last executing test programs: 44.931868223s ago: executing program 1 (id=135): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) syz_kvm_vgic_v3_setup(r2, 0x1, 0x200) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) 34.971174819s ago: executing program 1 (id=137): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x40842, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013dee3, &(0x7f0000000000)=0x100000000}) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x6, 0x40a8012, 0xffffffffffffffff, 0x2000) 34.430707526s ago: executing program 0 (id=138): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x6e, 0x80}) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000080)=[@smc={0x1e, 0x40, {0x3000000, [0xfffffffffffffff8, 0x2, 0x0, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013e66a}}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0x0, [0x5, 0x3, 0x8, 0x5, 0x1]}}, @eret={0xe6, 0x18, 0x3}, @svc={0x122, 0x40, {0x2000000, [0x1e57, 0x8, 0xb6e, 0x200000000000000, 0x8000]}}, @irq_setup={0x46, 0x18, {0x0, 0x3d5}}, @mrs={0xbe, 0x18, {0x603000000013f528}}, @msr={0x14, 0x20, {0x603000000013c080, 0x2b4}}, @uexit={0x0, 0x18, 0x8}, @hvc={0x32, 0x40, {0xc4000004, [0x5a6, 0x7, 0x6, 0xffffffffffff220f, 0x7fff]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x9, 0x0, 0x7, 0x1}}, @irq_setup={0x46, 0x18, {0x4, 0xc8}}, @its_send_cmd={0xaa, 0x28, {0x7, 0x0, 0x0, 0x4, 0x7, 0x9, 0x4}}, @hvc={0x32, 0x40, {0x84000003, [0x100, 0x5, 0x0, 0x8cd, 0x8000]}}, @svc={0x122, 0x40, {0x8400000a, [0x100000001, 0x4, 0x4c, 0x9, 0xc4]}}, @uexit={0x0, 0x18, 0x3}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x16e}}, @irq_setup={0x46, 0x18, {0x2, 0x37a}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0x1, 0x40, 0x10000, 0x2}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x39a}}], 0x358}, &(0x7f0000000440)=[@featur2={0x1, 0x8}], 0x1) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000500)=[{0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000003, [0x9, 0x100000000, 0x5, 0xfffffffffffffffa, 0x60]}}, @mrs={0xbe, 0x18, {0x603000000013dee3}}], 0x58}], 0x1, 0x0, &(0x7f0000000540)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000580)={0x3000, 0x8000}) (async, rerun: 64) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000005c0)={0x5, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000640)=@attr_arm64={0x0, 0x5, 0x1, &(0x7f0000000600)=0x9}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000680)={0x10000, 0x16000, 0x1}) (async) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000006c0)={0x8080000, 0x0, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000700)={0x10004, 0x5, 0x1, 0x2000, &(0x7f0000f24000/0x2000)=nil}) (async, rerun: 32) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (rerun: 32) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000740)={0x5, 0x0, [{0x6, 0x3, 0x1, 0x0, @sint={0x4, 0x6}}, {0x0, 0x5, 0x1, 0x0, @irqchip={0x8, 0x7}}, {0x3, 0x1, 0x0, 0x0, @sint={0x1, 0x10000}}, {0x2, 0x4, 0x1, 0x0, @irqchip={0xa, 0x5}}, {0xfffffff4, 0x5, 0x1, 0x0, @adapter={0x8, 0x8001, 0x9, 0x0, 0x7f}}]}) (async) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async, rerun: 64) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x400, 0x0) (rerun: 64) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000880)={0x10003, 0x0, 0x3331b000, 0x1000, &(0x7f0000ff3000/0x1000)=nil}) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x200, 0x0) (rerun: 32) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async, rerun: 64) r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000900)={0x5, 0x6}) (rerun: 64) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000940)={0x10003, 0x2, 0x8080000, 0x2000, &(0x7f0000d0e000/0x2000)=nil, 0xb, r8}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000cce000/0x2000)=nil, r9, 0x100000c, 0x80010, r1, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000a00)={0x6e58d738c3f9201a, 0xffffffffffffffff, 0x1}) (async) mmap$KVM_VCPU(&(0x7f0000d33000/0x1000)=nil, r9, 0x2000004, 0x11, 0xffffffffffffffff, 0x0) 27.667928966s ago: executing program 1 (id=139): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r5 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000200)={0x7}) ioctl$KVM_SIGNAL_MSI(r8, 0x4020aea5, &(0x7f0000000240)={0x0, 0x10000, 0x0, 0x0, 0x8d}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xb1, 0x0, 0x5}) r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8200000000000000280000000000000001000000000000000400000000000000020000000000000082000000000000002800000000000000"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 27.041005043s ago: executing program 0 (id=140): r0 = openat$kvm(0x0, &(0x7f0000000080), 0xb63c81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1, 0x5, 0x8000000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000180)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000040)=0x8}) 22.545717841s ago: executing program 0 (id=141): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x0, 0x200) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) close(r3) close(0x4) 16.310604615s ago: executing program 0 (id=142): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000300)={0x5, 0x0, &(0x7f0000ffd000/0x3000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100014, 0xfffffffffffffffe}) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r5, 0x2000005, 0x5c1fd1b656592f1, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000180)={0xb6, 0x0, 0x3c}) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x8000000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x80a0000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 15.614222742s ago: executing program 1 (id=143): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x100000d, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x0, 0x4, 0x1, 0x0, @sint={0xffff, 0x1}}]}) 8.436103873s ago: executing program 0 (id=144): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="be00000000000000180000000000000038c01300000030606e000000000000003000000000000001000000000000000000100000000000000005000000000000000000000000000046fffffffb040000000000000000000002000000c6020000df49036a8d967476ee8d7838f6d7c77bb0a6df57cfce94b3893565e42f1ff9e7d0c1c3478d2b619b5d22c6f97edac8b720e1b26462360fee9a4deef436ff05d88ca0e0278c689ec4ec404e405e06287100d56bb1f79ff433092192d4b88fddfc7a739ccade73510470f1f19bdc6ec5651eebf4fefda004d2dd422b84f6903c3c87629c650a90b32b7cd36f609d069c60972a86729df8e1d207fee1d86440efc89d1e83c27fd3dc4122f6128f7126bb374a0fc7aa68a40eaf3d931dc597abb1b266b3cdc81737eb6934411e9deb6bf93e20c0ab0e93b26588d64d4ee21a960bbda59f95ea01a4a127973c87c22ddcd2edec5f5a816ac579e27107c10cf1a1150114c5ba6b54af165d9897e88a0260a46ba6d0fc3fbaa7701944c20ae03b454bbaf019"], 0x60}, &(0x7f00000001c0)=[@featur1={0x1, 0x44}], 0x1) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000003c0)=@arm64_fw={0x6030000000140003, &(0x7f0000000380)=0xb}) r3 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x2000008, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="8e06528d3922a5989de59732ae02d4e3dded3c869360fbd37aabcd986b514e26d2f06f165d86eff78919eec84db2d3fb0dc24e8476d73a45ebb3c7afb7b506a6b40bc8bc06b14a00", 0x0, 0x48) openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="82000000000000002800000000000000010027f60000000004000d00000000000200000000000000aa0000000000000028000000000000000305ffffffff04000000020000000200b24c000000000000"], 0x50}, 0x0, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x103fe, 0x0, 0x104001, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async) r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000400)={0x5, 0x100000001}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000004c0)={0x10001, 0x7, 0x0, 0x2000, &(0x7f0000d1c000/0x2000)=nil, 0x5, r9}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000000), 0x103747, 0x0) syz_kvm_vgic_v3_setup(r4, 0xfffffffffffffffe, 0xc0) (async) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010004e, &(0x7f0000000180)=0x2916}) (async) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x40a0ae49, &(0x7f00000002c0)) (async) r13 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000bfe000/0x400000)=nil) 8.128754671s ago: executing program 1 (id=145): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1c}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_sve_vls={0x606000000015ffff, &(0x7f00000000c0)=0xd1e}) (async) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000240)={0x3, 0x80000003}}) (async) r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r9, 0x4068aea3, &(0x7f00000000c0)={0xdf, 0x0, 0x10000}) (async) r10 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[@ANYRES32=0x0], 0x18}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r4, 0x2, 0x3c0) (async) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) r12 = eventfd2(0x0, 0x0) (async) r13 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000080)={0x2, 0x0, 0x0, r12}) (async) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x2, 0x9000, 0x5, r12, 0xc}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1.36916451s ago: executing program 0 (id=146): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) openat$kvm(0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_vgic_v3_setup(r4, 0x4, 0x100) r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) (rerun: 64) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[@eret={0xe6, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x1, 0x2f6}}, @msr={0x14, 0x20, {0x603000000013f200, 0xfffffffffffff996}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1f8}}, @irq_setup={0x46, 0x18, {0x4, 0x366}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x10, 0x0, 0x3, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x8}}], 0xe8}, &(0x7f0000000180)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async, rerun: 64) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@arm64={0x91, 0x6, 0x5, '\x00', 0x1dd}) (async, rerun: 64) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) (async) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x0, 0x4000, 0x1000, &(0x7f0000fda000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 1 (id=147): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2801, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xb1) (async) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000240)=@attr_arm64={0x0, 0x5, 0x0, 0x0}) kernel console output (not intermixed with test programs): [ 382.674493][ T3132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 434.788925][ T3132] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:55323' (ED25519) to the list of known hosts. [ 595.864358][ T25] audit: type=1400 audit(595.000:60): avc: denied { name_bind } for pid=3288 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 597.317273][ T25] audit: type=1400 audit(596.450:61): avc: denied { execute } for pid=3289 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 597.337256][ T25] audit: type=1400 audit(596.470:62): avc: denied { execute_no_trans } for pid=3289 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 618.243609][ T25] audit: type=1400 audit(617.370:63): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 618.275584][ T25] audit: type=1400 audit(617.410:64): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.362367][ T3289] cgroup: Unknown subsys name 'net' [ 618.412348][ T25] audit: type=1400 audit(617.540:65): avc: denied { unmount } for pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 618.776869][ T3289] cgroup: Unknown subsys name 'cpuset' [ 618.877669][ T3289] cgroup: Unknown subsys name 'rlimit' [ 619.799192][ T25] audit: type=1400 audit(618.930:66): avc: denied { setattr } for pid=3289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 619.825504][ T25] audit: type=1400 audit(618.960:67): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 619.843196][ T25] audit: type=1400 audit(618.970:68): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 621.014010][ T3292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 621.037148][ T25] audit: type=1400 audit(620.160:69): avc: denied { relabelto } for pid=3292 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.058526][ T25] audit: type=1400 audit(620.190:70): avc: denied { write } for pid=3292 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 621.264594][ T25] audit: type=1400 audit(620.390:71): avc: denied { read } for pid=3289 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.282196][ T25] audit: type=1400 audit(620.410:72): avc: denied { open } for pid=3289 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 621.327508][ T3289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 668.324741][ T25] audit: type=1400 audit(667.460:73): avc: denied { execmem } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 671.875745][ T25] audit: type=1400 audit(671.010:74): avc: denied { read } for pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 671.907531][ T25] audit: type=1400 audit(671.040:75): avc: denied { open } for pid=3295 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.005066][ T25] audit: type=1400 audit(671.120:76): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 672.271680][ T25] audit: type=1400 audit(671.370:77): avc: denied { module_request } for pid=3295 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 673.392561][ T25] audit: type=1400 audit(672.520:78): avc: denied { sys_module } for pid=3295 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 698.838677][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.369288][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.562407][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.043446][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.404087][ T3295] hsr_slave_0: entered promiscuous mode [ 715.451597][ T3295] hsr_slave_1: entered promiscuous mode [ 716.704694][ T3296] hsr_slave_0: entered promiscuous mode [ 716.737884][ T3296] hsr_slave_1: entered promiscuous mode [ 716.773754][ T3296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 716.791995][ T3296] Cannot create hsr debugfs directory [ 721.964875][ T25] audit: type=1400 audit(721.090:79): avc: denied { create } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.052036][ T25] audit: type=1400 audit(721.180:80): avc: denied { write } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.094784][ T25] audit: type=1400 audit(721.230:81): avc: denied { read } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.228116][ T3295] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 722.653853][ T3295] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 722.965305][ T3295] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 723.222247][ T3295] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 724.647862][ T3296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 724.825381][ T3296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 725.025840][ T3296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 725.175504][ T3296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 737.973716][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 740.026692][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.287179][ T3295] veth0_vlan: entered promiscuous mode [ 796.673178][ T3295] veth1_vlan: entered promiscuous mode [ 798.765084][ T3295] veth0_macvtap: entered promiscuous mode [ 798.855247][ T3296] veth0_vlan: entered promiscuous mode [ 799.123201][ T3295] veth1_macvtap: entered promiscuous mode [ 799.764193][ T3296] veth1_vlan: entered promiscuous mode [ 801.447321][ T3295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.454320][ T3295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.471708][ T3295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.492177][ T3295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.755737][ T3296] veth0_macvtap: entered promiscuous mode [ 803.303283][ T3296] veth1_macvtap: entered promiscuous mode [ 804.017683][ T25] audit: type=1400 audit(803.150:82): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 804.249010][ T25] audit: type=1400 audit(803.380:83): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.3ezOHs/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 804.502850][ T25] audit: type=1400 audit(803.630:84): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 804.846634][ T25] audit: type=1400 audit(803.980:85): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.3ezOHs/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 805.009245][ T25] audit: type=1400 audit(804.140:86): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzkaller.3ezOHs/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 805.401857][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.411540][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.424404][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.447184][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.537903][ T25] audit: type=1400 audit(804.670:87): avc: denied { unmount } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 805.898972][ T25] audit: type=1400 audit(805.010:88): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 806.056550][ T25] audit: type=1400 audit(805.190:89): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="gadgetfs" ino=3263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 806.333656][ T25] audit: type=1400 audit(805.450:90): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 806.425612][ T25] audit: type=1400 audit(805.560:91): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 808.075948][ T3295] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 809.047197][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 809.070473][ T25] audit: type=1400 audit(808.140:93): avc: denied { read write } for pid=3295 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 809.131078][ T25] audit: type=1400 audit(808.240:94): avc: denied { open } for pid=3295 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 809.144913][ T25] audit: type=1400 audit(808.270:95): avc: denied { ioctl } for pid=3295 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 812.190720][ T25] audit: type=1400 audit(811.270:96): avc: denied { write } for pid=3447 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.271822][ T25] audit: type=1400 audit(811.320:97): avc: denied { open } for pid=3447 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.726670][ T25] audit: type=1400 audit(811.860:98): avc: denied { read } for pid=3447 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.851558][ T25] audit: type=1400 audit(811.980:99): avc: denied { ioctl } for pid=3447 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 814.284717][ T25] audit: type=1400 audit(813.400:100): avc: denied { append } for pid=3448 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 873.612634][ T25] audit: type=1400 audit(872.740:101): avc: denied { execute } for pid=3480 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4104 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 903.897467][ T25] audit: type=1400 audit(902.970:102): avc: denied { ioctl } for pid=3505 comm="syz.0.18" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 928.617466][ T3530] FAULT_INJECTION: forcing a failure. [ 928.617466][ T3530] name failslab, interval 1, probability 0, space 0, times 1 [ 928.633043][ T3530] CPU: 0 UID: 0 PID: 3530 Comm: syz.0.24 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 928.633728][ T3530] Hardware name: linux,dummy-virt (DT) [ 928.634203][ T3530] Call trace: [ 928.634646][ T3530] show_stack+0x2c/0x3c (C) [ 928.636580][ T3530] __dump_stack+0x30/0x40 [ 928.636876][ T3530] dump_stack_lvl+0xd8/0x12c [ 928.637088][ T3530] dump_stack+0x1c/0x28 [ 928.637283][ T3530] should_fail_ex+0x570/0x6e0 [ 928.637565][ T3530] should_failslab+0xb8/0xec [ 928.637785][ T3530] __kmalloc_noprof+0xdc/0x4b8 [ 928.638071][ T3530] tomoyo_realpath_from_path+0xdc/0x628 [ 928.638366][ T3530] tomoyo_path_number_perm+0x13c/0x33c [ 928.638630][ T3530] tomoyo_file_ioctl+0x2c/0x3c [ 928.638908][ T3530] security_file_ioctl+0xe8/0x2f0 [ 928.639196][ T3530] __arm64_sys_ioctl+0xd0/0x244 [ 928.639496][ T3530] invoke_syscall+0x90/0x2b4 [ 928.639796][ T3530] el0_svc_common+0x180/0x2f4 [ 928.640077][ T3530] do_el0_svc+0x58/0x74 [ 928.640395][ T3530] el0_svc+0x58/0x160 [ 928.640652][ T3530] el0t_64_sync_handler+0x78/0x108 [ 928.640890][ T3530] el0t_64_sync+0x198/0x19c [ 928.811357][ T3530] ERROR: Out of memory at tomoyo_realpath_from_path. [ 935.081366][ T3535] kvm [3535]: Failed to find VMA for hva 0x208a7000 [ 944.272552][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 944.272552][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.296070][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.296070][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.366968][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.366968][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.442804][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.442804][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.563490][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.563490][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.578143][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.578143][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.634632][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.634632][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.717707][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.717707][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.822102][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.822102][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 944.874047][ T3542] kvm [3540]: Unsupported guest CP15 access at: 00000100 [000001db] [ 944.874047][ T3542] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 960.541495][ T3550] FAULT_INJECTION: forcing a failure. [ 960.541495][ T3550] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 960.561086][ T3550] CPU: 0 UID: 0 PID: 3550 Comm: syz.0.30 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 960.561518][ T3550] Hardware name: linux,dummy-virt (DT) [ 960.561635][ T3550] Call trace: [ 960.561722][ T3550] show_stack+0x2c/0x3c (C) [ 960.562080][ T3550] __dump_stack+0x30/0x40 [ 960.562283][ T3550] dump_stack_lvl+0xd8/0x12c [ 960.562501][ T3550] dump_stack+0x1c/0x28 [ 960.562709][ T3550] should_fail_ex+0x570/0x6e0 [ 960.562947][ T3550] should_fail+0x14/0x24 [ 960.563170][ T3550] should_fail_usercopy+0x20/0x30 [ 960.563423][ T3550] _inline_copy_from_user+0x3c/0x18c [ 960.563699][ T3550] kstrtouint_from_user+0x70/0xf8 [ 960.563960][ T3550] proc_fail_nth_write+0x4c/0x174 [ 960.564256][ T3550] vfs_write+0x2c0/0xacc [ 960.564538][ T3550] ksys_write+0x100/0x1f4 [ 960.564792][ T3550] __arm64_sys_write+0x98/0xcc [ 960.565044][ T3550] invoke_syscall+0x90/0x2b4 [ 960.565329][ T3550] el0_svc_common+0x180/0x2f4 [ 960.565638][ T3550] do_el0_svc+0x58/0x74 [ 960.565923][ T3550] el0_svc+0x58/0x160 [ 960.566165][ T3550] el0t_64_sync_handler+0x78/0x108 [ 960.566422][ T3550] el0t_64_sync+0x198/0x19c [ 1110.845822][ T25] audit: type=1400 audit(1109.960:103): avc: denied { getattr } for pid=3649 comm="syz.0.58" path="net:[4026532627]" dev="nsfs" ino=4026532627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1165.061877][ T3683] kvm [3683]: Failed to find VMA for hva 0x20c01000 [ 1198.663335][ T3705] kvm [3705]: Failed to find VMA for hva 0x20d8d000 [ 1206.337585][ T3709] kvm [3709]: Failed to find VMA for hva 0x21016000 [ 1227.241649][ T25] audit: type=1400 audit(1226.370:104): avc: denied { setattr } for pid=3716 comm="syz.1.79" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1287.186694][ T3766] kvm [3764]: Unsupported guest access at: eeef0000 [ 1287.186694][ T3766] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 1299.782061][ T3774] kvm [3774]: Failed to find VMA for hva 0x20c02000 [ 1299.853646][ T3775] kvm [3775]: Failed to find VMA for hva 0x20c02000 [ 1424.254502][ T3868] kvm [3868]: Failed to find VMA for hva 0x20c01000 [ 1429.785798][ T3878] kvm [3878]: Failed to find VMA for hva 0x20c01000 [ 1546.518873][ T3965] ------------[ cut here ]------------ [ 1546.519762][ T3965] WARNING: CPU: 0 PID: 3965 at arch/arm64/kvm/inject_fault.c:63 pend_sync_exception+0x198/0x5ac [ 1546.522589][ T3965] Modules linked in: [ 1546.524693][ T3965] CPU: 0 UID: 0 PID: 3965 Comm: syz.0.146 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 1546.526140][ T3965] Hardware name: linux,dummy-virt (DT) [ 1546.527325][ T3965] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1546.528750][ T3965] pc : pend_sync_exception+0x198/0x5ac [ 1546.529801][ T3965] lr : pend_sync_exception+0x198/0x5ac [ 1546.530795][ T3965] sp : ffff80008ee178c0 [ 1546.531647][ T3965] x29: ffff80008ee178c0 x28: 0000000000000047 x27: 47f000001d8a2028 [ 1546.533700][ T3965] x26: 0000000000000047 x25: 0000000000000000 x24: 0000000000000000 [ 1546.535540][ T3965] x23: 0000000000000000 x22: 0000000000000047 x21: 47f000001d8a2c01 [ 1546.537265][ T3965] x20: 0000000000000007 x19: efff800000000000 x18: 0000000000000000 [ 1546.539027][ T3965] x17: 0000000000000016 x16: ffff800080011d9c x15: 0000000020000080 [ 1546.540813][ T3965] x14: ffffffffffffffff x13: 0000000000000028 x12: 000000000000004a [ 1546.542576][ T3965] x11: 4af0000014be32e4 x10: 0000000000ff0100 x9 : 0000000000000000 [ 1546.544425][ T3965] x8 : 4af0000014be1d80 x7 : ffff800080b08704 x6 : ffff80008ee17a88 [ 1546.546077][ T3965] x5 : ffff80008ee17a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 1546.547781][ T3965] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 1546.549581][ T3965] Call trace: [ 1546.550501][ T3965] pend_sync_exception+0x198/0x5ac (P) [ 1546.551534][ T3965] __kvm_inject_sea+0x268/0x96c [ 1546.552638][ T3965] kvm_inject_sea+0x98/0x72c [ 1546.553721][ T3965] __kvm_arm_vcpu_set_events+0x134/0x238 [ 1546.554689][ T3965] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 1546.555729][ T3965] kvm_vcpu_ioctl+0x5c4/0xc2c [ 1546.556790][ T3965] __arm64_sys_ioctl+0x18c/0x244 [ 1546.557732][ T3965] invoke_syscall+0x90/0x2b4 [ 1546.558829][ T3965] el0_svc_common+0x180/0x2f4 [ 1546.559833][ T3965] do_el0_svc+0x58/0x74 [ 1546.560820][ T3965] el0_svc+0x58/0x160 [ 1546.561828][ T3965] el0t_64_sync_handler+0x78/0x108 [ 1546.562875][ T3965] el0t_64_sync+0x198/0x19c [ 1546.563981][ T3965] irq event stamp: 1258 [ 1546.564910][ T3965] hardirqs last enabled at (1257): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 1546.566378][ T3965] hardirqs last disabled at (1258): [] el1_dbg+0x24/0x80 [ 1546.567750][ T3965] softirqs last enabled at (1240): [] local_bh_enable+0x10/0x34 [ 1546.569163][ T3965] softirqs last disabled at (1238): [] local_bh_disable+0x10/0x34 [ 1546.570771][ T3965] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1565.856227][ T3339] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1566.454527][ T3339] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1566.818982][ T3339] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1567.276802][ T3339] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1575.524883][ T3339] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1575.639088][ T3339] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1575.705403][ T3339] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 10:46:38 Registers: info registers vcpu 0 CPU#0 PC=ffff800080452f24 X00=0000000000000001 X01=4af0000014be2860 X02=ffff8000804580e0 X03=0000000000000000 X04=ffff80008ee16f20 X05=0000000000000020 X06=0000000000000000 X07=ffff80008047db18 X08=ffff800087d979b0 X09=ffff8000889d88e0 X10=0000000000000007 X11=0000000000000002 X12=0000000000000007 X13=0000000000000008 X14=00000000000000c8 X15=0000000000008004 X16=ffff800080011d9c X17=0000000000000016 X18=0000000000000000 X19=4af0000014be1d80 X20=4af0000014be28b0 X21=4af0000014be2888 X22=d6ea58730d2c6cc7 X23=ffff800088988e38 X24=0000000000000003 X25=ffff8000876c0000 X26=4af0000014be2830 X27=4af0000014be2860 X28=0000000000000028 X29=ffff80008ee17030 X30=ffff800080452d38 SP=ffff80008ee16f60 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:ffffffff00000007 Z01=0000ffffdb634080:60e3c587b0d14a00 Z02=0000ffffdb634060:ffffff80ffffffd8 Z03=0000ffffdb634110:0000ffffdb634110 Z04=0000ffffdb634110:0000ffffa9936d08 Z05=0000ffffdb6340e0:0000ffffdb634110 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffdb634330:0000ffffdb634330 Z17=ffffff80ffffffd0:0000ffffdb634300 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000