last executing test programs: 45.049643788s ago: executing program 1 (id=1596): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x2, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r2, 0x400454ce, 0x110c230008) 42.018001973s ago: executing program 0 (id=1597): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x30) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0xc86, 0x9, &(0x7f0000000000)=0x4}) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000080)={0x3}) (async) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000080)={0x3}) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r1, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x1, 0xdc, 0x9}}, @hvc={0x32, 0x40, {0x0, [0x5, 0x8, 0x7, 0x10001, 0x1]}}, @eret={0xe6, 0x18}, @code={0xa, 0x9c, {"600499d20080b8f2210180d2020080d2230180d2840180d2020000d400000013007008d500fc202e000008d5000000ebc05097d20040b8f2e10080d2220180d2830180d2a40080d2020000d400e09bd200a0b0f2a10180d2a20080d2030180d2440180d2020000d4603786d20020b8f2810180d2e20080d2430180d2840080d2020000d4007008d5"}}, @svc={0x122, 0x40, {0x84000000, [0x8, 0x4, 0x7, 0x6, 0x4]}}, @hvc={0x32, 0x40, {0xc4000014, [0x6, 0x5, 0x80, 0x58e6, 0x9]}}, @hvc={0x32, 0x40, {0x80003fff, [0x8103, 0x6, 0x7, 0x0, 0x200]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x2, 0xe, 0x0, 0x5, 0x4}}, @svc={0x122, 0x40, {0x8400000d, [0x0, 0x1, 0x8de, 0x80, 0x7ff]}}, @msr={0x14, 0x20, {0x603000000013e720, 0xfffffffffffffffa}}, @svc={0x122, 0x40, {0x80, [0x200, 0xffff, 0x7fffffffffffffff, 0x5, 0xa95]}}, @svc={0x122, 0x40, {0x84000012, [0x5, 0x5, 0x2, 0x101, 0x9]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x324}}, @code={0xa, 0xb4, {"008008d5800c83d20080b8f2610080d2020080d2e30080d2e40080d2020000d4008008d5e09392d20000b8f2410180d2420080d2c30180d2e40180d2020000d4006889d200e0b8f2e10180d2420080d2630180d2840080d2020000d4401b91d20080b0f2a10080d2420080d2830180d2840080d2020000d40068200e60df87d20080b0f2c10080d2620080d2a30080d2c40080d2020000d4008008d5000008d5"}}, @uexit={0x0, 0x18, 0x6}], 0x3d8}, &(0x7f0000000500)=[@featur1={0x1, 0x83}], 0x1) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x41, 0x0) ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000580)={0xb6, 0x0, 0x100000000}) (async) ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000580)={0xb6, 0x0, 0x100000000}) r2 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000600)={0x3, 0xffffffffffffffff}) r4 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000a40)={0x0, 0x2c0, 0x380, &(0x7f0000000640)=[0x7927, 0x70f2, 0x676a, 0xfffffffffffffffa, 0x10001, 0x3, 0x7fff, 0x7, 0x10, 0x9, 0x3, 0x1, 0x7fffffff, 0x0, 0xfff, 0x5, 0x3, 0x9, 0x7, 0x0, 0x5, 0x8, 0x101, 0x8, 0x3, 0x9, 0x100, 0x1, 0xffffffff, 0x6, 0x7, 0x7fffffffffffffff, 0x10000, 0x101, 0x2, 0x100, 0x4, 0x7fffffff, 0xff, 0x5f3, 0xaed, 0x8, 0xa, 0x800, 0x40, 0xee, 0x6, 0xe, 0xa, 0xf, 0x2, 0x65, 0x5, 0x2000, 0x5, 0xc, 0x4, 0x9, 0x7, 0x100, 0xfffffffffffff1ff, 0x20e0a696, 0x9, 0x0, 0x2, 0x10000, 0x7, 0xd00000000, 0x8000000000000000, 0x9, 0x7fff, 0xc716, 0x2, 0x6, 0x7, 0x8001, 0x80000000, 0x1, 0x9, 0xde, 0x9, 0x5, 0x7fff, 0x4, 0x2, 0x4, 0x3, 0x9, 0x5, 0x8, 0x9, 0x1000, 0x8, 0x101, 0x2c00, 0x1, 0x2, 0x9, 0x8, 0x584, 0x2, 0x2, 0x6, 0x0, 0x10000, 0x1, 0x7, 0x519538af, 0x5, 0x7fffffffffffffff, 0x6, 0x0, 0x80000001, 0x1, 0x384, 0x5, 0x2, 0x3, 0x200, 0xbb7d, 0x3, 0x100000001, 0xf, 0x8, 0x36fb14ad, 0x100000000, 0xfffffffffffffffe, 0x10001]}) (async) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000a40)={0x0, 0x2c0, 0x380, &(0x7f0000000640)=[0x7927, 0x70f2, 0x676a, 0xfffffffffffffffa, 0x10001, 0x3, 0x7fff, 0x7, 0x10, 0x9, 0x3, 0x1, 0x7fffffff, 0x0, 0xfff, 0x5, 0x3, 0x9, 0x7, 0x0, 0x5, 0x8, 0x101, 0x8, 0x3, 0x9, 0x100, 0x1, 0xffffffff, 0x6, 0x7, 0x7fffffffffffffff, 0x10000, 0x101, 0x2, 0x100, 0x4, 0x7fffffff, 0xff, 0x5f3, 0xaed, 0x8, 0xa, 0x800, 0x40, 0xee, 0x6, 0xe, 0xa, 0xf, 0x2, 0x65, 0x5, 0x2000, 0x5, 0xc, 0x4, 0x9, 0x7, 0x100, 0xfffffffffffff1ff, 0x20e0a696, 0x9, 0x0, 0x2, 0x10000, 0x7, 0xd00000000, 0x8000000000000000, 0x9, 0x7fff, 0xc716, 0x2, 0x6, 0x7, 0x8001, 0x80000000, 0x1, 0x9, 0xde, 0x9, 0x5, 0x7fff, 0x4, 0x2, 0x4, 0x3, 0x9, 0x5, 0x8, 0x9, 0x1000, 0x8, 0x101, 0x2c00, 0x1, 0x2, 0x9, 0x8, 0x584, 0x2, 0x2, 0x6, 0x0, 0x10000, 0x1, 0x7, 0x519538af, 0x5, 0x7fffffffffffffff, 0x6, 0x0, 0x80000001, 0x1, 0x384, 0x5, 0x2, 0x3, 0x200, 0xbb7d, 0x3, 0x100000001, 0xf, 0x8, 0x36fb14ad, 0x100000000, 0xfffffffffffffffe, 0x10001]}) ioctl$KVM_SET_USER_MEMORY_REGION2(r4, 0x40a0ae49, &(0x7f0000000a80)={0x10201, 0x2, 0x1, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0x6, r2}) ioctl$KVM_RESET_DIRTY_RINGS(r4, 0xaec7) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000b40)={0x3, 0x7a0}) (async) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000b40)={0x3, 0x7a0}) close(r3) ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000b80)={0x1, 0x2}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000bc0), 0x181c00, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000c00), 0x30341, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x16) (async) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x16) ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000c80)=@attr_other={0x0, 0x8697, 0x74bb6c3, &(0x7f0000000c40)=0x6000000000}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000cc0)={0x2}) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000cc0)={0x2}) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000d00)={0x800, 0x9}) syz_kvm_vgic_v3_setup(r4, 0x1, 0x220) (async) syz_kvm_vgic_v3_setup(r4, 0x1, 0x220) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x22) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000d40)={0x0, 0x10a000, 0x1}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000d80)={0x1, 0xea3d}) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000d80)={0x1, 0xea3d}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f00008c7000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f00008c7000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000dc0)={0x9}) 39.237225092s ago: executing program 1 (id=1598): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x3, 0x11, 0xffffffffffffffff, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x200}) (async) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async) r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) (async) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x1c) syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r10, 0x4004ae99, &(0x7f0000000080)=0xa) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x2000, &(0x7f0000ecf000/0x2000)=nil}) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) (async) r15 = syz_kvm_vgic_v3_setup(r14, 0x2, 0x80) ioctl$KVM_GET_DEVICE_ATTR(r15, 0x4018aee2, &(0x7f0000000200)=@attr_arm64={0x0, 0x6, 0x3, 0x0}) 36.628650515s ago: executing program 0 (id=1599): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x400454e2, 0x20000110c210023) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r13 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r12, 0x0) (async) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r14, 0x7, 0x110, r6, 0x0) 31.719128488s ago: executing program 1 (id=1600): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x40) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, 0x0, 0xb}], 0x10, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) close(0x3) (async) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) r6 = eventfd2(0x5e000000, 0x80801) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000d1b000/0x3000)=nil, r14, 0x3, 0x10913, r13, 0x0) (async) r15 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) (async) r16 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) close(r15) (async, rerun: 32) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async, rerun: 32) close(0x4) (async) close(0x5) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x100000000, 0xf000, 0x4, r6, 0x8}) 29.199710262s ago: executing program 0 (id=1601): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x6c, 0x5, 0x1}}) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x2, 0xeeee9000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) (async) r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x4, 0x8000000000000000, &(0x7f00000000c0)=0x3}) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000140)) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r2, 0x3000001, 0x8010, r1, 0x0) (async) ioctl$KVM_RESET_DIRTY_RINGS(r0, 0xaec7) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x6, 0x4000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) (async) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000240)=@arm64_fp={0x60400000001000aa, &(0x7f0000000200)=0xf9}) (async) ioctl$KVM_GET_REGS(r1, 0x8360ae81, &(0x7f0000000280)) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000380)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000340)=0x7}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f00000003c0)={0xfd}) (async) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000740)={0x0, &(0x7f0000000400)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0xc, 0x0, 0x9, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0xd5}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x5, 0x8, 0x3ff, 0x1}}, @code={0xa, 0x6c, {"001c200e0060c00d0020c09a00e4002f20d58ed200e0b8f2810180d2220080d2230080d2a40080d2020000d40004002f000840ba000040f9a0df94d20000b0f2a10180d2420080d2630180d2840180d2020000d40000251e"}}, @code={0xa, 0x54, {"0078205e007008d500a4004f0040600d000008d500b8a12ea05790d20060b0f2210080d2620080d2a30180d2440180d2020000d400001fd6003c200e000440fc"}}, @memwrite={0x6e, 0x30, @generic={0xf000, 0x85, 0x1}}, @eret={0xe6, 0x18, 0x7ff}, @code={0xa, 0xcc, {"00078ad20040b8f2610080d2620080d2e30180d2a40180d2020000d4a09385d20040b8f2410180d2e20080d2c30080d2040180d2020000d480f58fd200e0b0f2a10180d2a20080d2430180d2c40180d2020000d4203692d20020b0f2410180d2e20180d2030180d2240080d2020000d4000028d5c0e59ed20020b8f2210180d2020080d2630180d2e40180d2020000d41f2003d5007008d5008008d5e0e08ad20080b8f2610080d2820180d2830080d2440080d2020000d4"}}, @uexit={0x0, 0x18, 0xb}, @eret={0xe6, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013e687}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @smc={0x1e, 0x40, {0xc4000003, [0x10, 0x6718, 0x2, 0x2, 0x165e7ff3]}}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @eret={0xe6, 0x18, 0x5}], 0x31c}, &(0x7f0000000780)=[@featur1={0x1, 0xc0}], 0x1) munmap(&(0x7f0000e7f000/0x3000)=nil, 0x3000) (async) ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000800)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000007c0)={0xff0f, 0x2}}) (async) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000880)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000840)=0x8}) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000a80)={0x0, &(0x7f00000008c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x6, 0x9}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18}, @code={0xa, 0xcc, {"e00194d200e0b8f2210180d2820080d2630180d2840180d2020000d460b691d200e0b0f2e10180d2420180d2030180d2240080d2020000d4804d8cd20040b8f2010180d2220180d2e30180d2240180d2020000d400a4600d40cc84d200a0b8f2010080d2c20080d2230080d2440080d2020000d4000820f8204c9fd20020b0f2c10180d2c20180d2230080d2640080d2020000d400709f0c000028d5405e90d20020b8f2210080d2e20180d2e30080d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x5}, @eret={0xe6, 0x18, 0x13}, @eret={0xe6, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x24}}, @msr={0x14, 0x20, {0x603000000013deae, 0x9}}], 0x1bc}, &(0x7f0000000ac0)=[@featur1={0x1, 0x8}], 0x1) close(r1) (async) ioctl$KVM_SET_SREGS(r4, 0x4000ae84, &(0x7f0000000b00)={{0x4, 0x10000, 0xd, 0x0, 0x9, 0x7, 0x5, 0x20, 0x2, 0xf1, 0x7, 0x3}, {0x6000, 0x8080000, 0x6, 0xe7, 0x7, 0x57, 0x8, 0x1, 0xa, 0xc, 0x0, 0x7f}, {0x8080000, 0x100000, 0xd, 0x5, 0x40, 0x1, 0x5, 0x94, 0x3, 0x4, 0xe, 0x7}, {0x2, 0xd000, 0x8, 0x2, 0xf, 0x8, 0x3, 0x34, 0x8, 0x1, 0x0, 0x4}, {0x4, 0xeeef0000, 0xe, 0x7, 0x7, 0xd2, 0x5, 0x81, 0x81, 0x4, 0x6}, {0x0, 0x4, 0x1b, 0x5, 0x5, 0x7, 0xff, 0xf, 0x1, 0x4, 0x1, 0x4}, {0xeeef0000, 0xd000, 0xe, 0x2, 0x4, 0x4, 0x8, 0xc0, 0x0, 0x0, 0x49, 0x3}, {0x100000, 0x80a0000, 0x8, 0x40, 0x4, 0x8, 0x3, 0x0, 0x1, 0xe, 0xc, 0x8}, {0xf000, 0x5}, {0x5000, 0x3ff}, 0x2, 0x0, 0xeeee0000, 0x4000, 0x3, 0x4000, 0x2, [0xace, 0x7, 0xfffffffffffffe38, 0x3c]}) (async) ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000c40)={0x2, 0x3}) (async) syz_kvm_vgic_v3_setup(r0, 0x4, 0x1a0) (async) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) (async) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000c80)={0x10004, 0x0, &(0x7f0000d55000/0x2000)=nil}) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x0) (async) ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000cc0)={0x9, 0x8}) 23.319837373s ago: executing program 1 (id=1602): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)=[@eret={0xe6, 0x18, 0xffffffffffffffff}, @msr={0x14, 0x20, {0x603000000013c011, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x9f}}, @smc={0x1e, 0x40, {0x84000010, [0x9, 0x3, 0x4, 0x10000, 0x101]}}, @eret={0xe6, 0x18, 0xffff}, @eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013e534}}, @mrs={0xbe, 0x18, {0x6030000000138064}}, @mrs={0xbe, 0x18, {0x603000000013df79}}, @uexit={0x0, 0x18, 0x5d4}, @mrs={0xbe, 0x18, {0x603000000013c030}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x3, 0x2}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x308}}, @mrs={0xbe, 0x18, {0x603000000013deab}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x4, 0x7, 0xe4af, 0x4, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xae8cfd892ccc9288, 0x3, 0x2}}, @eret={0xe6, 0x18, 0x101}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0xffffffffffffffbb, 0xb}}], 0x248}, &(0x7f0000000400), 0x1) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef000000003a08000000000000010000000000000002c0f7000000000003000000000000000402000000000000140000000000000020000000000000008480130000003060a3"], 0x60}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000004c0)=@arm64_fw={0x6130000000140005, &(0x7f0000000480)=0x100000001}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x541b, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r9, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0xf81e, 0x200, 0x0}) 23.007396405s ago: executing program 0 (id=1603): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef000000003a08000000000000010000000000000002c0f70000000000030000000000000004020000000000001400000000000000200000000000000084801300f0003060a3"], 0x60}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 13.977398753s ago: executing program 0 (id=1604): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x0, 0x0, 0x79, 0x1}}], 0xffffffffffffffcb}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x9}) 12.7194272s ago: executing program 1 (id=1605): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x40000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0) mmap$KVM_VCPU(&(0x7f0000dd5000/0x4000)=nil, 0x930, 0x0, 0x20010, r13, 0x0) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r14, 0x8, 0x13, r13, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r14, 0x1000001, 0x12, r13, 0x0) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r12, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x8010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) munmap(&(0x7f00006a4000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) r16 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=[@featur2={0x1, 0x8}], 0x1) 3.861406411s ago: executing program 0 (id=1606): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x40000000000001a) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3c) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = eventfd2(0xd, 0x1) close(r6) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f00002b9000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0xa, 0x0}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r11, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) eventfd2(0x8001, 0x80000) write$eventfd(r6, 0x0, 0x500) write$eventfd(r6, &(0x7f0000000000)=0x1, 0x8) 0s ago: executing program 1 (id=1607): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)=@arm64_extra={0x603000000013c027, &(0x7f0000000200)}) kernel console output (not intermixed with test programs): [ 390.037773][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.321206][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:32175' (ED25519) to the list of known hosts. [ 603.859922][ T25] audit: type=1400 audit(603.100:61): avc: denied { name_bind } for pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 604.759094][ T25] audit: type=1400 audit(604.000:62): avc: denied { execute } for pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 604.787753][ T25] audit: type=1400 audit(604.030:63): avc: denied { execute_no_trans } for pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 628.198458][ T25] audit: type=1400 audit(627.440:64): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 628.253905][ T25] audit: type=1400 audit(627.490:65): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 628.336769][ T3325] cgroup: Unknown subsys name 'net' [ 628.406934][ T25] audit: type=1400 audit(627.650:66): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 628.902590][ T3325] cgroup: Unknown subsys name 'cpuset' [ 629.047243][ T3325] cgroup: Unknown subsys name 'rlimit' [ 630.010613][ T25] audit: type=1400 audit(629.250:67): avc: denied { setattr } for pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 630.037438][ T25] audit: type=1400 audit(629.280:68): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 630.054302][ T25] audit: type=1400 audit(629.290:69): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 631.125074][ T3329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 631.144266][ T25] audit: type=1400 audit(630.380:70): avc: denied { relabelto } for pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.176098][ T25] audit: type=1400 audit(630.410:71): avc: denied { write } for pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 631.345604][ T25] audit: type=1400 audit(630.580:72): avc: denied { read } for pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.364685][ T25] audit: type=1400 audit(630.600:73): avc: denied { open } for pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.410125][ T3325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 688.083793][ T25] audit: type=1400 audit(687.320:74): avc: denied { execmem } for pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 692.454279][ T25] audit: type=1400 audit(691.690:75): avc: denied { read } for pid=3337 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 692.474961][ T25] audit: type=1400 audit(691.710:76): avc: denied { open } for pid=3337 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 692.534021][ T25] audit: type=1400 audit(691.770:77): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 692.791240][ T25] audit: type=1400 audit(692.030:78): avc: denied { module_request } for pid=3338 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 692.816952][ T25] audit: type=1400 audit(692.050:79): avc: denied { module_request } for pid=3337 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 693.820779][ T25] audit: type=1400 audit(693.040:80): avc: denied { sys_module } for pid=3337 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 720.089990][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.336340][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.398750][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.684430][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.188543][ T3338] hsr_slave_0: entered promiscuous mode [ 732.217584][ T3338] hsr_slave_1: entered promiscuous mode [ 733.065613][ T3337] hsr_slave_0: entered promiscuous mode [ 733.098372][ T3337] hsr_slave_1: entered promiscuous mode [ 733.121730][ T3337] debugfs: 'hsr0' already exists in 'hsr' [ 733.138599][ T3337] Cannot create hsr debugfs directory [ 738.570069][ T25] audit: type=1400 audit(737.810:81): avc: denied { create } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.627167][ T25] audit: type=1400 audit(737.860:82): avc: denied { write } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.656988][ T25] audit: type=1400 audit(737.890:83): avc: denied { read } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.788702][ T3338] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 739.165433][ T3338] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 739.533664][ T3338] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 739.880803][ T3338] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 741.451591][ T3337] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 741.610524][ T3337] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 741.761690][ T3337] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 741.975458][ T3337] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 753.689290][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 756.090128][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.026576][ T3338] veth0_vlan: entered promiscuous mode [ 808.581425][ T3338] veth1_vlan: entered promiscuous mode [ 810.316063][ T3337] veth0_vlan: entered promiscuous mode [ 810.819287][ T3338] veth0_macvtap: entered promiscuous mode [ 811.049832][ T3337] veth1_vlan: entered promiscuous mode [ 811.365691][ T3338] veth1_macvtap: entered promiscuous mode [ 813.726271][ T3348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.778117][ T3337] veth0_macvtap: entered promiscuous mode [ 813.835309][ T3348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.839426][ T3348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.849438][ T3348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.189377][ T3337] veth1_macvtap: entered promiscuous mode [ 816.394186][ T25] audit: type=1400 audit(815.620:84): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 816.659020][ T25] audit: type=1400 audit(815.890:85): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.txN695/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 816.886742][ T25] audit: type=1400 audit(816.130:86): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 817.396716][ T25] audit: type=1400 audit(816.590:87): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.txN695/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 817.449769][ T2137] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 817.466561][ T2137] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 817.510274][ T3348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 817.511473][ T3348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 817.674336][ T25] audit: type=1400 audit(816.910:88): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.txN695/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 818.954951][ T25] audit: type=1400 audit(818.190:89): avc: denied { unmount } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 819.195550][ T25] audit: type=1400 audit(818.430:90): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 819.319810][ T25] audit: type=1400 audit(818.560:91): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="gadgetfs" ino=3801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 819.944018][ T25] audit: type=1400 audit(819.080:92): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 820.073201][ T25] audit: type=1400 audit(819.310:93): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 821.618888][ T3338] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 823.188771][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 823.206047][ T25] audit: type=1400 audit(822.430:95): avc: denied { read write } for pid=3338 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 823.243781][ T25] audit: type=1400 audit(822.480:96): avc: denied { open } for pid=3338 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 823.325949][ T25] audit: type=1400 audit(822.550:97): avc: denied { ioctl } for pid=3338 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 834.667963][ T25] audit: type=1400 audit(833.910:98): avc: denied { read } for pid=3490 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 834.698678][ T25] audit: type=1400 audit(833.940:99): avc: denied { open } for pid=3490 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 835.498423][ T25] audit: type=1400 audit(834.720:100): avc: denied { ioctl } for pid=3490 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.928854][ T25] audit: type=1400 audit(845.100:101): avc: denied { execute } for pid=3498 comm="syz.0.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3941 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 847.200865][ T25] audit: type=1400 audit(846.440:102): avc: denied { write } for pid=3498 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.850665][ T25] audit: type=1400 audit(854.090:103): avc: denied { append } for pid=3503 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 920.106940][ T25] audit: type=1400 audit(919.350:104): avc: denied { create } for pid=3544 comm="syz.1.19" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 920.178314][ T25] audit: type=1400 audit(919.420:105): avc: denied { map } for pid=3544 comm="syz.1.19" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=4815 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 920.258030][ T25] audit: type=1400 audit(919.490:106): avc: denied { read } for pid=3544 comm="syz.1.19" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=4815 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 928.728036][ T25] audit: type=1400 audit(927.970:107): avc: denied { ioctl } for pid=3549 comm="syz.0.20" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 935.521070][ T25] audit: type=1400 audit(934.760:108): avc: denied { map } for pid=3554 comm="syz.0.22" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 935.601559][ T25] audit: type=1400 audit(934.810:109): avc: denied { execute } for pid=3554 comm="syz.0.22" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1163.120026][ T25] audit: type=1400 audit(1162.350:110): avc: denied { setattr } for pid=3683 comm="syz.1.64" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1327.678036][ T3800] kvm [3800]: Failed to find VMA for hva 0x21016000 [ 1380.584033][ T3835] kvm [3835]: Failed to find VMA for hva 0x20db9000 [ 1393.536623][ T3842] kvm [3842]: Failed to find VMA for hva 0x20c01000 [ 1704.358873][ T4081] kvm [4081]: Failed to find VMA for hva 0x21016000 [ 1887.756031][ T4198] kvm [4198]: Failed to find VMA for hva 0x21016000 [ 1887.866579][ T4198] kvm [4198]: Failed to find VMA for hva 0x21016000 [ 1957.477684][ T4236] kvm [4236]: Failed to find VMA for hva 0x20dda000 [ 2260.350925][ T4411] kvm [4409]: Unsupported guest access at: eeef0000 [ 2260.350925][ T4411] { Op0( 2), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 2490.059753][ T4554] kvm [4554]: Failed to find VMA for hva 0x20e51000 [ 2490.100845][ T4556] kvm [4556]: Failed to find VMA for hva 0x20e51000 [ 2597.533083][ T4633] KVM: debugfs: duplicate directory 4633-8 [ 2597.820282][ T4633] KVM: debugfs: duplicate directory 4633-8 [ 2623.895544][ T4646] debugfs: 'vgic-its-state@8080000' already exists in '4646-9' [ 2677.878257][ T4682] kvm [4682]: Failed to find VMA for hva 0x20e03000 [ 2868.050026][ T25] audit: type=1400 audit(2867.280:111): avc: denied { map } for pid=4802 comm="syz.0.412" path="pipe:[2797]" dev="pipefs" ino=2797 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 2968.668292][ T4874] kvm [4874]: Failed to find VMA for hva 0x21016000 [ 3061.969159][ T4944] kvm [4944]: Failed to find VMA for hva 0x20d8d000 [ 3199.786515][ T5032] kvm [5032]: Failed to find VMA for hva 0x20c01000 [ 3206.175698][ T5036] kvm [5036]: Failed to find VMA for hva 0x20e51000 [ 3693.267932][ T5355] kvm [5355]: Failed to find VMA for hva 0x21016000 [ 4019.800177][ T25] audit: type=1400 audit(4019.010:112): avc: denied { ioctl } for pid=5555 comm="syz.0.646" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=41571 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 4304.568568][ T5741] kvm [5741]: Failed to find VMA for hva 0x21016000 [ 4389.265599][ T5803] kvm [5803]: Failed to find VMA for hva 0x21016000 [ 4469.268519][ T5854] kvm [5854]: Failed to find VMA for hva 0x20d8d000 [ 4634.047966][ T5957] kvm [5957]: Failed to find VMA for hva 0x21016000 [ 4657.269128][ T5973] kvm [5973]: Failed to find VMA for hva 0x21016000 [ 4715.150460][ T6006] kvm [6006]: Failed to find VMA for hva 0x21016000 [ 4969.927494][ T25] audit: type=1400 audit(4969.120:113): avc: denied { execute } for pid=6164 comm="syz.1.840" path="/423/T" dev="tmpfs" ino=2150 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 5014.100821][ T6196] debugfs: 'vgic-its-state@8080000' already exists in '6195-4' [ 5050.347497][ T6225] kvm [6225]: Failed to find VMA for hva 0x21016000 [ 5074.140618][ T6245] kvm [6245]: Failed to find VMA for hva 0x21016000 [ 5074.259139][ T6245] kvm [6245]: Failed to find VMA for hva 0x21016000 [ 5074.358837][ T6245] kvm [6245]: Failed to find VMA for hva 0x21016000 [ 5074.389099][ T6245] kvm [6245]: Failed to find VMA for hva 0x21016000 [ 5074.449743][ T6245] kvm [6245]: Failed to find VMA for hva 0x21016000 [ 5120.749420][ T6269] kvm [6269]: Failed to find VMA for hva 0x21016000 [ 5120.968239][ T6269] kvm [6269]: Failed to find VMA for hva 0x21016000 [ 5599.320701][ T6586] kvm [6586]: Failed to find VMA for hva 0x21016000 [ 5733.149586][ T6669] kvm [6669]: Failed to find VMA for hva 0x20c01000 [ 5793.609505][ T6713] kvm [6713]: Failed to find VMA for hva 0x20e8a000 [ 5983.066284][ T6835] kvm [6835]: Failed to find VMA for hva 0x20e51000 [ 6393.849531][ T7112] kvm [7112]: Failed to find VMA for hva 0x20c01000 [ 6683.705755][ T6721] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6684.945106][ T6721] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6686.287559][ T6721] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6687.567506][ T6721] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6707.325100][ T6721] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6707.729724][ T6721] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6707.995211][ T6721] bond0 (unregistering): Released all slaves [ 6710.175338][ T6721] hsr_slave_0: left promiscuous mode [ 6710.236667][ T6721] hsr_slave_1: left promiscuous mode [ 6710.757186][ T6721] veth1_macvtap: left promiscuous mode [ 6710.795019][ T6721] veth0_macvtap: left promiscuous mode [ 6710.811512][ T6721] veth1_vlan: left promiscuous mode [ 6710.821365][ T6721] veth0_vlan: left promiscuous mode [ 6789.761161][ T7300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6790.125754][ T7300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6818.415266][ T7300] hsr_slave_0: entered promiscuous mode [ 6818.470081][ T7300] hsr_slave_1: entered promiscuous mode [ 6818.534533][ T7300] debugfs: 'hsr0' already exists in 'hsr' [ 6818.537598][ T7300] Cannot create hsr debugfs directory [ 6821.618397][ T7407] kvm [7407]: Failed to find VMA for hva 0x21016000 [ 6842.087181][ T7300] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6842.491139][ T7300] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6842.781301][ T7300] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6843.246099][ T7300] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6868.846621][ T7300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6872.799117][ T7446] kvm [7446]: Failed to find VMA for hva 0x20c01000 [ 6959.679369][ T7300] veth0_vlan: entered promiscuous mode [ 6960.666425][ T7300] veth1_vlan: entered promiscuous mode [ 6963.920844][ T7300] veth0_macvtap: entered promiscuous mode [ 6964.441477][ T7300] veth1_macvtap: entered promiscuous mode [ 6968.098571][ T7325] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6968.107176][ T7325] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6968.124155][ T7325] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6968.163827][ T7325] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6998.378946][ T6721] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6999.848260][ T6721] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7000.954840][ T6721] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7002.138255][ T6721] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7020.308292][ T6721] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7020.609081][ T6721] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7020.877803][ T6721] bond0 (unregistering): Released all slaves [ 7023.484928][ T6721] hsr_slave_0: left promiscuous mode [ 7023.614544][ T6721] hsr_slave_1: left promiscuous mode [ 7024.423504][ T6721] veth1_macvtap: left promiscuous mode [ 7024.427314][ T6721] veth0_macvtap: left promiscuous mode [ 7024.456285][ T6721] veth1_vlan: left promiscuous mode [ 7024.484641][ T6721] veth0_vlan: left promiscuous mode [ 7047.191456][ T7572] kvm [7572]: Failed to find VMA for hva 0x21016000 [ 7101.994125][ T7545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7102.299230][ T7545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7128.137494][ T7545] hsr_slave_0: entered promiscuous mode [ 7128.230160][ T7545] hsr_slave_1: entered promiscuous mode [ 7154.829512][ T7545] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7155.239580][ T7545] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7155.553401][ T7545] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7155.861299][ T7545] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7179.790078][ T7545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7274.677543][ T7545] veth0_vlan: entered promiscuous mode [ 7275.992896][ T7545] veth1_vlan: entered promiscuous mode [ 7279.414566][ T7545] veth0_macvtap: entered promiscuous mode [ 7280.100908][ T7545] veth1_macvtap: entered promiscuous mode [ 7283.624216][ T5302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7283.643213][ T7187] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7283.644304][ T7187] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7283.645083][ T7187] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7584.071230][ T7962] kvm [7962]: Failed to find VMA for hva 0x20c01000 [ 7728.967882][ T8059] KVM: debugfs: duplicate directory 8059-5 [ 8370.167044][ T8488] kvm [8488]: Failed to find VMA for hva 0x21016000 [ 8420.927310][ T8528] kvm [8528]: Failed to find VMA for hva 0x21016000 [ 8432.189355][ T8542] kvm [8542]: Failed to find VMA for hva 0x21016000 [ 8441.058871][ T8548] kvm [8548]: Failed to find VMA for hva 0x20c01000 [ 8456.000738][ T8560] kvm [8560]: Failed to find VMA for hva 0x21016000 [ 8492.227877][ T8576] kvm [8576]: Failed to find VMA for hva 0x21016000 [ 8500.967862][ T8579] kvm [8579]: Failed to find VMA for hva 0x20c01000 [ 8524.614937][ T8597] kvm [8597]: Failed to find VMA for hva 0x21016000 [ 8554.651333][ T8615] kvm [8615]: Failed to find VMA for hva 0x21016000 [ 8615.449766][ T8653] kvm [8653]: Failed to find VMA for hva 0x21016000 [ 8615.616270][ T8653] kvm [8653]: Failed to find VMA for hva 0x21016000 [ 8821.740637][ T8790] FAULT_INJECTION: forcing a failure. [ 8821.740637][ T8790] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 8821.776916][ T8790] CPU: 0 UID: 0 PID: 8790 Comm: syz.1.1560 Not tainted syzkaller #0 PREEMPT [ 8821.777572][ T8790] Hardware name: linux,dummy-virt (DT) [ 8821.778056][ T8790] Call trace: [ 8821.778457][ T8790] show_stack+0x2c/0x3c (C) [ 8821.780350][ T8790] __dump_stack+0x30/0x40 [ 8821.780615][ T8790] dump_stack_lvl+0xd8/0x12c [ 8821.780855][ T8790] dump_stack+0x1c/0x28 [ 8821.781048][ T8790] should_fail_ex+0x570/0x6e0 [ 8821.781268][ T8790] should_fail_alloc_page+0xd4/0xd8 [ 8821.781483][ T8790] prepare_alloc_pages+0x20c/0x5e0 [ 8821.781822][ T8790] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 8821.782126][ T8790] alloc_pages_mpol+0x204/0x4c8 [ 8821.782414][ T8790] alloc_pages_noprof+0x104/0x2ec [ 8821.782729][ T8790] alloc_skb_with_frags+0x1f0/0x620 [ 8821.783011][ T8790] sock_alloc_send_pskb+0x820/0x91c [ 8821.783321][ T8790] tun_get_user+0x704/0x39cc [ 8821.783612][ T8790] tun_chr_write_iter+0x138/0x248 [ 8821.783922][ T8790] vfs_write+0xa34/0xb1c [ 8821.784159][ T8790] ksys_write+0x100/0x1f4 [ 8821.784397][ T8790] __arm64_sys_write+0x98/0xcc [ 8821.784660][ T8790] invoke_syscall+0x90/0x238 [ 8821.784955][ T8790] el0_svc_common+0x180/0x2f4 [ 8821.785243][ T8790] do_el0_svc+0x58/0x74 [ 8821.785518][ T8790] el0_svc+0x5c/0x234 [ 8821.785819][ T8790] el0t_64_sync_handler+0x84/0x12c [ 8821.786101][ T8790] el0t_64_sync+0x198/0x19c [ 8845.586297][ T8809] FAULT_INJECTION: forcing a failure. [ 8845.586297][ T8809] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 8845.614550][ T8809] CPU: 0 UID: 0 PID: 8809 Comm: syz.0.1566 Not tainted syzkaller #0 PREEMPT [ 8845.614975][ T8809] Hardware name: linux,dummy-virt (DT) [ 8845.615086][ T8809] Call trace: [ 8845.615166][ T8809] show_stack+0x2c/0x3c (C) [ 8845.615554][ T8809] __dump_stack+0x30/0x40 [ 8845.615784][ T8809] dump_stack_lvl+0xd8/0x12c [ 8845.615987][ T8809] dump_stack+0x1c/0x28 [ 8845.616176][ T8809] should_fail_ex+0x570/0x6e0 [ 8845.616396][ T8809] should_fail+0x14/0x24 [ 8845.616602][ T8809] should_fail_usercopy+0x20/0x30 [ 8845.616860][ T8809] _copy_from_iter+0x1a0/0x187c [ 8845.617073][ T8809] skb_copy_datagram_from_iter+0x10c/0x688 [ 8845.617373][ T8809] tun_get_user+0x1294/0x39cc [ 8845.617667][ T8809] tun_chr_write_iter+0x138/0x248 [ 8845.617961][ T8809] vfs_write+0xa34/0xb1c [ 8845.618205][ T8809] ksys_write+0x100/0x1f4 [ 8845.618440][ T8809] __arm64_sys_write+0x98/0xcc [ 8845.618691][ T8809] invoke_syscall+0x90/0x238 [ 8845.618991][ T8809] el0_svc_common+0x180/0x2f4 [ 8845.619304][ T8809] do_el0_svc+0x58/0x74 [ 8845.619590][ T8809] el0_svc+0x5c/0x234 [ 8845.619901][ T8809] el0t_64_sync_handler+0x84/0x12c [ 8845.620185][ T8809] el0t_64_sync+0x198/0x19c [ 8867.244525][ T8824] FAULT_INJECTION: forcing a failure. [ 8867.244525][ T8824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 8867.258459][ T8824] CPU: 0 UID: 0 PID: 8824 Comm: syz.0.1571 Not tainted syzkaller #0 PREEMPT [ 8867.258870][ T8824] Hardware name: linux,dummy-virt (DT) [ 8867.258981][ T8824] Call trace: [ 8867.259061][ T8824] show_stack+0x2c/0x3c (C) [ 8867.259455][ T8824] __dump_stack+0x30/0x40 [ 8867.259688][ T8824] dump_stack_lvl+0xd8/0x12c [ 8867.259889][ T8824] dump_stack+0x1c/0x28 [ 8867.260075][ T8824] should_fail_ex+0x570/0x6e0 [ 8867.260294][ T8824] should_fail+0x14/0x24 [ 8867.260498][ T8824] should_fail_usercopy+0x20/0x30 [ 8867.260744][ T8824] _copy_from_iter+0x1a0/0x187c [ 8867.260954][ T8824] copy_page_from_iter+0x214/0x2fc [ 8867.261165][ T8824] skb_copy_datagram_from_iter+0x2f4/0x688 [ 8867.261470][ T8824] tun_get_user+0x1294/0x39cc [ 8867.261799][ T8824] tun_chr_write_iter+0x138/0x248 [ 8867.262082][ T8824] vfs_write+0xa34/0xb1c [ 8867.262320][ T8824] ksys_write+0x100/0x1f4 [ 8867.262550][ T8824] __arm64_sys_write+0x98/0xcc [ 8867.262824][ T8824] invoke_syscall+0x90/0x238 [ 8867.263116][ T8824] el0_svc_common+0x180/0x2f4 [ 8867.263425][ T8824] do_el0_svc+0x58/0x74 [ 8867.263729][ T8824] el0_svc+0x5c/0x234 [ 8867.264016][ T8824] el0t_64_sync_handler+0x84/0x12c [ 8867.264298][ T8824] el0t_64_sync+0x198/0x19c [ 8899.183688][ T8844] FAULT_INJECTION: forcing a failure. [ 8899.183688][ T8844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 8899.193847][ T8844] CPU: 0 UID: 0 PID: 8844 Comm: syz.0.1576 Not tainted syzkaller #0 PREEMPT [ 8899.194249][ T8844] Hardware name: linux,dummy-virt (DT) [ 8899.194360][ T8844] Call trace: [ 8899.194443][ T8844] show_stack+0x2c/0x3c (C) [ 8899.194841][ T8844] __dump_stack+0x30/0x40 [ 8899.195045][ T8844] dump_stack_lvl+0xd8/0x12c [ 8899.195265][ T8844] dump_stack+0x1c/0x28 [ 8899.195460][ T8844] should_fail_ex+0x570/0x6e0 [ 8899.195697][ T8844] should_fail+0x14/0x24 [ 8899.195924][ T8844] should_fail_usercopy+0x20/0x30 [ 8899.196152][ T8844] _copy_from_iter+0x1a0/0x187c [ 8899.196373][ T8844] copy_page_from_iter+0x214/0x2fc [ 8899.196586][ T8844] skb_copy_datagram_from_iter+0x2f4/0x688 [ 8899.196921][ T8844] tun_get_user+0x1294/0x39cc [ 8899.197215][ T8844] tun_chr_write_iter+0x138/0x248 [ 8899.197490][ T8844] vfs_write+0xa34/0xb1c [ 8899.197748][ T8844] ksys_write+0x100/0x1f4 [ 8899.197981][ T8844] __arm64_sys_write+0x98/0xcc [ 8899.198215][ T8844] invoke_syscall+0x90/0x238 [ 8899.198502][ T8844] el0_svc_common+0x180/0x2f4 [ 8899.198810][ T8844] do_el0_svc+0x58/0x74 [ 8899.199091][ T8844] el0_svc+0x5c/0x234 [ 8899.199399][ T8844] el0t_64_sync_handler+0x84/0x12c [ 8899.199700][ T8844] el0t_64_sync+0x198/0x19c [ 9027.194428][ T8933] ================================================================== [ 9027.195722][ T8933] BUG: KASAN: slab-use-after-free in mtree_range_walk+0x604/0x8d0 [ 9027.196220][ T8933] Read of size 8 at addr 4cf000000dcf0178 by task syz.0.1606/8933 [ 9027.196462][ T8933] Pointer tag: [4c], memory tag: [fe] [ 9027.196587][ T8933] [ 9027.196816][ T8933] CPU: 0 UID: 0 PID: 8933 Comm: syz.0.1606 Not tainted syzkaller #0 PREEMPT [ 9027.197065][ T8933] Hardware name: linux,dummy-virt (DT) [ 9027.197172][ T8933] Call trace: [ 9027.197295][ T8933] show_stack+0x2c/0x3c (C) [ 9027.197656][ T8933] __dump_stack+0x30/0x40 [ 9027.197892][ T8933] dump_stack_lvl+0xd8/0x12c [ 9027.198103][ T8933] print_address_description+0xac/0x288 [ 9027.198387][ T8933] print_report+0x84/0xa0 [ 9027.198661][ T8933] kasan_report+0xb0/0x110 [ 9027.198984][ T8933] kasan_tag_mismatch+0x28/0x3c [ 9027.199216][ T8933] __hwasan_tag_mismatch+0x30/0x60 [ 9027.199519][ T8933] mtree_range_walk+0x604/0x8d0 [ 9027.199834][ T8933] mas_walk+0xf8/0x34c [ 9027.200082][ T8933] lock_vma_under_rcu+0x10c/0x35c [ 9027.200335][ T8933] do_page_fault+0x3a8/0x1508 [ 9027.200616][ T8933] do_translation_fault+0xbc/0xfc [ 9027.200920][ T8933] do_mem_abort+0x50/0x110 [ 9027.201205][ T8933] el0_da+0x64/0x210 [ 9027.201495][ T8933] el0t_64_sync_handler+0x90/0x12c [ 9027.201856][ T8933] el0t_64_sync+0x198/0x19c [ 9027.202123][ T8933] [ 9027.202234][ T8933] Allocated by task 8934: [ 9027.202558][ T8933] kasan_save_stack+0x40/0x6c [ 9027.202903][ T8933] save_stack_info+0x30/0x138 [ 9027.203091][ T8933] kasan_save_alloc_info+0x14/0x20 [ 9027.203303][ T8933] __kasan_slab_alloc+0x94/0x98 [ 9027.203572][ T8933] kmem_cache_alloc_noprof+0x320/0x5a8 [ 9027.203864][ T8933] mas_alloc_nodes+0x350/0x3b8 [ 9027.204088][ T8933] mas_preallocate+0x544/0x970 [ 9027.204309][ T8933] __split_vma+0x318/0xb00 [ 9027.204552][ T8933] vms_gather_munmap_vmas+0x4d0/0x1474 [ 9027.204812][ T8933] mmap_region+0x6c0/0x1fcc [ 9027.205056][ T8933] do_mmap+0xa50/0xf64 [ 9027.205249][ T8933] vm_mmap_pgoff+0x290/0x3e8 [ 9027.205444][ T8933] ksys_mmap_pgoff+0x3a4/0x448 [ 9027.205651][ T8933] __arm64_sys_mmap+0x13c/0x198 [ 9027.205940][ T8933] invoke_syscall+0x90/0x238 [ 9027.206214][ T8933] el0_svc_common+0x180/0x2f4 [ 9027.206486][ T8933] do_el0_svc+0x58/0x74 [ 9027.206766][ T8933] el0_svc+0x5c/0x234 [ 9027.207030][ T8933] el0t_64_sync_handler+0x84/0x12c [ 9027.207319][ T8933] el0t_64_sync+0x198/0x19c [ 9027.207582][ T8933] [ 9027.207674][ T8933] Freed by task 8110: [ 9027.207798][ T8933] kasan_save_stack+0x40/0x6c [ 9027.208068][ T8933] save_stack_info+0x30/0x138 [ 9027.208252][ T8933] __kasan_save_free_info+0x18/0x24 [ 9027.208437][ T8933] __kasan_slab_free+0x64/0x68 [ 9027.208717][ T8933] __rcu_free_sheaf_prepare+0x11c/0x2c4 [ 9027.209018][ T8933] rcu_free_sheaf+0x2c/0x138 [ 9027.209275][ T8933] rcu_core+0xe14/0x1d30 [ 9027.209471][ T8933] rcu_core_si+0x10/0x1c [ 9027.209645][ T8933] handle_softirqs+0x36c/0xd08 [ 9027.209924][ T8933] __do_softirq+0x14/0x20 [ 9027.210191][ T8933] [ 9027.210290][ T8933] The buggy address belongs to the object at fff000000dcf0100 [ 9027.210290][ T8933] which belongs to the cache maple_node of size 256 [ 9027.210489][ T8933] The buggy address is located 120 bytes inside of [ 9027.210489][ T8933] 256-byte region [fff000000dcf0100, fff000000dcf0200) [ 9027.210725][ T8933] [ 9027.210898][ T8933] The buggy address belongs to the physical page: [ 9027.212023][ T8933] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xbbf000000dcf0000 pfn:0x4dcf0 [ 9027.212403][ T8933] flags: 0x1ffc00000000200(workingset|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 9027.213142][ T8933] page_type: f5(slab) [ 9027.213861][ T8933] raw: 01ffc00000000200 d5f000000cc09700 ffffc1ffc0494790 ffffc1ffc051fb90 [ 9027.214119][ T8933] raw: bbf000000dcf0000 000000000010000e 00000000f5000000 0000000000000000 [ 9027.214327][ T8933] page dumped because: kasan: bad access detected [ 9027.214458][ T8933] [ 9027.214548][ T8933] Memory state around the buggy address: [ 9027.214915][ T8933] fff000000dceff00: ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae [ 9027.215127][ T8933] fff000000dcf0000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 9027.215353][ T8933] >fff000000dcf0100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 9027.215503][ T8933] ^ [ 9027.215770][ T8933] fff000000dcf0200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [ 9027.215986][ T8933] fff000000dcf0300: 70 70 70 70 70 70 70 70 70 70 70 70 70 70 70 70 [ 9027.216196][ T8933] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 9027.891795][ T8933] Disabling lock debugging due to kernel taint [ 9032.217233][ T7187] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9032.870236][ T7187] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9033.397903][ T7187] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9034.386021][ T7187] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9040.820609][ T7187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 9040.889991][ T7187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 9040.939957][ T7187] bond0 (unregistering): Released all slaves [ 9041.655239][ T7187] hsr_slave_0: left promiscuous mode [ 9041.695161][ T7187] hsr_slave_1: left promiscuous mode [ 9041.848335][ T7187] veth1_macvtap: left promiscuous mode [ 9041.856641][ T7187] veth0_macvtap: left promiscuous mode [ 9041.863898][ T7187] veth1_vlan: left promiscuous mode [ 9041.884935][ T7187] veth0_vlan: left promiscuous mode [ 9050.978313][ T7187] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9051.304482][ T7187] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9051.675807][ T7187] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9052.010246][ T7187] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 09:51:34 Registers: info registers vcpu 0 CPU#0 PC=ffff8000821a0b74 X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff8000821a0a70 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f60930 X08=46f000000dc01dc0 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=0000000000000219 X16=0000000000000046 X17=0000000000000000 X18=0000000000384400 X19=efff800000000000 X20=a6f000000dcbc880 X21=9dff80008c5bb018 X22=0000000000000002 X23=a6f000000dcbc97c X24=00000000000000a6 X25=a6f000000dcbcac8 X26=a6f000000dcbc8c8 X27=00000000000000a6 X28=00000000000000a6 X29=ffff80008c5f7b50 X30=ffff8000821a0b74 SP=ffff80008c5f7b40 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0d00000000000000:0d00000000000000 Z01=0000000d00000000:0000000000000000 Z02=000000000000000d:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000000d:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffcda091b0:0000ffffcda091b0 Z17=ffffff80ffffffd0:0000ffffcda09180 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000