type=1400 audit(675.510:75): avc: denied { read } for pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 676.302329][ T25] audit: type=1400 audit(675.520:76): avc: denied { open } for pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 676.376676][ T25] audit: type=1400 audit(675.600:77): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 676.654025][ T25] audit: type=1400 audit(675.870:78): avc: denied { module_request } for pid=3320 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 676.666352][ T25] audit: type=1400 audit(675.890:79): avc: denied { module_request } for pid=3319 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 677.774142][ T25] audit: type=1400 audit(676.990:80): avc: denied { sys_module } for pid=3320 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 704.580060][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 705.014179][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 705.932777][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.587755][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.157180][ T3320] hsr_slave_0: entered promiscuous mode [ 719.188069][ T3320] hsr_slave_1: entered promiscuous mode [ 720.213708][ T3319] hsr_slave_0: entered promiscuous mode [ 720.247392][ T3319] hsr_slave_1: entered promiscuous mode [ 720.276342][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 720.280397][ T3319] Cannot create hsr debugfs directory [ 725.616641][ T25] audit: type=1400 audit(724.840:81): avc: denied { create } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 725.678538][ T25] audit: type=1400 audit(724.910:82): avc: denied { write } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 725.711473][ T25] audit: type=1400 audit(724.920:83): avc: denied { read } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 725.853118][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 726.029892][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 726.211027][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 726.457649][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 727.929556][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 728.158996][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 728.426253][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 728.589403][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 741.000608][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 743.061251][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 799.016949][ T3320] veth0_vlan: entered promiscuous mode [ 799.457321][ T3320] veth1_vlan: entered promiscuous mode [ 801.380482][ T3320] veth0_macvtap: entered promiscuous mode [ 801.656171][ T3319] veth0_vlan: entered promiscuous mode [ 801.870712][ T3320] veth1_macvtap: entered promiscuous mode [ 802.429278][ T3319] veth1_vlan: entered promiscuous mode [ 804.362674][ T3331] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.428596][ T3331] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.439736][ T3331] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.479713][ T3331] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.273865][ T3319] veth0_macvtap: entered promiscuous mode [ 805.762031][ T3319] veth1_macvtap: entered promiscuous mode [ 807.102534][ T25] audit: type=1400 audit(806.330:84): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 807.279576][ T25] audit: type=1400 audit(806.510:85): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.ucVHAu/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 807.517728][ T25] audit: type=1400 audit(806.740:86): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 807.827370][ T25] audit: type=1400 audit(807.020:87): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.ucVHAu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 808.015491][ T25] audit: type=1400 audit(807.140:88): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.ucVHAu/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 808.200509][ T3424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.208725][ T3424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.302911][ T3424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.304067][ T3424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.720607][ T25] audit: type=1400 audit(807.920:89): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 808.921506][ T25] audit: type=1400 audit(808.150:90): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 809.036328][ T25] audit: type=1400 audit(808.250:91): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 809.352288][ T25] audit: type=1400 audit(808.580:92): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 809.629918][ T25] audit: type=1400 audit(808.760:93): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 810.887626][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 821.907359][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 821.915783][ T25] audit: type=1400 audit(821.130:98): avc: denied { read } for pid=3472 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 822.017082][ T25] audit: type=1400 audit(821.240:99): avc: denied { open } for pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 822.561160][ T25] audit: type=1400 audit(821.790:100): avc: denied { ioctl } for pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 855.202179][ T3484] ================================================================== [ 855.202772][ T3484] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 [ 855.204532][ T3484] Read of size 8 at addr 26f000001e489000 by task syz.1.4/3484 [ 855.204760][ T3484] Pointer tag: [26], memory tag: [fe] [ 855.204893][ T3484] [ 855.205873][ T3484] CPU: 0 UID: 0 PID: 3484 Comm: syz.1.4 Not tainted syzkaller #0 PREEMPT [ 855.206394][ T3484] Hardware name: linux,dummy-virt (DT) [ 855.206840][ T3484] Call trace: [ 855.207217][ T3484] show_stack+0x2c/0x3c (C) [ 855.207814][ T3484] __dump_stack+0x30/0x40 [ 855.208092][ T3484] dump_stack_lvl+0xd8/0x12c [ 855.208295][ T3484] print_address_description+0xac/0x288 [ 855.208580][ T3484] print_report+0x84/0xa0 [ 855.208836][ T3484] kasan_report+0xb0/0x110 [ 855.209061][ T3484] kasan_tag_mismatch+0x28/0x3c [ 855.209285][ T3484] __hwasan_tag_mismatch+0x30/0x60 [ 855.209559][ T3484] __kvm_pgtable_walk+0x8e4/0xa68 [ 855.209831][ T3484] kvm_pgtable_walk+0x294/0x468 [ 855.210100][ T3484] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 855.210379][ T3484] kvm_free_stage2_pgd+0x198/0x28c [ 855.210651][ T3484] kvm_uninit_stage2_mmu+0x20/0x38 [ 855.210944][ T3484] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 855.211233][ T3484] kvm_mmu_notifier_release+0x48/0xa8 [ 855.211491][ T3484] mmu_notifier_unregister+0x128/0x42c [ 855.211735][ T3484] kvm_put_kvm+0x6a0/0xfa8 [ 855.211956][ T3484] kvm_vm_release+0x58/0x78 [ 855.212201][ T3484] __fput+0x4ac/0x980 [ 855.212421][ T3484] ____fput+0x20/0x58 [ 855.212619][ T3484] task_work_run+0x1bc/0x254 [ 855.212841][ T3484] do_notify_resume+0x1bc/0x270 [ 855.213086][ T3484] el0_svc+0xb8/0x164 [ 855.213312][ T3484] el0t_64_sync_handler+0x84/0x12c [ 855.213533][ T3484] el0t_64_sync+0x198/0x19c [ 855.214030][ T3484] [ 855.214201][ T3484] The buggy address belongs to the physical page: [ 855.215282][ T3484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e489 [ 855.215648][ T3484] flags: 0x1fff64000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xd9) [ 855.216798][ T3484] raw: 01fff64000000000 ffffc1ffc0792288 ffffc1ffc0792d08 0000000000000000 [ 855.217059][ T3484] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 855.217264][ T3484] page dumped because: kasan: bad access detected [ 855.217389][ T3484] [ 855.217476][ T3484] Memory state around the buggy address: [ 855.217824][ T3484] fff000001e488e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 855.218020][ T3484] fff000001e488f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 855.218207][ T3484] >fff000001e489000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 855.218343][ T3484] ^ [ 855.218571][ T3484] fff000001e489100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 855.218736][ T3484] fff000001e489200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 855.218946][ T3484] ================================================================== [ 855.457608][ T3484] Disabling lock debugging due to kernel taint [ 855.466304][ T3484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e489 [ 855.466780][ T3484] flags: 0x1fff10000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xc4) [ 855.467241][ T3484] raw: 01fff10000000000 ffffc1ffc0791c08 fff0000072d7e420 0000000000000000 [ 855.467548][ T3484] raw: 0000000000000000 e4f000001434f780 00000000ffffffff 0000000000000000 [ 855.467770][ T3484] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 855.468852][ T3484] ------------[ cut here ]------------ [ 855.469015][ T3484] kernel BUG at ./include/linux/mm.h:1036! [ 855.469896][ T3484] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 855.479655][ T3484] Modules linked in: [ 855.481438][ T3484] CPU: 0 UID: 0 PID: 3484 Comm: syz.1.4 Tainted: G B syzkaller #0 PREEMPT [ 855.482855][ T3484] Tainted: [B]=BAD_PAGE [ 855.483524][ T3484] Hardware name: linux,dummy-virt (DT) [ 855.484485][ T3484] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 855.485756][ T3484] pc : kvm_s2_put_page+0x374/0x3a0 [ 855.486743][ T3484] lr : kvm_s2_put_page+0x374/0x3a0 [ 855.487681][ T3484] sp : ffff8000a3c97830 [ 855.488411][ T3484] x29: ffff8000a3c97830 x28: 26f000001e489000 x27: 26f000001e489000 [ 855.490007][ T3484] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000 [ 855.491279][ T3484] x23: ffffc1ffc0792248 x22: 0000000000000000 x21: ffffc1ffc0792274 [ 855.492610][ T3484] x20: 0000000000000000 x19: ffffc1ffc0792240 x18: 0000000000001b80 [ 855.493966][ T3484] x17: 0000000000000026 x16: 00000000000000fe x15: fff0000072d7e404 [ 855.495215][ T3484] x14: 0000000000000000 x13: fff000001df7d888 x12: 0000000000000001 [ 855.496506][ T3484] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 1050be4e895b8a00 [ 855.497951][ T3484] x8 : 1050be4e895b8a00 x7 : 0000000000000000 x6 : ffff80008048ab34 [ 855.499169][ T3484] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074aff8 [ 855.500467][ T3484] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 855.501906][ T3484] Call trace: [ 855.502606][ T3484] kvm_s2_put_page+0x374/0x3a0 (P) [ 855.503589][ T3484] stage2_free_walker+0xdc/0x264 [ 855.504548][ T3484] __kvm_pgtable_walk+0x7d8/0xa68 [ 855.505526][ T3484] kvm_pgtable_walk+0x294/0x468 [ 855.506409][ T3484] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 855.507432][ T3484] kvm_free_stage2_pgd+0x198/0x28c [ 855.508403][ T3484] kvm_uninit_stage2_mmu+0x20/0x38 [ 855.509328][ T3484] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 855.510299][ T3484] kvm_mmu_notifier_release+0x48/0xa8 [ 855.511231][ T3484] mmu_notifier_unregister+0x128/0x42c [ 855.512187][ T3484] kvm_put_kvm+0x6a0/0xfa8 [ 855.513008][ T3484] kvm_vm_release+0x58/0x78 [ 855.513865][ T3484] __fput+0x4ac/0x980 [ 855.514627][ T3484] ____fput+0x20/0x58 [ 855.515399][ T3484] task_work_run+0x1bc/0x254 [ 855.516258][ T3484] do_notify_resume+0x1bc/0x270 [ 855.517151][ T3484] el0_svc+0xb8/0x164 [ 855.517964][ T3484] el0t_64_sync_handler+0x84/0x12c [ 855.518842][ T3484] el0t_64_sync+0x198/0x19c [ 855.520237][ T3484] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) [ 855.522010][ T3484] ---[ end trace 0000000000000000 ]--- [ 855.523544][ T3484] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 855.525531][ T3484] Kernel Offset: disabled [ 855.526303][ T3484] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 855.527386][ T3484] Memory Limit: none [ 855.529035][ T3484] Rebooting in 86400 seconds.. VM DIAGNOSIS: 07:08:49 Registers: info registers vcpu 0 CPU#0 PC=ffff800082159154 X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff800082159050 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f1ef70 X08=9ef000000d9b9d80 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=00000000d7d50a4e X16=0000000084c84d06 X17=0000000000000000 X18=0000000084e60346 X19=efff800000000000 X20=e3f000000dcb4880 X21=10ff80008c4bb018 X22=0000000000000002 X23=e3f000000dcb497c X24=00000000000000e3 X25=e3f000000dcb4ac8 X26=e3f000000dcb48c8 X27=00000000000000e3 X28=00000000000000e3 X29=ffff80008c4f7b40 X30=ffff800082159154 SP=ffff80008c4f7b30 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=ffffffffffffff00:0000000000000000 Z02=0000000000000000:fffffff000000000 Z03=ffffffffffff00ff:0000ff000000ff00 Z04=0000000000000000:ffffff0f00f000f0 Z05=fcc0003000030000:fcc0003000030000 Z06=0000000000000073:0000aaaaee2e43c0 Z07=0000000000000074:0000aaaaee2e1600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd3969c20:0000ffffd3969c20 Z17=ffffff80ffffffd8:0000ffffd3969bf0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000