last executing test programs: 26.583753743s ago: executing program 0 (id=1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x5b3983, 0x0) eventfd2(0xba88, 0x80401) ioctl$KVM_CREATE_VM(r0, 0xc0045878, 0x32) munmap(&(0x7f000049b000/0x400000)=nil, 0x400000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 24.075941603s ago: executing program 1 (id=2): ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x2}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) (async, rerun: 32) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) (rerun: 32) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async, rerun: 32) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 32) openat$kvm(0x0, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_CREATE_VM(r2, 0x40049409, 0x0) (async, rerun: 64) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000040)=[{0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x84000051, [0x1, 0x5, 0x3, 0x100000001, 0x9]}}], 0x40}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x30}], 0x1) (async, rerun: 32) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 32) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xd7) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) 12.077436839s ago: executing program 0 (id=3): ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async) r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_vgic_v3_setup(r0, 0x4, 0x20) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x5000}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc) (async) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x10200, 0x4, 0x4, 0x1000, &(0x7f0000f48000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x10200, 0x4, 0x4, 0x1000, &(0x7f0000f48000/0x1000)=nil}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000000c0)={0x3333d000, 0x8000000, 0x0, 0x1, 0x80000000}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000100)={0x1, 0x11000, 0x1}) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000140)={0x4, 0xaaabc006, 0x8, 0x0, 0x6}) (async) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000140)={0x4, 0xaaabc006, 0x8, 0x0, 0x6}) ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7) r4 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece) mmap$KVM_VCPU(&(0x7f0000d5f000/0x1000)=nil, r1, 0x0, 0x100010, r4, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000180)}) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000200)={0x100000, 0x100000, 0x7, 0x0, 0x400}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000240)={0x3, 0x10}) (async) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000240)={0x3, 0x10}) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x5) ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f0000000280)) (async) ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f0000000280)) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000300)={0xffff, 0x80000001}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0x80000001) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000340)={0x100000001, 0x1}) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000380)) (async) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000380)) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000400)={0xe4, 0x0, 0x3}) 10.187462025s ago: executing program 1 (id=4): mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r0 = syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000840)=[@featur1={0x1, 0xc7}], 0x1) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, r0, 0x0) (async) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000000)={0x5, [0x8, 0xfffffffffffffe00, 0xd683, 0xfffffffffffffffd, 0x401]}) munmap(&(0x7f00005a1000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 6.867831941s ago: executing program 0 (id=5): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3a) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x10200, 0x0, 0x4000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1a) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3e) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfd000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37) r5 = ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece) ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f0000000080)={{0xeeee0000, 0x4000, 0x10, 0x8, 0x7, 0x0, 0x2, 0x68, 0xc, 0x9, 0x80}, {0x0, 0x1, 0x3, 0x40, 0x10, 0x40, 0x3, 0x3, 0x4, 0xfa, 0x2, 0xb4}, {0x4, 0x4, 0x4, 0x80, 0x1, 0xc, 0x2, 0x65, 0x1, 0x29, 0x6}, {0x2000, 0x8080000, 0x9, 0x2, 0x3, 0x1, 0xd, 0x1, 0xa2, 0x6, 0x2, 0xf7}, {0x100000, 0x1000, 0x8, 0x7, 0x81, 0x7, 0x9, 0x2, 0x6, 0xfb, 0x5, 0x4}, {0x2, 0x1, 0x5, 0x4, 0x9, 0x2, 0x8, 0xee, 0x6, 0xc, 0x8, 0x9}, {0x71da8b3e35173873, 0x4000, 0xd, 0x5, 0x69, 0x6, 0x9, 0x1, 0x80, 0x9, 0x8, 0x7}, {0x2, 0x0, 0xa, 0x9, 0x5, 0x1, 0x1, 0x6, 0x0, 0x4, 0x81, 0x7}, {0x4, 0x2}, {0x8000000, 0x5}, 0x20040000, 0x0, 0xdddd0000, 0x100, 0x8, 0x4000, 0x5000, [0x7, 0x5, 0x8a2, 0xe24d]}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000200)={0x3, 0x5}) close(r1) r7 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r7, 0x4068aea3, &(0x7f0000000240)) ioctl$KVM_CAP_ARM_USER_IRQ(r2, 0x4068aea3, &(0x7f00000002c0)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000380)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000340)={0x4, 0x6}}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000003c0)={0x8000, 0xf000, 0x0, r7, 0x8}) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000400)={0x20002, 0x0, &(0x7f0000e04000/0x4000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000480)={0x4, 0x5}) ioctl$KVM_CAP_ARM_USER_IRQ(r5, 0x4068aea3, &(0x7f00000004c0)) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0xc) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) write$eventfd(r7, &(0x7f0000000540)=0x19bb, 0x8) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x3d) close(r5) syz_kvm_setup_cpu$arm64(r4, 0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000ac0)=[{0x0, &(0x7f0000000580)=[@msr={0x14, 0x20, {0x729c, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x2, 0x7, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013c807}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe4, 0x1, 0xc}}, @eret={0xe6, 0x18, 0x8001}, @uexit={0x0, 0x18, 0x401}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x10, 0x5, 0x8}}, @hvc={0x32, 0x40, {0x80000002, [0x4, 0xfffffffffffffffe, 0x8000000000000000, 0x6, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013df65}}, @msr={0x14, 0x20, {0x301800000009e5f7, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x7, 0xfffffff7, 0x0, 0x2}}, @uexit={0x0, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013dea0, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x3, 0x8, 0x0, 0x5, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x2, 0x7, 0x6, 0x5, 0x4}}, @hvc={0x32, 0x40, {0x80, [0x100, 0x1, 0x2, 0x85bd, 0xc5]}}, @svc={0x122, 0x40, {0x10, [0x3608, 0x8, 0x0, 0x24e, 0x10000]}}, @msr={0x14, 0x20, {0x603000000013c4c8, 0x1}}, @svc={0x122, 0x40, {0x2000012, [0x3, 0xd449, 0x3, 0x0, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0x7, 0x1, 0x40b}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x400}}, @hvc={0x32, 0x40, {0x84000005, [0x5, 0x1, 0x7b, 0x5, 0xfffffffffffffc00]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x3ff, 0x3}}, @smc={0x1e, 0x40, {0x80007fff, [0x7, 0x10001, 0xff, 0xf25, 0xf48]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x9, 0x4000000, 0x3, 0x4}}, @hvc={0x32, 0x40, {0x84000001, [0x9937, 0x7, 0x4, 0xfc, 0x358]}}, @hvc={0x32, 0x40, {0x30000000, [0xc3ad, 0x8, 0xfffffffffffffff8, 0x3, 0x1b]}}, @mrs={0xbe, 0x18, {0x603000000013de90}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x0, 0x7fff, 0x8}}, @msr={0x14, 0x20, {0x603000000013c00b, 0x5c6}}], 0x508}], 0x1, 0x0, &(0x7f0000000b00)=[@featur1={0x1, 0x6}], 0x1) syz_kvm_setup_cpu$arm64(r7, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001040)=[{0x0, &(0x7f0000000b40)=[@mrs={0xbe, 0x18, {0x603000000013da11}}, @svc={0x122, 0x40, {0x2000, [0x7646, 0x7f, 0x100000000000000, 0xfffffffffffffffb, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0xe0000000000000, 0x4}}, @uexit={0x0, 0x18, 0x100}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @eret={0xe6, 0x18, 0xa}, @irq_setup={0x46, 0x18, {0x2, 0x3a3}}, @irq_setup={0x46, 0x18, {0x1, 0xde}}, @hvc={0x32, 0x40, {0xc4000012, [0x3, 0xfffffffffffffff9, 0x7, 0x2, 0x3]}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013df51}}, @irq_setup={0x46, 0x18, {0x1, 0x92}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1b7}}, @hvc={0x32, 0x40, {0x84000010, [0x7e, 0x369e, 0x3, 0x7fffffff, 0xc3]}}, @smc={0x1e, 0x40, {0xc4000007, [0x5c5, 0x9, 0x7, 0x1, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x5, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x63}}, @svc={0x122, 0x40, {0x84000003, [0x24cc, 0x22, 0x95e, 0x6, 0x70]}}, @code={0xa, 0x84, {"007008d50020000f0024202e80b480d20080b0f2210180d2020180d2830180d2240180d2020000d40014c05ac0a693d20080b8f2610080d2a20180d2e30180d2440180d2020000d4404d9dd200e0b8f2810180d2220180d2030180d2640180d2020000d40024c01a007008d50068203c"}}, @memwrite={0x6e, 0x30, @generic={0x808e000, 0x55d, 0x6, 0x8}}, @code={0xa, 0x6c, {"000028d5000028d5007008d5a0c385d200c0b0f2010080d2a20080d2630080d2240180d2020000d40000ae9e007008d5000008d5005381d20060b8f2010180d2620080d2830080d2a40180d2020000d40000204b0048216e"}}, @msr={0x14, 0x20, {0x603000000013e601, 0x7}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x0, 0xb, 0x1, 0x80000000, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x349}}, @svc={0x122, 0x40, {0x84000007, [0x7, 0x3ff, 0x2, 0x8, 0x5]}}, @irq_setup={0x46, 0x18, {0x1, 0x10c}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1400, 0x6, 0xb}}], 0x4d0}], 0x1, 0x0, &(0x7f0000001080)=[@featur2={0x1, 0x40}], 0x1) 2.537683537s ago: executing program 1 (id=6): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0x40086602, 0x110e22ffff) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x0, 0x1012, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x4400, 0x0) r4 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r4, &(0x7f00000000c0)=0x9, 0x8) write$eventfd(r4, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43) ioctl$KVM_CREATE_VM(r3, 0x40086602, 0x20000000) close(0x3) ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e227ffe) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x1) 0s ago: executing program 0 (id=7): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000a3f000/0x4000)=nil, r2, 0x4, 0x80010, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x1000003, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x1}], 0x1) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f00006b0000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x24}], 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="be00000000000000180000000000000034af2c3b3269e4a354656a5cea788ee0130000003060aa0000000000000028000000000000000d010100000010000000060000000e00000003000000000032000000000000004000000000000000050000c4000000004000000000000000ff01000000000000ef05000000000000040000000000000001000000000000004600000000000000180000000000000003000000c10000000a00000000000000b400000000000000c01e82d200e0b8f2210180d2620180d2a30180d2a40080d2020000d4a0038ed20020b8f2210080d2420180d2830180d2e40080d2020000d4008289d200a0b8f2210080d2020180d2630080d280d2020000d4c0a99cd20080b0f2610080d2020180d2230180d2640180d2020000d4000008d5000028d5007008d5000040b3608d84d20000b8f2610180d2a20180d2430180d2440180d2020000d4000008d5c0035fd68200000000000000280000000000000004000000000000000400000000000000b5000000000000006e00000000000000300000000000000000000e0800000000000c0000000000001f090000000000000800000000000000aa0000000000000028000000000000000c00030000000c0000000000000001000100010000000000be0000000000000018000000000000000fc0130000003060e60000000000000018000000000000000e000000000000003200000000000000400000003c6e1e91030000c4000000003a00000000000000040000000000000002000000000000000000000000000000ed000000000000006e0000000000000030000000000000000000080800000000f4ff000000000000000000800000000002000000000000001e0000000000000040000000000000000e0000c4000000000600000000000000e000000000000000090000000000000040000000c78726e007096f05f620f4a314e0269a6b789c26d684ec2ffa0a50346252a3195e23fd9cc9f6fd33cfb221f2d461dbb332b5df2d6c11b120d29cb4fa1f4baaaa32f752fae0b2880f8d807824ce0475df307644d3fc6c5a4a26214a42fdc298bbd823af7c2b3049d982e42360a7e1052724d9370b3363f588566293dbcd62d6deef36dde4f88dc4678bb13709a9589f644b0ca6d8e2a5a755985fe3c3dd5dd66b5ce16c6b1e3701f48838d520fa5713fae4c11a244676d3"], 0x2ac}, &(0x7f0000000340)=[@featur1={0x1, 0x18}], 0x1) syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f00006b4000/0x400000)=nil, &(0x7f00000005c0)=[{0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="aa0000000000000028000000000000000c010000000006000000f9ffffff19000000010000000000460000000000000018000000000000000200000029010000e6000000000000001800000000000000fcffffffffffffffe600000000000000180000000000000007000000000000004600000000000000180000000000000000000000500200001e0000000000000040000000000000000200000d0000000007000000000000009f0b0000000000000400000000000000090000000000000007000000000000008200000000000000280000000000000000000000000000000200000000000000a002000000000000aa0000000000000028000000000000000b00000000000a000000030000000f000000040000000000be00000000000000180000000000000049df13000000306046000000000000001800000000000000000000009801000000000000000000001800000000000000000800000000000022010000000000004000000000000000010000c400000000c909000000000000000000000000000009000000000000008457000000000000000000000000000032000000000000004000000000000000160000b5000000000800000000000000a3000000000000000500000000000000060000000000000003000000000000006e00000000000000300000000000000000000000000000000f00000000000000140000000000000020000000000000006ddf130000003060070000000000000077fb5a2a85d62fc92a8ca8ef09d6866850f44a22312058caec6842fd7478d68b9a739cc5770833827af83984b3126b96e7359a04d41b4be6f50bdeef8fec13b4a10f38447105418e75880c74b7dba243f7655c8df89dcdf32577"], 0x230}], 0x1, 0x0, &(0x7f0000000600)=[@featur2={0x1, 0x5}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 379.510778][ T3150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.840882][ T3150] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:1446' (ED25519) to the list of known hosts. [ 592.902994][ T25] audit: type=1400 audit(592.130:61): avc: denied { name_bind } for pid=3306 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 593.830283][ T25] audit: type=1400 audit(593.060:62): avc: denied { execute } for pid=3307 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 593.850442][ T25] audit: type=1400 audit(593.070:63): avc: denied { execute_no_trans } for pid=3307 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 616.780733][ T25] audit: type=1400 audit(616.000:64): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 616.812653][ T25] audit: type=1400 audit(616.040:65): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 616.900124][ T3307] cgroup: Unknown subsys name 'net' [ 616.954500][ T25] audit: type=1400 audit(616.180:66): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 617.317562][ T3307] cgroup: Unknown subsys name 'cpuset' [ 617.420217][ T3307] cgroup: Unknown subsys name 'rlimit' [ 618.321132][ T25] audit: type=1400 audit(617.550:67): avc: denied { setattr } for pid=3307 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 618.344567][ T25] audit: type=1400 audit(617.560:68): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 618.367928][ T25] audit: type=1400 audit(617.590:69): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 619.572099][ T3310] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 619.593199][ T25] audit: type=1400 audit(618.820:70): avc: denied { relabelto } for pid=3310 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 619.619813][ T25] audit: type=1400 audit(618.840:71): avc: denied { write } for pid=3310 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 619.798367][ T25] audit: type=1400 audit(619.010:72): avc: denied { read } for pid=3307 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 619.806886][ T25] audit: type=1400 audit(619.020:73): avc: denied { open } for pid=3307 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 619.848374][ T3307] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 669.880976][ T25] audit: type=1400 audit(669.110:74): avc: denied { execmem } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 674.113744][ T25] audit: type=1400 audit(673.340:75): avc: denied { read } for pid=3313 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 674.134791][ T25] audit: type=1400 audit(673.360:76): avc: denied { open } for pid=3313 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 674.230311][ T25] audit: type=1400 audit(673.440:77): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 674.464946][ T25] audit: type=1400 audit(673.690:78): avc: denied { module_request } for pid=3313 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 674.485006][ T25] audit: type=1400 audit(673.710:79): avc: denied { module_request } for pid=3314 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 675.600540][ T25] audit: type=1400 audit(674.820:80): avc: denied { sys_module } for pid=3314 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 701.948959][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 702.539303][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 702.671907][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.129416][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.048061][ T3313] hsr_slave_0: entered promiscuous mode [ 717.076510][ T3313] hsr_slave_1: entered promiscuous mode [ 718.313760][ T3314] hsr_slave_0: entered promiscuous mode [ 718.360296][ T3314] hsr_slave_1: entered promiscuous mode [ 718.389129][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 718.393096][ T3314] Cannot create hsr debugfs directory [ 723.559863][ T25] audit: type=1400 audit(722.780:81): avc: denied { create } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 723.629770][ T25] audit: type=1400 audit(722.820:82): avc: denied { write } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 723.653332][ T25] audit: type=1400 audit(722.880:83): avc: denied { read } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 723.755052][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 724.023082][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 724.159484][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 724.412967][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 725.921176][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 726.132113][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 726.334346][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 726.591034][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 739.018957][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 741.383418][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 797.124600][ T3313] veth0_vlan: entered promiscuous mode [ 797.580557][ T3313] veth1_vlan: entered promiscuous mode [ 799.151761][ T3314] veth0_vlan: entered promiscuous mode [ 799.811008][ T3313] veth0_macvtap: entered promiscuous mode [ 800.044905][ T3314] veth1_vlan: entered promiscuous mode [ 800.315165][ T3313] veth1_macvtap: entered promiscuous mode [ 802.452603][ T3353] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.498588][ T3353] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.509094][ T3353] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.580173][ T3353] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.628972][ T3314] veth0_macvtap: entered promiscuous mode [ 803.088280][ T3314] veth1_macvtap: entered promiscuous mode [ 805.173190][ T25] audit: type=1400 audit(804.400:84): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 805.325202][ T25] audit: type=1400 audit(804.550:85): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.x1BS51/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 805.653723][ T25] audit: type=1400 audit(804.880:86): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 805.883076][ T3351] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.917899][ T3351] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.919224][ T3351] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.920076][ T3351] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.937129][ T25] audit: type=1400 audit(805.140:87): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.x1BS51/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 806.063549][ T25] audit: type=1400 audit(805.290:88): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/syzkaller.x1BS51/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 806.828668][ T25] audit: type=1400 audit(806.050:89): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 806.995184][ T25] audit: type=1400 audit(806.220:90): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 807.093630][ T25] audit: type=1400 audit(806.310:91): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="gadgetfs" ino=3775 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 807.441652][ T25] audit: type=1400 audit(806.670:92): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 807.540218][ T25] audit: type=1400 audit(806.760:93): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 808.779984][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 817.557272][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 817.564963][ T25] audit: type=1400 audit(816.770:98): avc: denied { read } for pid=3464 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.612005][ T25] audit: type=1400 audit(816.840:99): avc: denied { open } for pid=3464 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 818.298566][ T25] audit: type=1400 audit(817.520:100): avc: denied { ioctl } for pid=3464 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0x5878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 821.894653][ T25] audit: type=1400 audit(821.100:101): avc: denied { execute } for pid=3466 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3813 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 836.793944][ T25] audit: type=1400 audit(836.020:102): avc: denied { setattr } for pid=3482 comm="syz.1.6" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 840.114242][ C0] Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000005a000000 -- HVC (AArch64) [ 840.115489][ C0] CPU: 0 UID: 0 PID: 3486 Comm: syz.0.7 Not tainted syzkaller #0 PREEMPT [ 840.116101][ C0] Hardware name: linux,dummy-virt (DT) [ 840.116583][ C0] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 840.116979][ C0] pc : pkvm_init_host_vm+0xb8/0x160 [ 840.118511][ C0] lr : pkvm_init_host_vm+0xa0/0x160 [ 840.118724][ C0] sp : ffff8000a3cc7c60 [ 840.118860][ C0] x29: ffff8000a3cc7c60 x28: 4ef000001e2f5d98 x27: ffff800087354000 [ 840.119429][ C0] x26: 85f000001de2f2b0 x25: 00000000000000cc x24: 00000000000014f8 [ 840.119754][ C0] x23: 00000000000000cc x22: ccff80008c97d260 x21: ccff80008c97cff0 [ 840.120075][ C0] x20: 0000000000000000 x19: efff800000000000 x18: fff0000072d86400 [ 840.120365][ C0] x17: 000000000000007d x16: ffff800080011d9c x15: 00000000ffffffff [ 840.120653][ C0] x14: ffffffffffffffff x13: 0000000000000047 x12: ffff7c1ffbf7c332 [ 840.120974][ C0] x11: 0000000000080000 x10: 0000000000ff0100 x9 : 0000000000000002 [ 840.121386][ C0] x8 : 4ef000001e2f5880 x7 : ffff800080aba4c0 x6 : 0000000000000000 [ 840.121687][ C0] x5 : 0000000000000001 x4 : ffff8000a3cc7ac0 x3 : 0000000000000004 [ 840.121984][ C0] x2 : 0000000000009320 x1 : 0000000000000000 x0 : 00000000c600001b [ 840.122746][ C0] Kernel panic - not syncing: Unhandled exception [ 840.139233][ C0] CPU: 0 UID: 0 PID: 3486 Comm: syz.0.7 Not tainted syzkaller #0 PREEMPT [ 840.140644][ C0] Hardware name: linux,dummy-virt (DT) [ 840.141631][ C0] Call trace: [ 840.142535][ C0] show_stack+0x2c/0x3c (C) [ 840.143744][ C0] __dump_stack+0x30/0x40 [ 840.144589][ C0] dump_stack_lvl+0x30/0x12c [ 840.145419][ C0] dump_stack+0x1c/0x28 [ 840.146212][ C0] vpanic+0x22c/0x59c [ 840.146972][ C0] vpanic+0x0/0x59c [ 840.147738][ C0] el1t_64_irq_handler+0x0/0x1c [ 840.148601][ C0] el1_abort+0x0/0x5c [ 840.149377][ C0] el1h_64_sync+0x6c/0x70 [ 840.150333][ C0] pkvm_init_host_vm+0xb8/0x160 (P) [ 840.151243][ C0] kvm_arch_init_vm+0x150/0x288 [ 840.152112][ C0] kvm_dev_ioctl+0x838/0x105c [ 840.152979][ C0] __arm64_sys_ioctl+0x18c/0x244 [ 840.153913][ C0] invoke_syscall+0x90/0x2b4 [ 840.154718][ C0] el0_svc_common+0x180/0x2f4 [ 840.155612][ C0] do_el0_svc+0x58/0x74 [ 840.156461][ C0] el0_svc+0x58/0x164 [ 840.157216][ C0] el0t_64_sync_handler+0x84/0x12c [ 840.158091][ C0] el0t_64_sync+0x198/0x19c [ 840.160054][ C0] Kernel Offset: disabled [ 840.160757][ C0] CPU features: 0x00000,000068c0,17de33e1,057ffe1f [ 840.161812][ C0] Memory Limit: none [ 840.162793][ C0] [ 840.163322][ C0] ================================ [ 840.164019][ C0] WARNING: inconsistent lock state [ 840.164772][ C0] syzkaller #0 Not tainted [ 840.165577][ C0] -------------------------------- [ 840.166328][ C0] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 840.167210][ C0] syz.0.7/3486 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 840.168165][ C0] 82f000000d3ed6e8 (&k->list_lock){+.+.}-{3:3}, at: bus_for_each_dev+0x60/0x2a4 [ 840.172209][ C0] {INITIAL USE} state was registered at: [ 840.173097][ C0] lock_acquire+0x14c/0x2e0 [ 840.174017][ C0] _raw_spin_lock+0x48/0x60 [ 840.174802][ C0] kobject_add_internal+0x46c/0xee4 [ 840.175656][ C0] kobject_add+0x10c/0x1d0 [ 840.176450][ C0] device_add+0x494/0xd78 [ 840.177269][ C0] device_register+0x28/0x38 [ 840.178109][ C0] faux_bus_init+0x1c/0x88 [ 840.178943][ C0] driver_init+0x30/0x58 [ 840.179711][ C0] do_basic_setup+0x1c/0xa8 [ 840.180504][ C0] kernel_init_freeable+0x244/0x330 [ 840.181410][ C0] kernel_init+0x24/0x1d0 [ 840.182205][ C0] ret_from_fork+0x10/0x20 [ 840.183063][ C0] irq event stamp: 1418 [ 840.183739][ C0] hardirqs last enabled at (1417): [] _raw_spin_unlock_irqrestore+0x44/0xbc [ 840.185099][ C0] hardirqs last disabled at (1418): [] __panic_unhandled+0x24/0x68 [ 840.186346][ C0] softirqs last enabled at (1318): [] local_bh_enable+0x10/0x34 [ 840.187610][ C0] softirqs last disabled at (1316): [] local_bh_disable+0x10/0x34 [ 840.189080][ C0] [ 840.189080][ C0] other info that might help us debug this: [ 840.190152][ C0] Possible unsafe locking scenario: [ 840.190152][ C0] [ 840.191075][ C0] CPU0 [ 840.191622][ C0] ---- [ 840.192192][ C0] lock(&k->list_lock); [ 840.193052][ C0] [ 840.193629][ C0] lock(&k->list_lock); [ 840.194495][ C0] [ 840.194495][ C0] *** DEADLOCK *** [ 840.194495][ C0] [ 840.195509][ C0] no locks held by syz.0.7/3486. [ 840.196274][ C0] [ 840.196274][ C0] stack backtrace: [ 840.197097][ C0] CPU: 0 UID: 0 PID: 3486 Comm: syz.0.7 Not tainted syzkaller #0 PREEMPT [ 840.198253][ C0] Hardware name: linux,dummy-virt (DT) [ 840.199034][ C0] Call trace: [ 840.199591][ C0] show_stack+0x2c/0x3c (C) [ 840.200495][ C0] __dump_stack+0x30/0x40 [ 840.201311][ C0] dump_stack_lvl+0x30/0x12c [ 840.202107][ C0] dump_stack+0x1c/0x28 [ 840.202863][ C0] print_usage_bug+0x2f4/0x32c [ 840.203697][ C0] verify_lock_unused+0x78/0x88 [ 840.204601][ C0] lock_acquire+0x22c/0x2e0 [ 840.205510][ C0] _raw_spin_lock+0x48/0x60 [ 840.206317][ C0] bus_for_each_dev+0x60/0x2a4 [ 840.207153][ C0] coresight_panic_cb+0x2c/0x3c [ 840.208009][ C0] notifier_call_chain+0x1e8/0x65c [ 840.208940][ C0] atomic_notifier_call_chain+0xd0/0x180 [ 840.209953][ C0] vpanic+0x2c4/0x59c [ 840.210701][ C0] vpanic+0x0/0x59c [ 840.211441][ C0] el1t_64_irq_handler+0x0/0x1c [ 840.212273][ C0] el1_abort+0x0/0x5c [ 840.213026][ C0] el1h_64_sync+0x6c/0x70 [ 840.213831][ C0] pkvm_init_host_vm+0xb8/0x160 (P) [ 840.214727][ C0] kvm_arch_init_vm+0x150/0x288 [ 840.215565][ C0] kvm_dev_ioctl+0x838/0x105c [ 840.216440][ C0] __arm64_sys_ioctl+0x18c/0x244 [ 840.217392][ C0] invoke_syscall+0x90/0x2b4 [ 840.218279][ C0] el0_svc_common+0x180/0x2f4 [ 840.219156][ C0] do_el0_svc+0x58/0x74 [ 840.220005][ C0] el0_svc+0x58/0x164 [ 840.220770][ C0] el0t_64_sync_handler+0x84/0x12c [ 840.221667][ C0] el0t_64_sync+0x198/0x19c [ 840.223769][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:55:48 Registers: info registers vcpu 0 CPU#0 PC=ffff80008212779c X00=0000000000000003 X01=0000000000000002 X02=000000000000005f X03=ffff800082127590 X04=0000000000000001 X05=0000000000000000 X06=ffff800081f0e734 X07=ffff800087cd0c24 X08=83ff80008c43b000 X09=0000000000000044 X10=0000000000000044 X11=00000000000000fe X12=000000000000006c X13=0000000000000007 X14=0000000000110001 X15=0000000000000000 X16=00000000000000fe X17=000000000000007d X18=fff0000072d86400 X19=efff800000000000 X20=6cf000000dcb0880 X21=83ff80008c43b018 X22=0000000000000002 X23=6cf000000dcb097c X24=000000000000006c X25=0000000000000000 X26=83ff80008c43b000 X27=000000000000006c X28=000000000000006c X29=ffff8000a3cc73f0 X30=ffff800082127790 SP=ffff8000a3cc73e0 PSTATE=004023c9 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:ffffffff00000000 Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffffc4472f0:0000fffffc4472f0 Z17=ffffff80ffffffd0:0000fffffc4472c0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000