last executing test programs: 1m0.435206289s ago: executing program 1 (id=1792): syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x2, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x4}) r5 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="820000000000000028000000000000000100000000000000040000000000000002000000000000008200000000000000280000000000000004"], 0x50}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="6e00000000000000300000000000000000000008000000000008000000000000090000000000000001"], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r10, 0x4, 0x100) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f00000001c0)={0x3}) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x10010, r8, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r14, 0x4020aeae, &(0x7f0000000000)={0x5, 0x2}) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f0000000280)=[@mrs={0xbe, 0x18, {0x603000000013f602}}, @svc={0x122, 0x40, {0x8, [0x6, 0x4d23, 0x9bf, 0xc, 0x10]}}, @mrs={0xbe, 0x18, {0x603000000013e289}}, @smc={0x1e, 0x40, {0x84000012, [0x80, 0x0, 0x3, 0x9, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x48, 0x1, 0x6}}, @irq_setup={0x46, 0x18, {0x0, 0x33f}}, @code={0xa, 0xe4, {"e06384d200a0b0f2210180d2c20180d2030180d2a40080d2020000d40010c0dae0d980d200c0b8f2810080d2220180d2830080d2a40080d2020000d400f4200ec0dc95d200c0b0f2e10180d2a20180d2030080d2440180d2020000d420618bd20020b8f2e10080d2420180d2430180d2a40180d2020000d4c07787d200a0b0f2810180d2020080d2c30080d2240180d2020000d460e886d20040b8f2210180d2a20180d2830080d2c40180d2020000d4607288d200a0b8f2810080d2420180d2630080d2840180d2020000d400d8a00e"}}, @irq_setup={0x46, 0x18, {0x2, 0x1cd}}, @msr={0x14, 0x20, {0x603000000013c289, 0x5}}, @uexit={0x0, 0x18, 0x4b}, @eret={0xe6, 0x18, 0xbe1}, @code={0xa, 0xcc, {"60ee93d200a0b8f2410180d2820180d2830080d2240180d2020000d4401e8cd200a0b0f2610080d2c20180d2830080d2240080d2020000d4007008d5e0e39bd200c0b0f2210180d2020080d2c30080d2e40080d2020000d420b78fd20080b8f2010080d2420180d2e30180d2e40080d2020000d4007008d5c0e68fd200a0b8f2810180d2820080d2c30080d2440180d2020000d4000008d50000400c806b96d20000b8f2a10180d2220080d2630180d2440080d2020000d4"}}, @eret={0xe6, 0x18, 0x3}, @uexit={0x0, 0x18, 0x5}, @eret={0xe6, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x8, 0x1, 0x9, 0x3}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @hvc={0x32, 0x40, {0x800, [0x10000, 0x4, 0x3, 0x6, 0x5a1a]}}, @irq_setup={0x46, 0x18, {0x2, 0x21}}, @irq_setup={0x46, 0x18, {0x0, 0x392}}, @smc={0x1e, 0x40, {0xc400000c, [0x2, 0x0, 0xa, 0x8, 0x6]}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0x3}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0x7fc, 0x26, 0x8}}, @irq_setup={0x46, 0x18, {0x0, 0x300}}], 0x4c0}, &(0x7f0000000140)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_RUN(r14, 0xae80, 0x0) 52.090822691s ago: executing program 1 (id=1794): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x0, 0x300000a, 0x8010, 0xffffffffffffffff, 0x0) r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x0, 0x300000a, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffa) r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r7, 0x4004aec2, &(0x7f0000000040)=0x4) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r10, 0xae03, 0xaa) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(r10, r6, &(0x7f0000ba4000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1e000000000000004000000000000000010000860000000007000000000000002080000000000000e85700000000000002000000000000007c08000000000000460000000000000018000000000000000100000035000000220100000000000040000000000000000600008400000000050000000000000006000000000000000200000000000000830c00000000000003000000000000006e0000000000000030000000000000000000000000000000d80600000000000004000000000000006d4237ff2f501c34e600000000001b001800000000000000f8ffffffffffffff82000000000000002800000000000000030000000000000004000000000000004603000000000000460000000000000018000000000000000400000098010000220100000000000040000000000000000040000000000000feffffffffffffff080000000000000009000000000000005e0f0000000000000100000001000000e600000000000000180000000000000001000000000000000a000000000000009c00000000000000c0b384d200c0b8f2210180d2020080d2c30080d2040080d2020000d4008008d5008008d5007008d500f987d20060b0f2010180d2e20180d2630180d2e40180d2020000d4007008d50080209ba0b69fd20000b8f2a10080d2a20180d2c30080d2840080d2020000d400d0000f205883d20000b8f2610180d2220180d2230180d2c40080d2020000d4c0035fd62201000000000000400000000000000000000004000000000000000000000000cf00000000000000ff01000000000000080000000000000007000000000000000a000000000000009c00000000000000008008d5007008d5000008d5801686d200c0b0f2610080d2820180d2630180d2040080d2020000d4204f96d200e0b8f2210180d2620080d2230080d2440080d2020000d4007008d5004887d200c0b0f2a10080d2620180d2430080d2a40180d2020000d40100a0d4000b93d200e0b8f2a10080d2020180d2430180d2440080d2020000d4008008d5c0035fd60a000000000000005400000000000000007008d5000008d5007008d5007008d5c0648cd20020b8f2010180d2c20080d2030180d2840080d2020000d40040400d007008d50068203c0004000f003c202ec0035fd61e0000000000000040000000000000000f0000840000000001000000000000000300000000000000080000000000000001000000000000000900000000000000e60000000000000018000000000000000f000000000000001e0000000000000040000000000000000000003200000000010000000000008002000000000000000100000000000000060000000000000000000100000000001400000000000000200000000000000000000000000000000c00000000000000aa0000000000000028000000000000000301000000000a00000004000000060000000300000000000a00000000000000b400000000000000c0ea87d20080b0f2610080d2220180d2030180d2c40080d2020000d40000219e00800008007008d5a03588d200a0b0f2c10180d2c20080d2630080d2240180d2020000d40060400da07691d20020b8f2410080d2a20180d2030180d2c40180d2020000d4000028d5402982d20040b8f2010080d2e20080d2830080d2040180d2020000d400d791d20020b8f2810180d2420080d2230180d2840080d2020000d4c0035fd614000000000000002000000000000000abc213000000306001000100000000001400000000000000200000000000000062e6130000003060000000000000000022010000000000004000000000000000ff7f0080000000000100000000000000020000000000000000010000000000000800000000000000ffffffff00000000e6000000000000001800000000000000ff070000000000001e0000000000000040000000000000005000008400000000a1160000000000000a0000000000000002000000000000000000000000000000ff000000000000000a00000000000000b400000000000000403e9dd20060b0f2010080d2e20080d2830080d2c40080d2020000d4000028d5000008d5802985d200e0b8f2610180d2820180d2430080d2e40080d2020000d4607885d200e0b8f2c10080d2a20080d2430080d2a40080d2020000d400809f0d804d93d200a0b8f2a10080d2020080d2c30180d2a40080d2020000d4000028d50000229ea04d9ed200c0b0f2410080d2420080d2c30180d2a40080d2020000d4c0035fd6000000000000000018000000000000001000000000000000e6000000000000001800000000000000010100000000000046000000000000001800000000000000000000009c0000006e0000000000000030000000000000000000080800000000040000000000000000080000000000000c00000000000000"], 0x6dc}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x80}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r12, 0x4010ae67, &(0x7f0000000080)={0xeeef0000}) 50.192441315s ago: executing program 0 (id=1795): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40480, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000200)="fb014401ac2cc4a2c0a6000000faff00bfff02000000ffffff00000d00e6ffea000000002000", 0x0, 0xffffffffffffff98) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000100)={0xa8, 0x0, 0x1}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000040)=@x86={0x2e, 0x39, 0x2, 0x0, 0x2, 0x9e, 0x5, 0x0, 0x4, 0xc, 0x8, 0xf8, 0x0, 0x0, 0x9e, 0x1, 0x5, 0x1, 0x1, '\x00', 0xf, 0x200}) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x29031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ad4000/0x1000)=nil, 0x1000) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x80a40, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r8, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) 43.300120514s ago: executing program 1 (id=1796): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x420c0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x4, 0x0}) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1, 0x4f832, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000b40), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) r8 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000300)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000080)={0x5, 0xe}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000140)={0x8, 0xffff, 0x1}}) 38.608548246s ago: executing program 0 (id=1797): eventfd2(0x8, 0x80001) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) close(0x4) (async) mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r10, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000000000000000002"]) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000200)="fb014401ac2cc4a2c0a6000000faff00bfffffffffffffffffffde00000000faffffff00000d00e6ffea000000002000", 0x0, 0xfffffffffffffe78) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000040)=@x86={0x2e, 0x9, 0x2, 0x0, 0x2, 0x9e, 0x5, 0x0, 0x4, 0xc, 0x8, 0xf8, 0x0, 0x0, 0x9e, 0x1, 0x0, 0x1, 0x1, '\x00', 0xf, 0x200}) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000080)={0xdddd0000, 0x10000}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) r13 = syz_kvm_vgic_v3_setup(r5, 0x4, 0x40) close(0x5) (async) close(r13) (async) close(0x4) 30.570670962s ago: executing program 1 (id=1798): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = mmap$KVM_VCPU(&(0x7f0000cb1000/0x3000)=nil, 0x930, 0x1000001, 0x28031, r1, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000300)="fb4149dd033be3235257cf59e0418df24200000700a6ab9710fbff77521ce10d8f6669d22627e72100000000000000000100000000ddff00", 0x0, 0x48) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, 0x0, 0x901683, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x8) r8 = openat$kvm(0x0, &(0x7f0000000240), 0x484000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x1, 0xdddd1000, 0x2000, &(0x7f0000fb5000/0x2000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) r11 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x6d681f4490d7489d, 0xffffffffffffffff, 0x0) r12 = mmap$KVM_VCPU(&(0x7f0000e75000/0x1000)=nil, 0x930, 0x300000b, 0x28031, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) 28.344091431s ago: executing program 0 (id=1799): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000140)={0xdddd0000, 0x104000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x8000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000100)={0x80a0000}) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0xfffffffffffffffc) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000200)={0x7}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x10000, 0x4, 0xffffffffffffffff, 0x20}) 16.327696098s ago: executing program 0 (id=1800): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0) (async) r3 = openat$kvm(0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x10000}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x40010, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0249abf4e7454e37c4b85000005a7c0100ff64520000558f1f44835673302b54ebb6aa000200d22627e77e4b7b00040000000000000000000000000000000000000000eb00", 0x0, 0x12) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) (async) r9 = eventfd2(0x0, 0x800) close(r9) r10 = eventfd2(0x0, 0x0) close(r10) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3) (async) write$eventfd(r9, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20203, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 9.247613s ago: executing program 1 (id=1801): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x2400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000000)={0x0, 0x88}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x2710, 0x1, 0x6000, 0x1000, &(0x7f0000000000/0x1000)=nil}) 8.530545179s ago: executing program 0 (id=1802): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40480, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000000c0)={0x1}) (async) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (rerun: 32) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x8040ae9f, &(0x7f00000000c0)=@arm64) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xac) (async, rerun: 32) r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async, rerun: 32) ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013df43, &(0x7f0000000080)=0x3}) (async, rerun: 32) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async) syz_kvm_assert_syzos_uexit$arm64(0x0, 0xffffffffffffffff) openat$kvm(0x0, 0x0, 0x200, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) 1.088899169s ago: executing program 0 (id=1803): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r4, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) mmap$KVM_VCPU(&(0x7f000000e000/0x3000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r4, 0x100000c, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) (async) 0s ago: executing program 1 (id=1804): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4}) r2 = ioctl$KVM_CREATE_VM(r0, 0x894c, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xfffffffffffffffd) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xb702, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0xec83, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000010010000000000000000000100000020000000585f257ae74d960f05da978e0c568c5398ef797e6ced07d40f1a9201718ecd1e7bbfeb7631ee212366773fd0"], 0x18}, 0x0, 0x0) r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000"], 0x18}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0x2000fdfd) (async) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1c) (async) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x180000d, 0x2010, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r12, 0x1000001, 0x100010, r11, 0x0) eventfd2(0x0, 0x0) kernel console output (not intermixed with test programs): [ 440.087731][ T3130] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:62851' (ED25519) to the list of known hosts. [ 615.532927][ T25] audit: type=1400 audit(614.650:63): avc: denied { name_bind } for pid=3286 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 616.503855][ T25] audit: type=1400 audit(615.620:64): avc: denied { execute } for pid=3287 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 616.523338][ T25] audit: type=1400 audit(615.640:65): avc: denied { execute_no_trans } for pid=3287 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 639.048997][ T25] audit: type=1400 audit(638.170:66): avc: denied { mounton } for pid=3287 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 639.112559][ T25] audit: type=1400 audit(638.230:67): avc: denied { mount } for pid=3287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 639.327140][ T3287] cgroup: Unknown subsys name 'net' [ 639.482248][ T25] audit: type=1400 audit(638.600:68): avc: denied { unmount } for pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 640.433245][ T3287] cgroup: Unknown subsys name 'cpuset' [ 640.638233][ T3287] cgroup: Unknown subsys name 'rlimit' [ 642.413638][ T25] audit: type=1400 audit(641.500:69): avc: denied { setattr } for pid=3287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 642.425172][ T25] audit: type=1400 audit(641.550:70): avc: denied { mounton } for pid=3287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 642.463635][ T25] audit: type=1400 audit(641.580:71): avc: denied { mount } for pid=3287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 643.819576][ T3291] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 643.843070][ T25] audit: type=1400 audit(642.960:72): avc: denied { relabelto } for pid=3291 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 643.881630][ T25] audit: type=1400 audit(642.980:73): avc: denied { write } for pid=3291 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 644.057737][ T25] audit: type=1400 audit(643.180:74): avc: denied { read } for pid=3287 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 644.086957][ T25] audit: type=1400 audit(643.200:75): avc: denied { open } for pid=3287 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 644.132489][ T3287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 689.074140][ T25] audit: type=1400 audit(688.170:76): avc: denied { execmem } for pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 692.838436][ T25] audit: type=1400 audit(691.960:77): avc: denied { read } for pid=3294 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 692.910982][ T25] audit: type=1400 audit(692.020:78): avc: denied { open } for pid=3294 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.121290][ T25] audit: type=1400 audit(692.240:79): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 693.731782][ T25] audit: type=1400 audit(692.850:80): avc: denied { module_request } for pid=3294 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 695.561615][ T25] audit: type=1400 audit(694.670:81): avc: denied { sys_module } for pid=3294 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 728.297585][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 728.545589][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.609519][ T3294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 728.884992][ T3294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 741.382897][ T3296] hsr_slave_0: entered promiscuous mode [ 741.436054][ T3296] hsr_slave_1: entered promiscuous mode [ 742.226744][ T3294] hsr_slave_0: entered promiscuous mode [ 742.267451][ T3294] hsr_slave_1: entered promiscuous mode [ 742.297658][ T3294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 742.314808][ T3294] Cannot create hsr debugfs directory [ 748.029472][ T25] audit: type=1400 audit(747.150:82): avc: denied { create } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 748.082511][ T25] audit: type=1400 audit(747.190:83): avc: denied { write } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 748.142709][ T25] audit: type=1400 audit(747.250:84): avc: denied { read } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 748.275660][ T3296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 748.724423][ T3296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 749.028933][ T3296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 749.338628][ T3296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 750.799344][ T3294] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 751.083954][ T3294] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 751.228221][ T3294] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 751.484552][ T3294] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 768.189266][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.216264][ T3294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 830.776718][ T3296] veth0_vlan: entered promiscuous mode [ 831.415049][ T3296] veth1_vlan: entered promiscuous mode [ 834.663879][ T3294] veth0_vlan: entered promiscuous mode [ 834.815833][ T3296] veth0_macvtap: entered promiscuous mode [ 835.347130][ T3296] veth1_macvtap: entered promiscuous mode [ 835.801299][ T3294] veth1_vlan: entered promiscuous mode [ 838.554343][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.559232][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.584232][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.594689][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 839.244005][ T3294] veth0_macvtap: entered promiscuous mode [ 839.726896][ T3294] veth1_macvtap: entered promiscuous mode [ 841.221782][ T25] audit: type=1400 audit(840.310:85): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 841.408975][ T25] audit: type=1400 audit(840.530:86): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.5CeRlK/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 841.692044][ T25] audit: type=1400 audit(840.810:87): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 842.128160][ T25] audit: type=1400 audit(841.190:88): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.5CeRlK/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 842.259630][ T25] audit: type=1400 audit(841.380:89): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.5CeRlK/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 842.376721][ T3294] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.392580][ T3294] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.404557][ T3294] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.425875][ T3294] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 842.807366][ T25] audit: type=1400 audit(841.930:90): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 843.136687][ T25] audit: type=1400 audit(842.220:91): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 843.307326][ T25] audit: type=1400 audit(842.430:92): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="gadgetfs" ino=3294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 843.648905][ T25] audit: type=1400 audit(842.770:93): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 843.812158][ T25] audit: type=1400 audit(842.870:94): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 845.254055][ T3296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 846.316413][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 846.339847][ T25] audit: type=1400 audit(845.430:96): avc: denied { read write } for pid=3296 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 846.354865][ T25] audit: type=1400 audit(845.470:97): avc: denied { open } for pid=3296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 846.422458][ T25] audit: type=1400 audit(845.470:98): avc: denied { ioctl } for pid=3296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 849.971741][ T25] audit: type=1400 audit(849.090:99): avc: denied { read } for pid=3438 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 850.048787][ T25] audit: type=1400 audit(849.170:100): avc: denied { open } for pid=3438 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 850.863273][ T25] audit: type=1400 audit(849.980:101): avc: denied { ioctl } for pid=3438 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 858.342097][ T25] audit: type=1400 audit(857.460:102): avc: denied { append } for pid=3444 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 900.101491][ T25] audit: type=1400 audit(899.190:103): avc: denied { write } for pid=3475 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 988.862370][ T25] audit: type=1400 audit(987.960:104): avc: denied { map } for pid=3533 comm="syz.1.28" path="pipe:[2441]" dev="pipefs" ino=2441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1038.345879][ T25] audit: type=1400 audit(1037.410:105): avc: denied { map } for pid=3566 comm="syz.1.37" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1038.669327][ T3564] kvm [3564]: Failed to find VMA for hva 0x208a1000 [ 1138.445148][ T3624] debugfs: File 'vgic-its-state@8080000' in directory '3624-4' already present! [ 1160.282843][ T25] audit: type=1400 audit(1159.300:106): avc: denied { execute } for pid=3636 comm="syz.0.57" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=7060 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1273.547286][ T25] audit: type=1400 audit(1272.670:107): avc: denied { ioctl } for pid=3717 comm="syz.1.79" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1660.752722][ T25] audit: type=1400 audit(1659.840:108): avc: denied { setattr } for pid=3974 comm="syz.0.153" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1895.568206][ T4132] kvm [4132]: Failed to find VMA for hva 0x21016000 [ 2733.019530][ T4699] KVM: debugfs: duplicate directory 4699-5 [ 3077.833907][ T4907] KVM: debugfs: duplicate directory 4907-4 [ 3218.957839][ T5006] kvm [5006]: Failed to find VMA for hva 0x20e8a000 [ 3513.597930][ T5207] kvm [5207]: Failed to find VMA for hva 0x21016000 [ 3552.647059][ T5237] debugfs: File 'vgic-its-state@8080000' in directory '5238-8' already present! [ 4061.565308][ T25] audit: type=1400 audit(4060.680:109): avc: denied { execute } for pid=5591 comm="syz.1.601" path=2F3239352FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=1508 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 4462.854747][ T5871] kvm [5871]: Failed to find VMA for hva 0x21016000 [ 4463.559049][ T5871] kvm [5871]: Failed to find VMA for hva 0x21016000 [ 4512.264768][ T5904] FAULT_INJECTION: forcing a failure. [ 4512.264768][ T5904] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 4512.325670][ T5904] CPU: 0 UID: 0 PID: 5904 Comm: syz.0.685 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 4512.326405][ T5904] Hardware name: linux,dummy-virt (DT) [ 4512.326894][ T5904] Call trace: [ 4512.327329][ T5904] show_stack+0x2c/0x3c (C) [ 4512.329250][ T5904] __dump_stack+0x30/0x40 [ 4512.329536][ T5904] dump_stack_lvl+0xd8/0x12c [ 4512.329866][ T5904] dump_stack+0x1c/0x28 [ 4512.330083][ T5904] should_fail_ex+0x570/0x6e0 [ 4512.330359][ T5904] should_fail+0x14/0x24 [ 4512.330621][ T5904] should_fail_usercopy+0x20/0x30 [ 4512.330909][ T5904] _inline_copy_from_user+0x3c/0x18c [ 4512.331130][ T5904] kstrtouint_from_user+0x70/0xf8 [ 4512.331424][ T5904] proc_fail_nth_write+0x4c/0x174 [ 4512.331687][ T5904] vfs_write+0x2c0/0xacc [ 4512.331929][ T5904] ksys_write+0x100/0x1f4 [ 4512.332152][ T5904] __arm64_sys_write+0x98/0xcc [ 4512.332368][ T5904] invoke_syscall+0x90/0x2b4 [ 4512.332642][ T5904] el0_svc_common+0x180/0x2f4 [ 4512.332933][ T5904] do_el0_svc+0x58/0x74 [ 4512.333211][ T5904] el0_svc+0x58/0x134 [ 4512.333444][ T5904] el0t_64_sync_handler+0x78/0x108 [ 4512.333683][ T5904] el0t_64_sync+0x198/0x19c [ 4597.755209][ T5967] KVM: debugfs: duplicate directory 5967-8 [ 5013.318637][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 5013.318637][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.398475][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.398475][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.443201][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.443201][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.536432][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.536432][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.586022][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.586022][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.616713][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.616713][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.663429][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.663429][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.705922][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.705922][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5013.843572][ T6223] kvm [6221]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5013.843572][ T6223] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5124.526456][ T6289] kvm [6289]: Failed to find VMA for hva 0x21016000 [ 5158.064566][ T6312] kvm [6312]: Failed to find VMA for hva 0x20c01000 [ 5205.428936][ T6338] kvm [6338]: Failed to find VMA for hva 0x21016000 [ 5425.612332][ T6477] kvm [6473]: Unsupported guest access at: eeef0000 [ 5425.612332][ T6477] { Op0( 2), Op1( 0), CRn( 0), CRm( 3), Op2( 2), func_read }, [ 5431.214497][ T6477] kvm [6477]: Failed to find VMA for hva 0x20d8d000 [ 5487.472959][ T6515] kvm [6515]: Failed to find VMA for hva 0x20d8d000 [ 5707.376551][ T25] audit: type=1400 audit(5706.500:110): avc: denied { execute } for pid=6660 comm="syz.1.901" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 6088.162271][ T6918] kvm [6918]: Failed to find VMA for hva 0x20d8d000 [ 6146.867000][ T6958] kvm [6958]: Failed to find VMA for hva 0x21016000 [ 6499.746903][ T7210] KVM: debugfs: duplicate directory 7210-4 [ 6552.025662][ T7242] KVM: debugfs: duplicate directory 7242-4 [ 6560.853841][ T7246] FAULT_INJECTION: forcing a failure. [ 6560.853841][ T7246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6560.862683][ T7246] CPU: 0 UID: 0 PID: 7246 Comm: syz.1.1062 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 6560.863051][ T7246] Hardware name: linux,dummy-virt (DT) [ 6560.863164][ T7246] Call trace: [ 6560.863245][ T7246] show_stack+0x2c/0x3c (C) [ 6560.863579][ T7246] __dump_stack+0x30/0x40 [ 6560.863819][ T7246] dump_stack_lvl+0xd8/0x12c [ 6560.864129][ T7246] dump_stack+0x1c/0x28 [ 6560.864318][ T7246] should_fail_ex+0x570/0x6e0 [ 6560.864586][ T7246] should_fail+0x14/0x24 [ 6560.864846][ T7246] should_fail_usercopy+0x20/0x30 [ 6560.865124][ T7246] _inline_copy_from_user+0x3c/0x18c [ 6560.865361][ T7246] kvm_arch_vcpu_ioctl+0x2a4/0x16ac [ 6560.865576][ T7246] kvm_vcpu_ioctl+0x5c0/0xc24 [ 6560.865825][ T7246] __arm64_sys_ioctl+0x18c/0x244 [ 6560.866137][ T7246] invoke_syscall+0x90/0x2b4 [ 6560.866406][ T7246] el0_svc_common+0x180/0x2f4 [ 6560.866666][ T7246] do_el0_svc+0x58/0x74 [ 6560.866945][ T7246] el0_svc+0x58/0x134 [ 6560.867173][ T7246] el0t_64_sync_handler+0x78/0x108 [ 6560.867398][ T7246] el0t_64_sync+0x198/0x19c [ 6571.953584][ T7251] kvm [7251]: Failed to find VMA for hva 0x20d8d000 [ 6582.674687][ T7266] FAULT_INJECTION: forcing a failure. [ 6582.674687][ T7266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6582.693648][ T7266] CPU: 0 UID: 0 PID: 7266 Comm: syz.0.1068 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 6582.694016][ T7266] Hardware name: linux,dummy-virt (DT) [ 6582.694126][ T7266] Call trace: [ 6582.694206][ T7266] show_stack+0x2c/0x3c (C) [ 6582.694546][ T7266] __dump_stack+0x30/0x40 [ 6582.694735][ T7266] dump_stack_lvl+0xd8/0x12c [ 6582.695042][ T7266] dump_stack+0x1c/0x28 [ 6582.695225][ T7266] should_fail_ex+0x570/0x6e0 [ 6582.695486][ T7266] should_fail+0x14/0x24 [ 6582.695771][ T7266] should_fail_usercopy+0x20/0x30 [ 6582.696066][ T7266] simple_read_from_buffer+0xd0/0x298 [ 6582.696310][ T7266] proc_fail_nth_read+0x114/0x178 [ 6582.696536][ T7266] vfs_read+0x220/0x958 [ 6582.696740][ T7266] ksys_read+0x100/0x1f4 [ 6582.696974][ T7266] __arm64_sys_read+0x98/0xcc [ 6582.697184][ T7266] invoke_syscall+0x90/0x2b4 [ 6582.697449][ T7266] el0_svc_common+0x180/0x2f4 [ 6582.697709][ T7266] do_el0_svc+0x58/0x74 [ 6582.697992][ T7266] el0_svc+0x58/0x134 [ 6582.698216][ T7266] el0t_64_sync_handler+0x78/0x108 [ 6582.698443][ T7266] el0t_64_sync+0x198/0x19c [ 6765.883943][ T7399] kvm [7399]: Failed to find VMA for hva 0x21016000 [ 7179.143780][ T7621] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7180.216692][ T7621] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7181.354684][ T7621] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7182.707246][ T7621] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7203.766473][ T7621] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7204.102239][ T7621] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7204.317841][ T7621] bond0 (unregistering): Released all slaves [ 7207.338430][ T7621] hsr_slave_0: left promiscuous mode [ 7207.472022][ T7621] hsr_slave_1: left promiscuous mode [ 7208.173326][ T7621] veth1_macvtap: left promiscuous mode [ 7208.184987][ T7621] veth0_macvtap: left promiscuous mode [ 7208.204500][ T7621] veth1_vlan: left promiscuous mode [ 7208.225513][ T7621] veth0_vlan: left promiscuous mode [ 7286.651683][ T7680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7286.976410][ T7680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7314.799452][ T7680] hsr_slave_0: entered promiscuous mode [ 7314.918063][ T7680] hsr_slave_1: entered promiscuous mode [ 7342.543174][ T7680] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7343.044878][ T7680] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7343.359320][ T7680] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7343.925283][ T7680] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7369.489072][ T7680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7469.119260][ T7680] veth0_vlan: entered promiscuous mode [ 7469.773654][ T7680] veth1_vlan: entered promiscuous mode [ 7471.842035][ T7680] veth0_macvtap: entered promiscuous mode [ 7472.238258][ T7680] veth1_macvtap: entered promiscuous mode [ 7474.594324][ T7680] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7474.602715][ T7680] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7474.614610][ T7680] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7474.654653][ T7680] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7477.201221][ T25] audit: type=1400 audit(7476.310:111): avc: denied { mounton } for pid=7680 comm="syz-executor" path="/syzkaller.HPLa15/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 7511.546974][ T7243] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7513.289119][ T7243] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7515.011855][ T7243] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7516.406070][ T7243] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7536.637669][ T7243] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7536.956883][ T7243] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7537.086662][ T7243] bond0 (unregistering): Released all slaves [ 7538.966905][ T7243] hsr_slave_0: left promiscuous mode [ 7539.057592][ T7243] hsr_slave_1: left promiscuous mode [ 7539.749464][ T7243] veth1_macvtap: left promiscuous mode [ 7539.825830][ T7243] veth0_macvtap: left promiscuous mode [ 7539.843978][ T7243] veth1_vlan: left promiscuous mode [ 7539.883165][ T7243] veth0_vlan: left promiscuous mode [ 7613.695487][ T7927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7614.123166][ T7927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7650.078671][ T7927] hsr_slave_0: entered promiscuous mode [ 7650.156438][ T7927] hsr_slave_1: entered promiscuous mode [ 7650.222818][ T7927] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 7650.232255][ T7927] Cannot create hsr debugfs directory [ 7671.698105][ T7927] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7672.168101][ T7927] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7672.478130][ T7927] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7672.863926][ T7927] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7703.616532][ T7927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7806.077455][ T7927] veth0_vlan: entered promiscuous mode [ 7807.093724][ T7927] veth1_vlan: entered promiscuous mode [ 7810.584948][ T7927] veth0_macvtap: entered promiscuous mode [ 7811.256390][ T7927] veth1_macvtap: entered promiscuous mode [ 7814.936146][ T7927] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7814.968590][ T7927] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7814.971401][ T7927] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7814.972348][ T7927] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 8140.517850][ T8404] kvm [8404]: Failed to find VMA for hva 0x2101a000 [ 8751.203277][ T8822] kvm [8822]: Failed to find VMA for hva 0x20d8d000 [ 9462.108737][ T9330] kvm [9330]: Failed to find VMA for hva 0x20c01000 [ 9592.637969][ T9423] kvm [9423]: Failed to find VMA for hva 0x20d8d000 [ 9886.874249][ T9617] kvm [9617]: Failed to find VMA for hva 0x20d8d000 [ 9934.278091][ T9651] kvm [9651]: Failed to find VMA for hva 0x2101a000 [10562.214825][T10081] KVM: debugfs: duplicate directory 10081-10 [10790.752993][T10248] ================================================================== [10790.753841][T10248] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [10790.754433][T10248] Read of size 1 at addr 00000000000013c8 by task syz.1.1804/10248 [10790.754806][T10248] [10790.755122][T10248] CPU: 0 UID: 0 PID: 10248 Comm: syz.1.1804 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [10790.755362][T10248] Hardware name: linux,dummy-virt (DT) [10790.755459][T10248] Call trace: [10790.755579][T10248] show_stack+0x2c/0x3c (C) [10790.755939][T10248] __dump_stack+0x30/0x40 [10790.756139][T10248] dump_stack_lvl+0xd8/0x12c [10790.756416][T10248] print_report+0x5c/0xa0 [10790.756646][T10248] kasan_report+0xb0/0x110 [10790.756902][T10248] __kasan_check_byte+0x3c/0x54 [10790.757150][T10248] lock_acquire+0xb0/0x2e0 [10790.757412][T10248] _raw_spin_lock_irqsave+0x5c/0x7c [10790.757636][T10248] kvm_vgic_set_owner+0x18c/0x294 [10790.757893][T10248] kvm_timer_enable+0x1c4/0x794 [10790.758116][T10248] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [10790.758333][T10248] kvm_vcpu_ioctl+0xae8/0xc24 [10790.758563][T10248] __arm64_sys_ioctl+0x18c/0x244 [10790.758859][T10248] invoke_syscall+0x90/0x2b4 [10790.759136][T10248] el0_svc_common+0x180/0x2f4 [10790.759390][T10248] do_el0_svc+0x58/0x74 [10790.759659][T10248] el0_svc+0x58/0x134 [10790.759886][T10248] el0t_64_sync_handler+0x78/0x108 [10790.760117][T10248] el0t_64_sync+0x198/0x19c [10790.760430][T10248] ================================================================== [10790.762664][T10248] Disabling lock debugging due to kernel taint [10790.763869][T10248] Unable to handle kernel paging request at virtual address ffef80000000013b [10790.764359][T10248] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [10790.764681][T10248] Mem abort info: [10790.764916][T10248] ESR = 0x0000000096000004 [10790.765237][T10248] EC = 0x25: DABT (current EL), IL = 32 bits [10790.765516][T10248] SET = 0, FnV = 0 [10790.765753][T10248] EA = 0, S1PTW = 0 [10790.766028][T10248] FSC = 0x04: level 0 translation fault [10790.766328][T10248] Data abort info: [10790.766563][T10248] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [10790.766823][T10248] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [10790.767117][T10248] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [10790.767518][T10248] [ffef80000000013b] address between user and kernel address ranges [10790.768421][T10248] Internal error: Oops: 0000000096000004 [#1] SMP [10790.796101][T10248] Modules linked in: [10790.798213][T10248] CPU: 0 UID: 0 PID: 10248 Comm: syz.1.1804 Tainted: G B 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [10790.800074][T10248] Tainted: [B]=BAD_PAGE [10790.800915][T10248] Hardware name: linux,dummy-virt (DT) [10790.802089][T10248] pstate: 604020c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [10790.803562][T10248] pc : do_raw_spin_lock+0x4c/0x2b4 [10790.804703][T10248] lr : _raw_spin_lock_irqsave+0x64/0x7c [10790.805873][T10248] sp : ffff80008cfa7930 [10790.806740][T10248] x29: ffff80008cfa7940 x28: 27f0000012ba3a80 x27: 27f0000012ba4ef0 [10790.808703][T10248] x26: 0000000000000001 x25: 27f0000012ba50d0 x24: 0000000000000010 [10790.810313][T10248] x23: 80ff80008cd09000 x22: 27f0000012ba3a80 x21: ffff800080208ab8 [10790.811974][T10248] x20: 00000000000013b0 x19: efff800000000000 x18: 000000018e5a6800 [10790.813531][T10248] x17: 00000000000000e9 x16: 00000000000000fe x15: 0000000000000000 [10790.815273][T10248] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [10790.817096][T10248] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [10790.818899][T10248] x8 : 00000000000013b4 x7 : ffff8000870d1e20 x6 : ffff800086599264 [10790.820442][T10248] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802afe9c [10790.822065][T10248] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [10790.823659][T10248] Call trace: [10790.824492][T10248] do_raw_spin_lock+0x4c/0x2b4 (P) [10790.825501][T10248] _raw_spin_lock_irqsave+0x64/0x7c [10790.826565][T10248] kvm_vgic_set_owner+0x18c/0x294 [10790.827618][T10248] kvm_timer_enable+0x1c4/0x794 [10790.828659][T10248] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [10790.829806][T10248] kvm_vcpu_ioctl+0xae8/0xc24 [10790.830872][T10248] __arm64_sys_ioctl+0x18c/0x244 [10790.831961][T10248] invoke_syscall+0x90/0x2b4 [10790.832865][T10248] el0_svc_common+0x180/0x2f4 [10790.833892][T10248] do_el0_svc+0x58/0x74 [10790.834838][T10248] el0_svc+0x58/0x134 [10790.835810][T10248] el0t_64_sync_handler+0x78/0x108 [10790.836863][T10248] el0t_64_sync+0x198/0x19c [10790.838359][T10248] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [10790.840246][T10248] ---[ end trace 0000000000000000 ]--- [10790.841879][T10248] Kernel panic - not syncing: Oops: Fatal exception [10790.844288][T10248] Kernel Offset: disabled [10790.845230][T10248] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f [10790.846481][T10248] Memory Limit: none [10790.847970][T10248] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:21:09 Registers: info registers vcpu 0 CPU#0 PC=ffff80008208eb6c X00=0000000000000003 X01=0000000000000002 X02=000000000000007c X03=ffff80008208ea68 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e7b000 X07=ffff8000870d1e20 X08=aef000001ca4bb00 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000073 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=00000000000000e9 X18=000000018e5a6800 X19=efff800000000000 X20=73f000000e049080 X21=d8ff80008c44b018 X22=0000000000000002 X23=73f000000e04917a X24=0000000000000073 X25=73f000000e0492c8 X26=73f000000e0490c8 X27=0000000000000073 X28=0000000000000073 X29=ffff80008cfa7090 X30=ffff80008208eb6c SP=ffff80008cfa7080 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0b00000000000000:0b00000000000000 Z01=0000000b00000000:0000000000000000 Z02=000000000000000b:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000000b:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc548b6f0:0000ffffc548b6f0 Z17=ffffff80ffffffd0:0000ffffc548b6c0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000