last executing test programs: 1m11.719189476s ago: executing program 0 (id=889): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000200)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000140)=@attr_arm64={0x0, 0x7, 0x0, 0x0}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffc) r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xb2) ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000000080)={0x1, [0x70]}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfd000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000b80)={0x0, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x40}, &(0x7f0000000240)=[@featur1={0x1, 0x4}], 0x1) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) close(r2) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r10, 0x2000004, 0x4010, r4, 0x0) 58.170795131s ago: executing program 0 (id=892): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="76b92cfb97422a99b188adac74647aa1221e4d8e6da62d5f533e7f6120be5a845d77658c900fa608d72c085a1f4e5203df5e7728260b7ab522076295a9cbeeae01832398e92fc7bc", 0x0, 0x48) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) (async) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000000000000004000000000000000040000c400000000", @ANYBLOB="26d83423"], 0x40}, &(0x7f0000000240)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xe) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x1000, 0x2}}) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x3, 0x1000, 0x2}}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000001c0)=ANY=[], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) r13 = syz_kvm_vgic_v3_setup(r12, 0x9, 0x140) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x100) (async) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0xfff, &(0x7f0000000000)=0x7ff}) r14 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r14, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="32000000000000004000000000000000530000c4"], 0x40}], 0x1, 0x0, 0x0, 0x0) 43.254301378s ago: executing program 0 (id=895): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000001c0)={0x8, 0x66f5}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x10000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3480ae0458b668f37f9a8457a3bf000", 0x0, 0x18) ioctl$KVM_CREATE_VM(r4, 0x40086602, 0x20000000) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000100)="dca03703eabf33fc49610fa0744cee5881c4bc991b68c81b911509cfd2d61ff892b8a3aa5da30fec4729b0c10e8c439faed3753264641bfb3816dc00", 0x0, 0x48) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYRES32=r9], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x9, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r12, 0xae80, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r14, 0x1000001, 0x12, r7, 0x0) openat$kvm(0xffffff9c, &(0x7f00000002c0), 0x80400, 0x408) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r15 = openat$kvm(0x0, &(0x7f00000000c0), 0x200, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4) 38.807296829s ago: executing program 1 (id=896): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1, 0x6, 0xfffe2004, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r1 = syz_kvm_vgic_v3_setup(r0, 0x0, 0x200) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0xf, 0x4, &(0x7f0000000040)=0x7fffffff}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f00000000c0)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0xfffffffffffffff7}) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000180)=0x4}) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000600)={0x10000, 0x100, 0x280, &(0x7f0000000200)=[0x1000, 0x7, 0x8ee6, 0xd57, 0xc0000000000000, 0xd4, 0xffffffff, 0xffffffffffff7fff, 0x1, 0x237, 0x1, 0x4, 0x7ff, 0x401, 0x4, 0x8, 0x1, 0x2, 0x92, 0x7, 0x8001, 0x7ff, 0x8d31, 0x2b1c, 0xa, 0x2, 0x9, 0x3, 0x2, 0x40, 0x10, 0x8, 0x3000000000000000, 0x8, 0x8, 0x1, 0x81, 0xc0fa, 0x8001, 0x10, 0x22a, 0x6, 0x10000, 0x4, 0x80, 0xfffffffffffff334, 0x6, 0x1, 0x6, 0x5, 0x0, 0xe006, 0x1, 0x3, 0xffffffff7fffffff, 0x0, 0x2, 0x76d27e08, 0x1, 0xe, 0xfffffffffffffffe, 0x5800000000000000, 0x0, 0x10001, 0xc159, 0x80000000, 0x70000, 0x9, 0x7, 0xc, 0x160, 0xff, 0x401, 0x2000000000, 0x0, 0xa, 0x539e16db, 0xffff, 0x6, 0x8, 0xe0, 0x8000, 0x8, 0x2, 0x35ef, 0x194, 0x3, 0x4, 0x9, 0x7fff, 0x6, 0x10000, 0x8, 0x2, 0x0, 0x71f, 0x1, 0x1000, 0x9, 0x3000000, 0x7, 0x3, 0x3ecd897a, 0x6, 0x10001, 0x5, 0x7f, 0x7fffffffffffffff, 0xfffffffffffff801, 0x1, 0x8e, 0xe84, 0x2, 0x100, 0x200, 0x4, 0x4, 0x9, 0x7fffffffffffffff, 0x7f, 0x9, 0x2, 0x10000, 0x800, 0xae7f, 0x3a09, 0x5, 0x7]}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000640)={0x2, 0x3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x80, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r0, 0x4, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x2000006, 0x10, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000006c0)="3f5042ee15cc2f8349fff34ab012a8a4cdc378a57ab5c3a2abcde30c57616f21cc003470fe84e173ee89df9031e110ddd55dad17e6a75d03321a3d1071c359cded39b6c46f8bcfd3", 0x0, 0x48) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000a00)={0x0, &(0x7f0000000740)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x3, 0x3, 0x7fff, 0x0, 0x2}}, @hvc={0x32, 0x40, {0x84000011, [0x2019819f, 0x0, 0x7, 0xc, 0x3e5]}}, @msr={0x14, 0x20, {0x603000000013def8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x8, 0xa}}, @irq_setup={0x46, 0x18, {0x0, 0x1e2}}, @irq_setup={0x46, 0x18, {0x2, 0x161}}, @svc={0x122, 0x40, {0xc4000004, [0xdab, 0x4, 0xa, 0x9, 0x4f4260e3]}}, @msr={0x14, 0x20, {0x603000000013e660, 0xd0}}, @svc={0x122, 0x40, {0x8600ff01, [0x40, 0x93, 0x7, 0x2, 0x7fff]}}, @irq_setup={0x46, 0x18, {0x0, 0x10e}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0x5, 0xfffff000, 0x10001}}, @hvc={0x32, 0x40, {0x80007fff, [0xd8, 0x93, 0x7d2e, 0x9, 0x1]}}, @hvc={0x32, 0x40, {0x40000000, [0x4, 0x7, 0x2, 0x3]}}, @smc={0x1e, 0x40, {0xc4000004, [0x9, 0x2, 0x8, 0x6, 0xffffffffffffffff]}}], 0x288}, &(0x7f0000000a40)=[@featur2={0x1, 0x90}], 0x1) r7 = eventfd2(0x4, 0x80800) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000a80)={r7, 0x80, 0x0, r1}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000ac0)=0x3) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r10, 0x40a0ae49, &(0x7f0000000b00)={0x10003, 0x1, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0xa739}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0), 0x80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000c00)=@attr_pmu_init) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000c40)={0x0, 0x4, 0x3000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000cc0)=@attr_other={0x0, 0x2, 0x0, &(0x7f0000000c80)=0x400}) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001200)=[{0x0, &(0x7f0000000d00)=[@msr={0x14, 0x20, {0x603000000013c01c, 0x5}}, @svc={0x122, 0x40, {0x4, [0x3, 0x2, 0x9, 0x8, 0x10]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2b1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x0, 0x3, 0x6fec, 0x8, 0x2}}, @smc={0x1e, 0x40, {0x84000000, [0x5, 0x10, 0x6, 0x7, 0x7ff]}}, @mrs={0xbe, 0x18, {0x603000000013f089}}, @msr={0x14, 0x20, {0x603000000013c019, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0xf7}}, @smc={0x1e, 0x40, {0xc4000014, [0xf73a, 0x8000000000000001, 0x10001, 0x100000001, 0xe8]}}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @code={0xa, 0x84, {"40c082d200e0b0f2c10180d2620080d2e30180d2240180d2020000d480268ed20080b0f2410180d2020080d2a30180d2e40080d2020000d4000028d500080038000008d5a0e299d20080b0f2e10080d2e20080d2230080d2040080d2020000d4000028d5007008d5008008d5007008d5"}}, @msr={0x14, 0x20, {0x6030000000139828, 0x3}}, @eret={0xe6, 0x18, 0x1ff}, @eret={0xe6, 0x18, 0xea}, @mrs={0xbe, 0x18, {0x603000000013f528}}, @svc={0x122, 0x40, {0x84000002, [0x0, 0x3, 0x80, 0x49b, 0x5157]}}, @eret={0xe6, 0x18, 0x5b}, @eret={0xe6, 0x18, 0x10000}, @hvc={0x32, 0x40, {0x80007fff, [0x8, 0x41, 0x77, 0x30, 0xc000]}}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x96}}, @msr={0x14, 0x20, {0x603000000013804d, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013df62}}, @code={0xa, 0x54, {"0080800d007008d50060ff0d007008d5000028d560429fd200c0b0f2610080d2020080d2830080d2840180d2020000d4007008d5007008d50028210e000028d5"}}, @irq_setup={0x46, 0x18, {0x4, 0x2d8}}, @svc={0x122, 0x40, {0xc5000021, [0x96, 0x1, 0x3, 0x5, 0xa]}}, @uexit={0x0, 0x18, 0x6}, @mrs={0xbe, 0x18, {0x603000000013e288}}, @msr={0x14, 0x20, {0x603000000013df41, 0x1}}, @msr={0x14, 0x20, {0x603000000013da20, 0x10001}}, @eret={0xe6, 0x18, 0x3}], 0x4e0}], 0x1, 0x0, &(0x7f0000001240)=[@featur2], 0x1) 30.214648458s ago: executing program 1 (id=897): munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x84000051, [0x28e1e71d, 0x8, 0x47, 0x0, 0x22]}}, @memwrite={0x6e, 0x30, @generic={0x4000, 0x29b, 0x5, 0xe}}, @smc={0x1e, 0x40, {0xbb000000, [0x8001, 0x8, 0x2, 0x9, 0x4]}}, @smc={0x1e, 0x40, {0xc4000014, [0x7, 0xce, 0x9, 0x3, 0x8]}}], 0xf0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r4, 0x5000003, 0x80031, 0xffffffffffffffff, 0x0) 28.366379383s ago: executing program 0 (id=898): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x349403, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0000000000000040000000000000000a000084000000009a"], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) 23.106627924s ago: executing program 1 (id=899): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x501c00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1}) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x2082, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a0000000000000018000000000000007f2003d5"], 0x18}, 0x0, 0x0) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) close(0xffffffffffffffff) r11 = mmap$KVM_VCPU(&(0x7f0000ed8000/0x2000)=nil, 0x0, 0x2, 0x10010, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, 0x0, 0x0, 0x0) (async) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000100)={0x0, 0x7f}) (async) r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) syz_kvm_vgic_v3_setup(r12, 0x1, 0x40) (async) r13 = eventfd2(0x80005ff, 0x1) (async) r14 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000180)={r14, 0x27, 0x2, r14}) (async) r15 = eventfd2(0x0, 0x800) (async) r16 = eventfd2(0xffff, 0x80801) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f00000002c0)={r15, 0x40fff, 0x2, r16}) ioctl$KVM_IRQFD(r12, 0x4020ae76, &(0x7f0000000000)={r16, 0xc, 0x0, r13}) (async) r17 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r17, 0xc00caee0, &(0x7f00000001c0)={0x4}) 13.839052829s ago: executing program 1 (id=900): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee0000, 0x2, r5, 0x8}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r5, 0x1}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x1, r5}) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="140000000000080020000000000097cc3dd75bf3ff13e91a000013fdfeff2f60"], 0x20}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 13.64827533s ago: executing program 0 (id=901): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000dd3000/0x4000)=nil, 0x930, 0x280000b, 0x11, r1, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r1, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c807, &(0x7f00000000c0)}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x0, 0x4, &(0x7f0000000140)=0x8}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfe000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="76b92cfb97422a99b188adac74647aa1221e4d8e6da62d5f533e7f6120be5a845d77658c900fa608d72c085a1f4e5203df5e7728260b7ab522076295a9cbeeae01832398e92fc7bc", 0x0, 0x48) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[], 0x518}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) 5.798662638s ago: executing program 1 (id=902): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000280)={[0x734, 0x200, 0x0, 0x7, 0x5, 0x8, 0xffff, 0x7, 0x5, 0x7f, 0xd, 0x6, 0xfffffffffffffffb, 0x800, 0xf0fa5ad], 0x5000, 0x200}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="82000000000000002800000000000000010000000000000001000000000000000100000000000000aa00000000000000280000000000000008"], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x140) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.856157594s ago: executing program 1 (id=903): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e85000/0x2000)=nil, 0x2000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000240)={0x5, 0x11}) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000180)=0x4) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000080)={0x8, 0x2}) openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x11, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000280)=ANY=[@ANYRES16, @ANYBLOB]) (async) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000280)=ANY=[@ANYRES16, @ANYBLOB]) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f40000/0x5000)=nil, 0x5000) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40c02, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xc3) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, 0xffffffffffffffff) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x5, 0x0, '\x00', 0x1}) (async) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x5, 0x0, '\x00', 0x1}) 0s ago: executing program 0 (id=904): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2801, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xb1) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000000)={0x6000, 0x2, 0x0, 0x0, 0x3}) r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="140089f963c80000200000000000000022c513000000306007000000000000003e4a76026fcba8c0c49d2378cee27b95e2213b2b031c59933631df6ab2139501c46c0241f209d6f5a7f9b36a42a53c471442c15dfe6ff9b7822e4609733e2b4c8d6119fa13f04c4eb1e437037103b900ca93afa7ad659cf85d9cd7df01d3f914484e7c95ebaefc18a0f39fa6a04244f3b09053e8ecc197a663a7af8f1ab7a220e84756374b405c1e78414b103f060e54383cdc44357e13ce15feff9bed134bc8aee4cfdc97bfc6e0cfb24ab2b90b7b4342e49f050be1d675bf128067d56e44f6c72e39249b466d815ac95b1ab05a697e627fa5287a819c92caa1c608d0e82ab1669337c7f50a8312db55c303076f9ef7f4c6f855adcc1a94d5aca7e8fdd65b5f37526e2db93551c6d76e904abe381cfe076bb1c531cdbbc8d7dab02fb5c3bfb1c558eadd255248c5e665f444200119e0eeeae4edecc8487f17e180f5f492d8c686333ff538334df0c5afe467d895f0389ced9bd45f5ba3b79ddbe6275e4d0c048f6fdbb3a6ea478bff1c066a4f5243a6954b4473ae11bd0189cdac77fff8a8df4afb21e90469519ad60717798369d38439cadfb819a6f062a2908adfbb4b927b742e3acf5f457a7406ecd2f0515fc44ab7"], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 386.568651][ T3131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 422.758819][ T3131] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:31640' (ED25519) to the list of known hosts. [ 606.882193][ T25] audit: type=1400 audit(605.990:61): avc: denied { name_bind } for pid=3289 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 608.802078][ T25] audit: type=1400 audit(607.910:62): avc: denied { execute } for pid=3290 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 608.863336][ T25] audit: type=1400 audit(607.980:63): avc: denied { execute_no_trans } for pid=3290 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 627.779054][ T25] audit: type=1400 audit(626.900:64): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 627.816499][ T25] audit: type=1400 audit(626.930:65): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 627.899360][ T3290] cgroup: Unknown subsys name 'net' [ 627.947195][ T25] audit: type=1400 audit(627.070:66): avc: denied { unmount } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 628.346022][ T3290] cgroup: Unknown subsys name 'cpuset' [ 628.449457][ T3290] cgroup: Unknown subsys name 'rlimit' [ 629.357784][ T25] audit: type=1400 audit(628.480:67): avc: denied { setattr } for pid=3290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 629.377559][ T25] audit: type=1400 audit(628.500:68): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 629.406941][ T25] audit: type=1400 audit(628.520:69): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 630.593579][ T3293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 630.614005][ T25] audit: type=1400 audit(629.730:70): avc: denied { relabelto } for pid=3293 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 630.639347][ T25] audit: type=1400 audit(629.750:71): avc: denied { write } for pid=3293 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 630.816749][ T25] audit: type=1400 audit(629.940:72): avc: denied { read } for pid=3290 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 630.853065][ T25] audit: type=1400 audit(629.950:73): avc: denied { open } for pid=3290 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 630.884981][ T3290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 679.965427][ T25] audit: type=1400 audit(679.060:74): avc: denied { execmem } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 683.540077][ T25] audit: type=1400 audit(682.660:75): avc: denied { read } for pid=3296 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 683.574167][ T25] audit: type=1400 audit(682.680:76): avc: denied { open } for pid=3296 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 683.655529][ T25] audit: type=1400 audit(682.780:77): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 683.894836][ T25] audit: type=1400 audit(683.020:78): avc: denied { module_request } for pid=3297 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 683.920617][ T25] audit: type=1400 audit(683.040:79): avc: denied { module_request } for pid=3296 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 685.106972][ T25] audit: type=1400 audit(684.220:80): avc: denied { sys_module } for pid=3297 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 713.816310][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 713.934928][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.363690][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 715.525521][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.604544][ T3296] hsr_slave_0: entered promiscuous mode [ 727.634396][ T3296] hsr_slave_1: entered promiscuous mode [ 728.664995][ T3297] hsr_slave_0: entered promiscuous mode [ 728.733183][ T3297] hsr_slave_1: entered promiscuous mode [ 728.753991][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 728.773855][ T3297] Cannot create hsr debugfs directory [ 734.064320][ T25] audit: type=1400 audit(733.180:81): avc: denied { create } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.094941][ T25] audit: type=1400 audit(733.200:82): avc: denied { write } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.158876][ T25] audit: type=1400 audit(733.280:83): avc: denied { read } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 734.304450][ T3296] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 734.735868][ T3296] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 735.035804][ T3296] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 735.324641][ T3296] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 736.823935][ T3297] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 737.000211][ T3297] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 737.185868][ T3297] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 737.366244][ T3297] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 749.965503][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 752.437430][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 809.007531][ T3296] veth0_vlan: entered promiscuous mode [ 809.524421][ T3296] veth1_vlan: entered promiscuous mode [ 811.415428][ T3296] veth0_macvtap: entered promiscuous mode [ 811.764572][ T3296] veth1_macvtap: entered promiscuous mode [ 812.333261][ T3297] veth0_vlan: entered promiscuous mode [ 813.189929][ T3297] veth1_vlan: entered promiscuous mode [ 813.794859][ T3296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.799607][ T3296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.836672][ T3296] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.846604][ T3296] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.378191][ T3297] veth0_macvtap: entered promiscuous mode [ 816.690116][ T25] audit: type=1400 audit(815.810:84): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 816.816628][ T3297] veth1_macvtap: entered promiscuous mode [ 817.124296][ T25] audit: type=1400 audit(816.140:85): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.PtC7Mu/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 817.360223][ T25] audit: type=1400 audit(816.460:86): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 817.948058][ T25] audit: type=1400 audit(817.070:87): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.PtC7Mu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 818.159333][ T25] audit: type=1400 audit(817.280:88): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.PtC7Mu/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 819.008491][ T25] audit: type=1400 audit(818.130:89): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 819.337532][ T25] audit: type=1400 audit(818.450:90): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 819.474374][ T25] audit: type=1400 audit(818.580:91): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="gadgetfs" ino=3272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 819.926910][ T3297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.953942][ T3297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.986885][ T25] audit: type=1400 audit(819.090:92): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 820.025593][ T3297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.030182][ T3297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.120190][ T25] audit: type=1400 audit(819.240:93): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 822.515257][ T3296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 824.272523][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 824.284977][ T25] audit: type=1400 audit(823.380:95): avc: denied { read write } for pid=3296 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 824.328215][ T25] audit: type=1400 audit(823.400:96): avc: denied { open } for pid=3296 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 824.432920][ T25] audit: type=1400 audit(823.460:97): avc: denied { ioctl } for pid=3296 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 828.528252][ T25] audit: type=1400 audit(827.620:98): avc: denied { write } for pid=3450 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 828.530149][ T25] audit: type=1400 audit(827.650:99): avc: denied { open } for pid=3450 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 829.103359][ T25] audit: type=1400 audit(828.220:100): avc: denied { ioctl } for pid=3450 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 830.346857][ T25] audit: type=1400 audit(829.470:101): avc: denied { read } for pid=3452 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 832.627791][ T25] audit: type=1400 audit(831.660:102): avc: denied { execute } for pid=3450 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3412 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 885.962241][ T25] audit: type=1400 audit(885.080:103): avc: denied { append } for pid=3492 comm="syz.1.13" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 909.015286][ T25] audit: type=1400 audit(908.050:104): avc: denied { ioctl } for pid=3502 comm="syz.1.17" path="net:[4026532628]" dev="nsfs" ino=4026532628 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 912.088025][ T3504] debugfs: File 'vgic-its-state@8080000' in directory '3503-4' already present! [ 991.760410][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 991.760410][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.795168][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.795168][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.846136][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.846136][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.886521][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.886521][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.929887][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.929887][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.947565][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.947565][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 991.977328][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 991.977328][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 992.024188][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 992.024188][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 992.115613][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 992.115613][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 992.158245][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 992.158245][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 996.762870][ T3570] print_sys_reg_msg: 505 callbacks suppressed [ 996.818171][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 996.818171][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 996.858554][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 996.858554][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 996.904349][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 996.904349][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 996.955084][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 996.955084][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.056976][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.056976][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.083957][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.083957][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.149248][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.149248][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.190565][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.190565][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.377434][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.377434][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 997.419706][ T3570] kvm [3568]: Unsupported guest CP15 access at: 00000100 [000001db] [ 997.419706][ T3570] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1123.529917][ T25] audit: type=1400 audit(1122.650:105): avc: denied { setattr } for pid=3664 comm="syz.0.59" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1132.739019][ T3668] KVM: debugfs: duplicate directory 3668-10 [ 1187.768523][ T3707] kvm [3707]: Failed to find VMA for hva 0x208a1000 [ 1193.490663][ T3712] kvm [3712]: Failed to find VMA for hva 0x21016000 [ 1412.940428][ T3860] kvm [3860]: Failed to find VMA for hva 0x20c01000 [ 1432.485277][ T3874] kvm [3874]: Failed to find VMA for hva 0x20c01000 [ 1500.598342][ T3914] kvm [3914]: Failed to find VMA for hva 0x21016000 [ 1572.782144][ T25] audit: type=1400 audit(1571.840:106): avc: denied { map } for pid=3960 comm="syz.0.147" path="pipe:[2428]" dev="pipefs" ino=2428 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1669.834412][ T4023] kvm [4023]: Failed to find VMA for hva 0x20d8d000 [ 1748.427077][ T25] audit: type=1400 audit(1747.370:107): avc: denied { map } for pid=4069 comm="syz.1.178" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1748.483995][ T25] audit: type=1400 audit(1747.590:108): avc: denied { execute } for pid=4069 comm="syz.1.178" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1764.564465][ T4080] irq bypass consumer (token 00000000e4df579c) registration fails: -16 [ 1765.010374][ T4080] kvm [4080]: Failed to find VMA for hva 0x21016000 [ 1895.063737][ T4167] kvm [4167]: Failed to find VMA for hva 0x20c01000 [ 1957.329364][ T4212] kvm [4212]: Failed to find VMA for hva 0x20d8b000 [ 1957.398249][ T4211] kvm [4211]: Failed to find VMA for hva 0x20d8d000 [ 2002.158479][ T4241] kvm [4241]: Failed to find VMA for hva 0x20c01000 [ 2200.075960][ T4370] kvm [4370]: Failed to find VMA for hva 0x20d8d000 [ 2356.826836][ T4467] kvm [4467]: Failed to find VMA for hva 0x20d8d000 [ 2369.348016][ T4473] kvm [4473]: Failed to find VMA for hva 0x20d8d000 [ 2376.799315][ T4477] kvm [4477]: Failed to find VMA for hva 0x2036f000 [ 2418.356366][ T4502] kvm [4502]: Failed to find VMA for hva 0x20c01000 [ 2528.684557][ T4568] kvm [4568]: Failed to find VMA for hva 0x208a1000 [ 2542.449433][ T4575] kvm [4575]: Failed to find VMA for hva 0x20d8d000 [ 2732.506819][ T4714] kvm [4714]: Failed to find VMA for hva 0x20d8d000 [ 2821.666315][ T4774] kvm [4774]: Failed to find VMA for hva 0x20d8d000 [ 3131.124123][ T4981] kvm [4981]: Failed to find VMA for hva 0x20d8d000 [ 3276.379587][ T5091] kvm [5091]: Failed to find VMA for hva 0x21016000 [ 3296.669525][ T5107] irq bypass consumer (token 000000004200a5b0) registration fails: -16 [ 3389.997214][ T5174] kvm [5173]: Unsupported guest access at: eeef0000 [ 3389.997214][ T5174] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 3415.150138][ T5190] debugfs: File 'vgic-its-state@8080000' in directory '5190-9' already present! [ 3552.896238][ T5251] kvm [5251]: Failed to find VMA for hva 0x20d8d000 [ 3597.814507][ T5284] FAULT_INJECTION: forcing a failure. [ 3597.814507][ T5284] name failslab, interval 1, probability 0, space 0, times 1 [ 3597.867859][ T5284] CPU: 0 UID: 0 PID: 5284 Comm: syz.1.532 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3597.868536][ T5284] Hardware name: linux,dummy-virt (DT) [ 3597.869000][ T5284] Call trace: [ 3597.869439][ T5284] show_stack+0x2c/0x3c (C) [ 3597.871368][ T5284] __dump_stack+0x30/0x40 [ 3597.871654][ T5284] dump_stack_lvl+0xd8/0x12c [ 3597.871876][ T5284] dump_stack+0x1c/0x28 [ 3597.872100][ T5284] should_fail_ex+0x570/0x6e0 [ 3597.872365][ T5284] should_failslab+0xb8/0xec [ 3597.872592][ T5284] __kmalloc_noprof+0xdc/0x4b8 [ 3597.872892][ T5284] tomoyo_realpath_from_path+0xdc/0x628 [ 3597.873207][ T5284] tomoyo_path_number_perm+0x13c/0x33c [ 3597.873476][ T5284] tomoyo_file_ioctl+0x2c/0x3c [ 3597.873764][ T5284] security_file_ioctl+0xe8/0x2f0 [ 3597.874106][ T5284] __arm64_sys_ioctl+0xd0/0x244 [ 3597.874359][ T5284] invoke_syscall+0x90/0x2b4 [ 3597.874646][ T5284] el0_svc_common+0x180/0x2f4 [ 3597.874936][ T5284] do_el0_svc+0x58/0x74 [ 3597.875236][ T5284] el0_svc+0x58/0x160 [ 3597.875484][ T5284] el0t_64_sync_handler+0x78/0x108 [ 3597.875732][ T5284] el0t_64_sync+0x198/0x19c [ 3598.064008][ T5284] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3619.909295][ T5303] FAULT_INJECTION: forcing a failure. [ 3619.909295][ T5303] name failslab, interval 1, probability 0, space 0, times 0 [ 3619.946053][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: syz.1.538 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3619.946416][ T5303] Hardware name: linux,dummy-virt (DT) [ 3619.946532][ T5303] Call trace: [ 3619.946619][ T5303] show_stack+0x2c/0x3c (C) [ 3619.946975][ T5303] __dump_stack+0x30/0x40 [ 3619.947216][ T5303] dump_stack_lvl+0xd8/0x12c [ 3619.947421][ T5303] dump_stack+0x1c/0x28 [ 3619.947618][ T5303] should_fail_ex+0x570/0x6e0 [ 3619.947881][ T5303] should_failslab+0xb8/0xec [ 3619.948133][ T5303] __kmalloc_noprof+0xdc/0x4b8 [ 3619.948438][ T5303] tomoyo_encode+0x27c/0x4ec [ 3619.948715][ T5303] tomoyo_realpath_from_path+0x5bc/0x628 [ 3619.948997][ T5303] tomoyo_path_number_perm+0x13c/0x33c [ 3619.949285][ T5303] tomoyo_file_ioctl+0x2c/0x3c [ 3619.949573][ T5303] security_file_ioctl+0xe8/0x2f0 [ 3619.949868][ T5303] __arm64_sys_ioctl+0xd0/0x244 [ 3619.950161][ T5303] invoke_syscall+0x90/0x2b4 [ 3619.950455][ T5303] el0_svc_common+0x180/0x2f4 [ 3619.950741][ T5303] do_el0_svc+0x58/0x74 [ 3619.951098][ T5303] el0_svc+0x58/0x160 [ 3619.951349][ T5303] el0t_64_sync_handler+0x78/0x108 [ 3619.951607][ T5303] el0t_64_sync+0x198/0x19c [ 3620.080120][ T5303] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3630.220458][ T5308] kvm [5308]: Failed to find VMA for hva 0x20d8d000 [ 3630.759117][ T5308] kvm [5308]: Failed to find VMA for hva 0x20c01000 [ 3649.838531][ T5319] FAULT_INJECTION: forcing a failure. [ 3649.838531][ T5319] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 3649.894523][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.1.543 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3649.894937][ T5319] Hardware name: linux,dummy-virt (DT) [ 3649.895060][ T5319] Call trace: [ 3649.895149][ T5319] show_stack+0x2c/0x3c (C) [ 3649.895529][ T5319] __dump_stack+0x30/0x40 [ 3649.895735][ T5319] dump_stack_lvl+0xd8/0x12c [ 3649.895932][ T5319] dump_stack+0x1c/0x28 [ 3649.896143][ T5319] should_fail_ex+0x570/0x6e0 [ 3649.896399][ T5319] should_fail+0x14/0x24 [ 3649.896626][ T5319] should_fail_usercopy+0x20/0x30 [ 3649.896869][ T5319] _inline_copy_from_user+0x3c/0x18c [ 3649.897143][ T5319] kvm_vm_ioctl+0x4cc/0x944 [ 3649.897405][ T5319] __arm64_sys_ioctl+0x18c/0x244 [ 3649.897646][ T5319] invoke_syscall+0x90/0x2b4 [ 3649.897958][ T5319] el0_svc_common+0x180/0x2f4 [ 3649.898276][ T5319] do_el0_svc+0x58/0x74 [ 3649.898557][ T5319] el0_svc+0x58/0x160 [ 3649.898799][ T5319] el0t_64_sync_handler+0x78/0x108 [ 3649.899052][ T5319] el0t_64_sync+0x198/0x19c [ 3683.050599][ T5340] FAULT_INJECTION: forcing a failure. [ 3683.050599][ T5340] name failslab, interval 1, probability 0, space 0, times 0 [ 3683.088564][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.549 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 3683.088903][ T5340] Hardware name: linux,dummy-virt (DT) [ 3683.089019][ T5340] Call trace: [ 3683.089129][ T5340] show_stack+0x2c/0x3c (C) [ 3683.089512][ T5340] __dump_stack+0x30/0x40 [ 3683.089720][ T5340] dump_stack_lvl+0xd8/0x12c [ 3683.089944][ T5340] dump_stack+0x1c/0x28 [ 3683.090175][ T5340] should_fail_ex+0x570/0x6e0 [ 3683.090427][ T5340] should_failslab+0xb8/0xec [ 3683.090646][ T5340] __kmalloc_cache_noprof+0x80/0x404 [ 3683.090942][ T5340] kvm_set_memslot+0x80/0x1110 [ 3683.091220][ T5340] kvm_set_memory_region+0x670/0xaec [ 3683.091435][ T5340] kvm_vm_ioctl_set_memory_region+0x8c/0xbc [ 3683.091693][ T5340] kvm_vm_ioctl+0x71c/0x944 [ 3683.091937][ T5340] __arm64_sys_ioctl+0x18c/0x244 [ 3683.092207][ T5340] invoke_syscall+0x90/0x2b4 [ 3683.092505][ T5340] el0_svc_common+0x180/0x2f4 [ 3683.092794][ T5340] do_el0_svc+0x58/0x74 [ 3683.093087][ T5340] el0_svc+0x58/0x160 [ 3683.093348][ T5340] el0t_64_sync_handler+0x78/0x108 [ 3683.093592][ T5340] el0t_64_sync+0x198/0x19c [ 3981.516668][ T5476] kvm [5476]: Failed to find VMA for hva 0x208a1000 [ 4047.813737][ T5504] kvm [5504]: Failed to find VMA for hva 0x20d8d000 [ 4047.819148][ T5505] kvm [5505]: Failed to find VMA for hva 0x20d8d000 [ 5492.605185][ T6188] ------------[ cut here ]------------ [ 5492.606087][ T6188] WARNING: CPU: 0 PID: 6188 at arch/arm64/kvm/inject_fault.c:71 pend_serror_exception+0x19c/0x5ac [ 5492.608812][ T6188] Modules linked in: [ 5492.611007][ T6188] CPU: 0 UID: 0 PID: 6188 Comm: syz.1.903 Not tainted 6.16.0-rc3-syzkaller-g15724a984643 #0 PREEMPT [ 5492.612536][ T6188] Hardware name: linux,dummy-virt (DT) [ 5492.613770][ T6188] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 5492.615218][ T6188] pc : pend_serror_exception+0x19c/0x5ac [ 5492.616337][ T6188] lr : pend_serror_exception+0x19c/0x5ac [ 5492.617473][ T6188] sp : ffff80008edd7930 [ 5492.618433][ T6188] x29: ffff80008edd7930 x28: d6f0000018080028 x27: 0000000000000001 [ 5492.620372][ T6188] x26: 0000000000000000 x25: 0000000000000001 x24: 00000000000000d6 [ 5492.622167][ T6188] x23: d6f00000180802a8 x22: 00000000000000d6 x21: d6f0000018080e81 [ 5492.623834][ T6188] x20: 0000000000000007 x19: efff800000000000 x18: 00000000000000ff [ 5492.625652][ T6188] x17: 00000000000000d1 x16: ffff800080011d9c x15: 0000000020000000 [ 5492.627378][ T6188] x14: ffffffffffffffff x13: 0000000000000028 x12: 00000000000000a3 [ 5492.629097][ T6188] x11: a3f000001d839564 x10: 0000000000ff0100 x9 : 0000000000000000 [ 5492.630971][ T6188] x8 : a3f000001d838000 x7 : ffff800080b08704 x6 : ffff80008edd7a88 [ 5492.632690][ T6188] x5 : ffff80008edd7a88 x4 : 0000000000000001 x3 : ffff8000801a2e80 [ 5492.634438][ T6188] x2 : 0000000000000000 x1 : 0000000000000002 x0 : 0000000000000000 [ 5492.636177][ T6188] Call trace: [ 5492.637064][ T6188] pend_serror_exception+0x19c/0x5ac (P) [ 5492.638287][ T6188] kvm_inject_serror_esr+0x274/0xe40 [ 5492.639310][ T6188] __kvm_arm_vcpu_set_events+0x1d4/0x238 [ 5492.640435][ T6188] kvm_arch_vcpu_ioctl+0xed8/0x16b0 [ 5492.641526][ T6188] kvm_vcpu_ioctl+0x5c4/0xc2c [ 5492.642535][ T6188] __arm64_sys_ioctl+0x18c/0x244 [ 5492.643603][ T6188] invoke_syscall+0x90/0x2b4 [ 5492.644715][ T6188] el0_svc_common+0x180/0x2f4 [ 5492.645701][ T6188] do_el0_svc+0x58/0x74 [ 5492.646785][ T6188] el0_svc+0x58/0x160 [ 5492.647793][ T6188] el0t_64_sync_handler+0x78/0x108 [ 5492.648826][ T6188] el0t_64_sync+0x198/0x19c [ 5492.650007][ T6188] irq event stamp: 3376 [ 5492.650884][ T6188] hardirqs last enabled at (3375): [] _raw_read_unlock_irqrestore+0x44/0xbc [ 5492.652475][ T6188] hardirqs last disabled at (3376): [] el1_dbg+0x24/0x80 [ 5492.653867][ T6188] softirqs last enabled at (3362): [] handle_softirqs+0xb8c/0xd08 [ 5492.655433][ T6188] softirqs last disabled at (3347): [] __do_softirq+0x14/0x20 [ 5492.657039][ T6188] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5507.247126][ T6058] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5507.775562][ T6058] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5508.279750][ T6058] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5508.660193][ T6058] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5520.615569][ T6058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5520.814184][ T6058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5520.924263][ T6058] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 17:16:11 Registers: info registers vcpu 0 CPU#0 PC=ffff8000804516b8 X00=0000000000000000 X01=ffff8000872b1fa2 X02=0000000000000008 X03=0000000000000002 X04=0000000000000000 X05=0000000000000001 X06=0000000000000000 X07=ffff800080488668 X08=00000000000003c0 X09=0000000000000000 X10=00000000000000a3 X11=ffff800087f39a30 X12=fff000001d838008 X13=0000000000000003 X14=0000000000000000 X15=ffff800087f39a30 X16=ffff800080011d9c X17=00000000000000d1 X18=00000000000000ff X19=0000000000000000 X20=0000000000000000 X21=ffff800080488668 X22=ffff800087706128 X23=0000000000000002 X24=0000000000000000 X25=0000000000000001 X26=ffff800087666580 X27=00000000000003c0 X28=0000000000000000 X29=ffff80008edd7180 X30=ffff800080451698 SP=ffff80008edd7130 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffcb01ea00:4cb82248a0410300 Z02=0000ffffcb01e9e0:ffffff80ffffffd8 Z03=0000ffffcb01ea90:0000ffffcb01ea90 Z04=0000ffffcb01ea90:0000ffff87936d08 Z05=0000ffffcb01ea60:0000ffffcb01ea90 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffcb01ecb0:0000ffffcb01ecb0 Z17=ffffff80ffffffd0:0000ffffcb01ec80 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000