last executing test programs: 1m50.756971s ago: executing program 1 (id=783): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000581000/0x1000)=nil, 0x930, 0x0, 0x4020131, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x0, 0x1) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r4, 0x1}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x1000, 0x0, 0x1, r4, 0x1}) r5 = eventfd2(0x101, 0x800) close(r0) write$eventfd(r5, &(0x7f0000000080)=0xfffffffffffffff7, 0x8) munmap(&(0x7f0000ff3000/0xa000)=nil, 0xa000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000581000/0x1000)=nil, 0x930, 0x0, 0x4020131, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) eventfd2(0x0, 0x1) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r4, 0x1}) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x1000, 0x0, 0x1, r4, 0x1}) (async) eventfd2(0x101, 0x800) (async) close(r0) (async) write$eventfd(r5, &(0x7f0000000080)=0xfffffffffffffff7, 0x8) (async) munmap(&(0x7f0000ff3000/0xa000)=nil, 0xa000) (async) 1m32.815314948s ago: executing program 1 (id=785): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x400454ce, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x7e) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x8000) 1m24.169566166s ago: executing program 0 (id=786): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x28a43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x101100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_CAP_HALT_POLL(r3, 0x4068aea3, &(0x7f0000000800)) (async, rerun: 64) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async, rerun: 32) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0002"]) (rerun: 32) 1m11.283885404s ago: executing program 0 (id=787): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000000), 0x10401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) r2 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8c0, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r3, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x24) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, 0xffffffffffffffff) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0) r10 = eventfd2(0x0, 0x0) close(r10) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000013000/0x4000)=nil, 0x930, 0x2, 0x8032, r3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0x0, 0x0, 0x1c1040, 0x0) ioctl$KVM_SET_GSI_ROUTING(r12, 0x4020ae46, &(0x7f0000000280)=ANY=[]) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r9, 0x4068aea3, &(0x7f00000001c0)) mmap$KVM_VCPU(&(0x7f0000002000/0x3000)=nil, 0x930, 0x1000000, 0x4000010, 0xffffffffffffffff, 0x0) 1m6.416462338s ago: executing program 1 (id=788): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000180)={0x5, 0x3}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x11}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = eventfd2(0x101, 0x800) write$eventfd(r4, &(0x7f0000000080)=0xfffffffffffffff7, 0x8) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_GET_API_VERSION(r7, 0xae03, 0x42) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0) r9 = eventfd2(0x0, 0x80000) ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000100)={0xd000, 0x0, 0x8, r9}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100c40, 0x0) syz_kvm_setup_syzos_vm(r10, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x8, r9}) ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x3000, 0x8, r9}) ioctl$KVM_IOEVENTFD(r5, 0x4020940d, &(0x7f0000000080)={0x6, 0x0, 0x1, 0xffffffffffffffff, 0x5}) 52.054512194s ago: executing program 0 (id=789): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) (async) r2 = eventfd2(0x9, 0x80800) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6, 0x0, 0x0, r2, 0x8}) syz_kvm_setup_syzos_vm(0xffffffffffffffff, &(0x7f000000c000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000002, 0x8010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r4, 0x0) (async) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000f9a000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f000039f000/0x2000)=nil, r1, 0xc, 0x20010, r4, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe3) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000018000000000000000100000020000000b839d9b642cafde8dde0f6d0e66f205cf11779bc00d50e27a54efc70425ba40207d255ede78a9b0b7617f51395bc869da94cb9b5767da3987d39c6b6994067be6644b6a10a8679e85fd3fe2ad183c11cd7f46964dc96838351762ca6595cbc34f111a5cb"], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) 43.855545643s ago: executing program 1 (id=790): munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000d47000/0x2000)=nil, 0x2000) r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x20) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) mmap$KVM_VCPU(&(0x7f0000c85000/0x1000)=nil, 0x930, 0x0, 0x4010, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000100), 0x81}], 0x1, 0x0, 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="fb41a373e0418d009ea6ab8031ff54a5ecfa37fb4901ff05ffff8010fbff57521ce10d8f6b69d22627e700", 0x0, 0xfffffe15) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, &(0x7f0000000140)=ANY=[@ANYRES64=r0]) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x1) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="090000010000000018000000e5c954dd6b323d7400ef7787"], 0x18}], 0x1, 0x0, 0x0, 0x0) 35.724044925s ago: executing program 0 (id=791): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000df0000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x0, 0x0) r5 = eventfd2(0x0, 0x801) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8, 0xf000, 0x2, r5, 0x2}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x0, r4}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x10001, 0x0, 0x1, r4}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4018aee2, &(0x7f0000000040)={0x4, 0x3}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x4, 0x4}) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x4, 0x4f832, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f0000f50000/0x3000)=nil, 0x3000) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x19) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) r10 = syz_kvm_vgic_v3_setup(r8, 0x2, 0x60) ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0xffff0155, 0x0, &(0x7f0000000040)=0x9104}) 17.581332314s ago: executing program 1 (id=792): mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000000)={0x688000000, 0xe}) 12.534185512s ago: executing program 0 (id=793): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x2010, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000080)={0x0, 0x6}) 6.449819994s ago: executing program 1 (id=794): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu(r3, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0700000000000000280000000000000002000000000002000020bac554898fdacc0000010000000000000000000000001c5fd35b5c"], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r8 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x400454da, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40800, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) eventfd2(0x9, 0x80801) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r15, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x2, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) 0s ago: executing program 0 (id=795): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x20000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) munmap(&(0x7f00000be000/0x1000)=nil, 0xffffffffdff41fff) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2400, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xc0189436, 0x100000000000000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0x4b47, 0xfffffffffffffffe) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) syz_kvm_add_vcpu(0x0, &(0x7f0000000580)={0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000000000000200000000000000007801300000030600300000000000000020000000000000020000000000000003d80130000003060040000000000000009000000000000001800000000000000bdde13000000306003000000000000004000000000000000000000000000000058000000000000000100010000000000030000000000000000306c28acd1b54e437c00008000000000030000000000000009000000000000001800000000000000a8de130000003060"], 0xb0}, &(0x7f0000000940)=[@featur2={0x1, 0x8}], 0x1) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2000009, 0x100010, 0xffffffffffffffff, 0x0) r12 = syz_kvm_add_vcpu(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000200)=[@its_send_cmd={0x8, 0x28, {0x9, 0x1, 0x1, 0x10, 0x1, 0x5, 0x4}}, @code={0x1, 0x84, {"a0e983d20020b8f2a10180d2420080d2e30080d2240180d2020000d40058284e000000ea007008d5000028d540f891d20060b0f2010180d2e20180d2a30080d2a40080d2020000d4e003005a008008d5c0b986d20080b8f2210180d2a20180d2630180d2e40180d2020000d40048201e"}}, @code={0x1, 0x9c, {"000880380020c01ae0678cd200a0b8f2410080d2c20180d2830180d2c40080d2020000d4201f81d20060b8f2a10180d2820080d2630080d2640080d2020000d40000021e40809dd20020b0f2410080d2620180d2630180d2c40080d2020000d40008a03c00e0200e002c9cd20080b0f2810080d2e20080d2030080d2a40080d2020000d40000429e"}}, @smc={0x3, 0x40, {0x40000004, [0x9, 0x40001, 0x0, 0xffffffff, 0x5]}}, @code={0x1, 0x84, {"0088201ee03696d20040b0f2010180d2020080d2230080d2040080d2020000d460948bd200a0b0f2c10180d2420080d2630080d2240180d2020000d4007008d50000206b007008d5000000b9007008d500b4205e405e8ad20020b8f2410180d2420080d2230080d2e40080d2020000d4"}}, @irq_setup={0x5, 0x18, {0x4, 0x306}}, @mrs={0x9, 0x18, {0x3ff}}], 0x23c}, &(0x7f0000000140)=[@featur1={0x1, 0x43}], 0x1) syz_kvm_setup_cpu$arm64(r6, r12, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000600)}], 0x1, 0x0, &(0x7f0000000480)=[@featur2={0x1, 0x7}], 0x1) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r6, 0x5421, &(0x7f0000001280)={0x6, 0x1000}) kernel console output (not intermixed with test programs): [ 562.127525][ T3139] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:37815' (ED25519) to the list of known hosts. [ 818.457666][ T24] audit: type=1400 audit(817.320:74): avc: denied { name_bind } for pid=3299 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 819.851583][ T24] audit: type=1400 audit(818.720:75): avc: denied { execute } for pid=3301 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 819.873066][ T24] audit: type=1400 audit(818.740:76): avc: denied { execute_no_trans } for pid=3301 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 856.846441][ T24] audit: type=1400 audit(855.710:77): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 856.913440][ T24] audit: type=1400 audit(855.770:78): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 857.030967][ T3301] cgroup: Unknown subsys name 'net' [ 857.107320][ T24] audit: type=1400 audit(855.970:79): avc: denied { unmount } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 857.639933][ T3301] cgroup: Unknown subsys name 'cpuset' [ 857.778926][ T3301] cgroup: Unknown subsys name 'rlimit' [ 859.233580][ T24] audit: type=1400 audit(858.100:80): avc: denied { setattr } for pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 859.252734][ T24] audit: type=1400 audit(858.110:81): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 859.296165][ T24] audit: type=1400 audit(858.150:82): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 860.844134][ T3305] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 860.890422][ T24] audit: type=1400 audit(859.740:83): avc: denied { relabelto } for pid=3305 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 860.913591][ T24] audit: type=1400 audit(859.780:84): avc: denied { write } for pid=3305 comm="mkswap" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 861.202766][ T24] audit: type=1400 audit(860.070:85): avc: denied { read } for pid=3301 comm="syz-executor" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 861.229038][ T24] audit: type=1400 audit(860.090:86): avc: denied { open } for pid=3301 comm="syz-executor" path="/swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 861.296533][ T3301] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 925.333545][ T24] audit: type=1400 audit(924.200:87): avc: denied { execmem } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 932.106727][ T24] audit: type=1400 audit(930.970:88): avc: denied { read } for pid=3308 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 932.151673][ T24] audit: type=1400 audit(931.020:89): avc: denied { open } for pid=3308 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 932.263477][ T24] audit: type=1400 audit(931.130:90): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 932.629616][ T24] audit: type=1400 audit(931.490:91): avc: denied { module_request } for pid=3309 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 932.658624][ T24] audit: type=1400 audit(931.520:92): avc: denied { module_request } for pid=3308 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 934.083016][ T24] audit: type=1400 audit(932.950:93): avc: denied { sys_module } for pid=3309 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 972.369044][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 972.831005][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 973.061835][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 973.453592][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 989.258000][ T3308] hsr_slave_0: entered promiscuous mode [ 989.312054][ T3308] hsr_slave_1: entered promiscuous mode [ 990.869312][ T3309] hsr_slave_0: entered promiscuous mode [ 990.919832][ T3309] hsr_slave_1: entered promiscuous mode [ 990.969663][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 990.992585][ T3309] Cannot create hsr debugfs directory [ 997.990552][ T24] audit: type=1400 audit(996.860:94): avc: denied { create } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 998.081600][ T24] audit: type=1400 audit(996.950:95): avc: denied { write } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 998.157667][ T24] audit: type=1400 audit(997.020:96): avc: denied { read } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 998.332570][ T3308] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 998.861392][ T3308] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 999.411055][ T3308] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1000.097404][ T3308] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1002.127218][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1002.343546][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1002.519959][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1002.940823][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1029.181438][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1032.048865][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1128.511655][ T3308] veth0_vlan: entered promiscuous mode [ 1129.270601][ T3308] veth1_vlan: entered promiscuous mode [ 1131.978050][ T3309] veth0_vlan: entered promiscuous mode [ 1133.009408][ T3308] veth0_macvtap: entered promiscuous mode [ 1133.628037][ T3309] veth1_vlan: entered promiscuous mode [ 1134.032950][ T3308] veth1_macvtap: entered promiscuous mode [ 1138.577706][ T3308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.582005][ T3308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.625638][ T3308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1138.628122][ T3308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1139.522456][ T3309] veth0_macvtap: entered promiscuous mode [ 1140.589367][ T3309] veth1_macvtap: entered promiscuous mode [ 1145.275836][ T24] audit: type=1400 audit(1144.030:97): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1145.717521][ T24] audit: type=1400 audit(1144.520:98): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzkaller.3I1aHx/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1146.482226][ T3309] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1146.490881][ T24] audit: type=1400 audit(1145.220:99): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1146.626638][ T3309] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1146.629019][ T3309] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1146.631428][ T3309] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1147.497149][ T24] audit: type=1400 audit(1146.360:100): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzkaller.3I1aHx/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 1148.049331][ T24] audit: type=1400 audit(1146.810:101): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzkaller.3I1aHx/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3643 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 1149.746842][ T24] audit: type=1400 audit(1148.460:102): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1150.237236][ T24] audit: type=1400 audit(1149.080:103): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1516 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 1150.593485][ T24] audit: type=1400 audit(1149.440:104): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="gadgetfs" ino=3656 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 1154.682310][ T24] audit: type=1400 audit(1153.550:105): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1154.852407][ T24] audit: type=1400 audit(1153.600:106): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1156.958022][ T24] audit: type=1400 audit(1155.810:107): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1157.347495][ T3308] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1160.187683][ T24] audit: type=1400 audit(1159.020:108): avc: denied { read write } for pid=3308 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1160.347423][ T24] audit: type=1400 audit(1159.120:109): avc: denied { open } for pid=3308 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1160.426629][ T24] audit: type=1400 audit(1159.250:110): avc: denied { ioctl } for pid=3308 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1167.121736][ T24] audit: type=1400 audit(1165.970:112): avc: denied { read } for pid=3455 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1167.183429][ T24] audit: type=1400 audit(1165.960:111): avc: denied { open } for pid=3454 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1168.336687][ T24] audit: type=1400 audit(1167.190:113): avc: denied { ioctl } for pid=3455 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1183.562413][ T24] audit: type=1400 audit(1182.430:114): avc: denied { write } for pid=3465 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1194.827097][ T24] audit: type=1400 audit(1193.670:115): avc: denied { append } for pid=3470 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1228.816588][ T24] audit: type=1400 audit(1227.460:116): avc: denied { execute } for pid=3482 comm="syz.1.7" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4124 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1358.379418][ T3544] kvm [3544]: Failed to find VMA for hva 0x400001016000 [ 1358.447323][ T3538] kvm [3538]: Failed to find VMA for hva 0x400000e8a000 [ 1359.379886][ T3538] kvm [3538]: Failed to find VMA for hva 0x400000e8a000 [ 1499.911779][ T3598] kvm [3598]: Failed to find VMA for hva 0x400000d89000 [ 1849.920119][ T3757] kvm [3757]: Failed to find VMA for hva 0x400001016000 [ 2537.050091][ T4062] kvm [4062]: Failed to find VMA for hva 0x4000008c2000 [ 2576.510948][ T4084] kvm [4084]: Failed to find VMA for hva 0x400001016000 [ 2580.083529][ T4084] kvm [4084]: Failed to find VMA for hva 0x400001016000 [ 2766.491557][ T24] audit: type=1400 audit(2765.350:117): avc: denied { setattr } for pid=4163 comm="syz.0.168" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2788.067153][ T24] audit: type=1400 audit(2786.930:118): avc: denied { map } for pid=4169 comm="syz.0.170" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3538.350300][ T4508] kvm [4508]: Failed to find VMA for hva 0x400001016000 [ 4078.899049][ T4754] kvm [4754]: Failed to find VMA for hva 0x400001016000 [ 4079.400817][ T4754] kvm [4754]: Failed to find VMA for hva 0x400001016000 [ 5432.963186][ T5370] KVM: debugfs: duplicate directory 5370-5 [ 5454.802712][ T5382] kvm [5382]: Failed to find VMA for hva 0x400001016000 [ 5596.858259][ T5448] kvm [5448]: Failed to find VMA for hva 0x400001016000 [ 6055.090452][ T5649] kvm [5649]: Failed to find VMA for hva 0x400000b62000 [ 6091.751024][ T5666] kvm [5666]: Failed to find VMA for hva 0x400000e8a000 [ 6095.361974][ T5666] kvm [5666]: Failed to find VMA for hva 0x400000e8a000 [ 6713.189469][ T5948] kvm [5948]: Failed to find VMA for hva 0x400000e8a000 [ 6833.687397][ T6021] kvm [6021]: Failed to find VMA for hva 0x400001016000 [ 7025.603225][ T6103] kvm [6103]: Failed to find VMA for hva 0x400001016000 [ 7353.341071][ T6246] kvm [6246]: Failed to find VMA for hva 0x400001016000 [ 8357.702232][ T6709] kvm [6709]: Failed to find VMA for hva 0x400001016000 [ 8591.309806][ T6832] Unable to handle kernel paging request at virtual address efff800000000001 [ 8591.438108][ T6832] KASAN: null-ptr-deref in range [0x0000000000000010-0x000000000000001f] [ 8591.645655][ T6832] Mem abort info: [ 8591.647304][ T6832] ESR = 0x0000000096000005 [ 8591.648948][ T6832] EC = 0x25: DABT (current EL), IL = 32 bits [ 8591.650543][ T6832] SET = 0, FnV = 0 [ 8591.652015][ T6832] EA = 0, S1PTW = 0 [ 8591.653347][ T6832] FSC = 0x05: level 1 translation fault [ 8591.918386][ T6832] Data abort info: [ 8591.920110][ T6832] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 8591.921777][ T6832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 8591.923525][ T6832] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 8592.053149][ T6832] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000044c2f000 [ 8592.116191][ T6832] [efff800000000001] pgd=1000000049b9c003, p4d=1000000049b9d003, pud=0000000000000000 [ 8592.199718][ T6832] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 8592.201973][ T6832] Modules linked in: [ 8592.203955][ T6832] CPU: 0 UID: 0 PID: 6832 Comm: syz.0.795 Not tainted 6.14.0-rc2-syzkaller-g29281a76709c #0 [ 8592.206195][ T6832] Hardware name: linux,dummy-virt (DT) [ 8592.207872][ T6832] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 8592.209700][ T6832] pc : __hwasan_check_x0_67043362+0x4/0x30 [ 8592.212397][ T6832] lr : vgic_its_save_tables_v0+0x25c/0x7e0 [ 8592.213931][ T6832] sp : ffff8000a1a77bc0 [ 8592.215080][ T6832] x29: ffff8000a1a77c30 x28: 95f00000197ad7c0 x27: 0000000000000000 [ 8592.217471][ T6832] x26: 0000000000000000 x25: 35f0000019e6ed00 x24: 0000000000000000 [ 8592.219591][ T6832] x23: 0cf0000019941780 x22: 0000000000000000 x21: 85f0000019e6ed50 [ 8592.221773][ T6832] x20: 85f0000019e6ed50 x19: efff800000000000 x18: 0000000000000004 [ 8592.223658][ T6832] x17: 0000000000000000 x16: 0000000000000001 x15: 0000000000000000 [ 8592.225857][ T6832] x14: 000000000002067b x13: ffff800083bc0958 x12: 0000000000000028 [ 8592.228003][ T6832] x11: 0000000000000000 x10: 0000000000002000 x9 : efff800000000000 [ 8592.230249][ T6832] x8 : 0000000020000000 x7 : ffff800080117c44 x6 : 0000000000000000 [ 8592.232403][ T6832] x5 : 0000000000000000 x4 : 95f00000197ae300 x3 : 40ff8000a1a5a3d0 [ 8592.234237][ T6832] x2 : ffff800080117cc0 x1 : 0000000000000001 x0 : 0000000000000010 [ 8592.236619][ T6832] Call trace: [ 8592.237769][ T6832] __hwasan_check_x0_67043362+0x4/0x30 (P) [ 8592.239610][ T6832] vgic_its_set_attr+0x394/0x554 [ 8592.241213][ T6832] kvm_device_ioctl_attr+0x16c/0x1d8 [ 8592.242752][ T6832] kvm_device_ioctl+0x154/0x1b0 [ 8592.244248][ T6832] __arm64_sys_ioctl+0x108/0x188 [ 8592.245607][ T6832] invoke_syscall+0x78/0x1b8 [ 8592.246950][ T6832] el0_svc_common+0xe8/0x1b0 [ 8592.248353][ T6832] do_el0_svc+0x40/0x50 [ 8592.249631][ T6832] el0_svc+0x54/0x14c [ 8592.250725][ T6832] el0t_64_sync_handler+0x84/0x108 [ 8592.252171][ T6832] el0t_64_sync+0x198/0x19c [ 8592.254121][ T6832] Code: a90efbfd d2800401 143ba985 9344dc10 (38706930) [ 8592.256462][ T6832] ---[ end trace 0000000000000000 ]--- [ 8592.258513][ T6832] Kernel panic - not syncing: Oops: Fatal exception [ 8592.263137][ T6832] Kernel Offset: disabled [ 8592.264323][ T6832] CPU features: 0x000,000000d0,00bef2f8,837ffe1f [ 8592.265645][ T6832] Memory Limit: none [ 8592.267365][ T6832] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:01:15 Registers: info registers vcpu 0 CPU#0 PC=ffff800080342af8 X00=0005a995c0000000 X01=ffff80008975b028 X02=ffff800084c49088 X03=95f00000197ae248 X04=95f00000197ae378 X05=0000000000000001 X06=0000000000000000 X07=ffff800080318a5c X08=00000000001a3494 X09=efff800000000000 X10=0000000000000000 X11=0000000000000017 X12=000000003d04b34b X13=0000000000000000 X14=0000000000006046 X15=0000000000080000 X16=00000000000000ff X17=fff07fffee3de000 X18=0000000000000002 X19=efff800000000000 X20=0000000000000000 X21=ffff800080318a5c X22=ffff80008975af90 X23=ffff80008975b008 X24=ffff80008975ae40 X25=ffff80008975afb8 X26=000000003b9ac9ff X27=000000003b9aca00 X28=000000000000218e X29=ffff8000800075e0 X30=ffff80008031a0a4 SP=ffff8000800075e0 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffdf96b250:58c5eecdbb189b00 Z02=0000ffffdf96b230:ffffff80ffffffd8 Z03=0000ffffdf96b2e0:0000ffffdf96b2e0 Z04=0000ffffdf96b2e0:0000ffff93336bc8 Z05=0000ffffdf96b2b0:0000ffffdf96b2e0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffdf96b500:0000ffffdf96b500 Z17=ffffff80ffffffd0:0000ffffdf96b4d0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000