last executing test programs: 2h7m7.278194662s ago: executing program 0 (id=1): ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 2h7m5.151608926s ago: executing program 0 (id=3): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2h7m3.406346637s ago: executing program 0 (id=5): munmap(0x0, 0x0) 2h7m0.178839115s ago: executing program 0 (id=7): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 2h6m43.458493238s ago: executing program 0 (id=8): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1m14.92596995s ago: executing program 2 (id=919): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000000)=0x26}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa000, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x0, 0x80) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000001c0)={0x2400004, 0xe0fa}) 1m14.650717091s ago: executing program 1 (id=920): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x2, 0x102000}) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2000009, 0x4102932, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x4, 0x0, 0x0, 0xffffffffffffffff, 0x1}) 59.945938559s ago: executing program 1 (id=921): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x100000f, 0x1010, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_REGS(r4, 0x4360ae82, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5}) 59.568950588s ago: executing program 2 (id=922): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_add_vcpu(0x0, &(0x7f0000000640)={0x0, &(0x7f0000000040)=[@uexit={0x0, 0x18, 0x1}, @irq_setup={0x5, 0x18, {0x1, 0x225}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x100, 0x6}}, @uexit={0x0, 0x18, 0x101}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x1c00, 0x3f, 0x8}}, @its_send_cmd={0x8, 0x28, {0x5, 0x0, 0x1, 0x10, 0x0, 0x4, 0x4}}, @smc={0x3, 0x40, {0xc400000e, [0x7f, 0x1, 0x9, 0x8, 0x9]}}, @uexit={0x0, 0x18, 0xe}, @msr={0x2, 0x20, {0x603000000013d921, 0xff}}, @memwrite={0x6, 0x30, @vgic_gits={0x8080000, 0x1ffc8, 0x8720, 0x4}}, @code={0x1, 0xcc, {"a0d39bd20040b0f2c10180d2a20180d2a30080d2e40180d2020000d4000000b1a08295d200a0b0f2c10080d2220080d2030080d2840180d2020000d4008008d5c08187d20060b0f2a10180d2820080d2430080d2640180d2020000d40050c01a807797d20060b0f2c10080d2e20080d2c30180d2240080d2020000d4a06194d200a0b8f2e10080d2a20080d2a30180d2a40080d2020000d480ad9bd200c0b8f2010180d2e20180d2e30080d2240180d2020000d4000400f8"}}, @smc={0x3, 0x40, {0x84000007, [0x584, 0x2, 0x9, 0xfffffffffffffffc, 0x7]}}, @its_setup={0x7, 0x28, {0x0, 0x3, 0x1a5}}, @msr={0x2, 0x20, {0x603000000013df79, 0x8}}, @its_send_cmd={0x8, 0x28, {0xb, 0x1, 0x3, 0xb, 0x81, 0xfffff4e9, 0x1}}, @code={0x1, 0x9c, {"007008d5606692d200c0b8f2210180d2c20080d2430180d2240180d2020000d440da93d20000b8f2e10180d2c20180d2c30180d2640180d2020000d4a00c82d20020b0f2410080d2220080d2430180d2a40180d2020000d4000008d5e0e788d20040b8f2c10080d2620180d2e30080d2640080d2020000d40030000e000880780004c0da001c0013"}}, @its_send_cmd={0x8, 0x28, {0xb, 0x0, 0x2, 0x3, 0xcd, 0x9}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x5, 0x18, {0x0, 0x74}}, @memwrite={0x6, 0x30, @generic={0x1000, 0xa42, 0xfffffffffffffffb, 0x10}}, @uexit={0x0, 0x18, 0x10}, @memwrite={0x6, 0x30, @vgic_gicr={0x80c0000, 0x100, 0x1, 0x1}}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0x8, 0x28, {0xb, 0x0, 0x1, 0x2, 0x5, 0x10, 0x4}}, @uexit={0x0, 0x18, 0x9}, @code={0x1, 0x9c, {"e0bb85d20000b0f2e10180d2820080d2830080d2a40180d2020000d40000c0ac000028d560188bd20000b8f2e10180d2220180d2230080d2a40080d2020000d4202e89d20060b0f2010180d2620180d2a30080d2040080d2020000d4008008d50008200e00a4004f00cb96d20020b0f2810180d2a20080d2030180d2840080d2020000d4007c0053"}}, @uexit={0x0, 0x18, 0x4}, @its_send_cmd={0x8, 0x28, {0xe, 0x0, 0x4, 0x0, 0x3, 0xa}}, @its_send_cmd={0x8, 0x28, {0x1, 0x0, 0x0, 0xd, 0x2}}, @hvc={0x4, 0x40, {0x1, [0x4, 0x1, 0x9, 0x3e, 0x972b]}}], 0x5fc}, &(0x7f0000000680)=[@featur2], 0x1) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000000000/0x400000)=nil, &(0x7f00000009c0)=[{0x0, &(0x7f00000006c0)=[@msr={0x2, 0x20, {0x603000000013df12, 0xf}}, @its_setup={0x7, 0x28, {0x1, 0x1, 0x181}}, @code={0x1, 0x6c, {"000008d50000c038007008d50084200e00c0271ec0469cd200e0b0f2c10080d2820180d2c30180d2040080d2020000d4606789d20020b0f2610180d2020080d2030180d2240180d2020000d4007008d50024c09a0078000e"}}, @smc={0x3, 0x40, {0xc4000011, [0x800, 0x1, 0x9, 0x5, 0xba0]}}, @its_setup={0x7, 0x28, {0x0, 0x0, 0x2cf}}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x7, 0x28, {0x0, 0x4, 0x153}}, @uexit={0x0, 0x18, 0xf24}, @its_setup={0x7, 0x28, {0x3, 0x2, 0x2c4}}, @hvc={0x4, 0x40, {0x84000011, [0x2, 0x0, 0x8, 0x5, 0x101]}}, @memwrite={0x6, 0x30, @vgic_gicd={0x8000000, 0x3000, 0x9, 0x8}}, @its_setup={0x7, 0x28, {0x3, 0x2, 0x3d5}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x400}, @its_send_cmd={0x8, 0x28, {0x5, 0x1, 0x2, 0xe, 0x10001, 0x10001, 0x2}}, @msr={0x2, 0x20, {0x603000000013c4c9, 0x6}}, @msr={0x2, 0x20, {0x603000000013deb9, 0x5aa8b523}}, @irq_setup={0x5, 0x18, {0x1, 0x1dc}}], 0x2e4}], 0x1, 0x0, &(0x7f0000000a00)=[@featur2={0x1, 0x40}], 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r1, 0x100000b, 0x28031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2640, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0x4020940d, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) 48.1795428s ago: executing program 2 (id=923): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) eventfd2(0x0, 0xc00) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe3) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="02000000000000002000000000000000e2dc130000003060ffff00000000000003000000000000004000000000000000040000000000000008000000000000007f000000000000009ca0e1510000000006000000000000000100000000000000060000000000000030000000000000000000080800000000040000000000000008000000000000"], 0x5e0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 46.856356024s ago: executing program 1 (id=924): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f000000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0xffffffffffffffff) 33.426132799s ago: executing program 1 (id=925): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000c90000/0x1000)=nil, 0x1000) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000efb000/0x2000)=nil, 0x2000) munmap(&(0x7f0000db0000/0x1000)=nil, 0x1000) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x2800, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x5, 0x1, 0xffff1000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 31.211543853s ago: executing program 2 (id=926): close(0xffffffffffffffff) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 20.456249861s ago: executing program 2 (id=927): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0x0, 0x0, 0x60100, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) close(0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x8000000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) munmap(&(0x7f0000738000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f00009c0000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, 0x0, 0xfffffffffffffff9}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000340)={0x5, 0x2}) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000b9f000/0x1000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, r3, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x930, 0x8, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) 16.670261921s ago: executing program 1 (id=928): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x4000}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r0, 0x1, 0x100) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x100000f, 0x1010, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_REGS(r5, 0x4360ae82, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5}) 358.08µs ago: executing program 2 (id=929): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x62) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f00000001c0)={0x5}) ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4208ae9b, &(0x7f0000000000)={0x30001, 0x0, [0x11, 0x2, 0x7c, 0xb, 0x2, 0xffff, 0xfffffffffffffff9, 0x3c7]}) syz_kvm_vgic_v3_setup(r6, 0x4, 0x100) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_kvm_add_vcpu(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x7, 0x28, {0x0, 0x1, 0x17}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x58}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x8, 0xffff, &(0x7f00000002c0)=0xffffffffffff0001}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x4, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x6030000000140002, &(0x7f0000000100)=0xa}) syz_kvm_vgic_v3_setup(r10, 0x1, 0x60) 0s ago: executing program 1 (id=930): r0 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) munmap(&(0x7f0000ce0000/0x3000)=nil, 0x3000) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@other={0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2000002, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x183a42, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x141242, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r4, r2, &(0x7f0000e58000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x18}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x9}], 0x1) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000200)={0x7}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x0, 0x2, 0xffffffffffffffff, 0x1}) close(0x4) close(0x5) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000000c0)={0x2, 0x0, [{0x6, 0x1, 0x1, 0x0, @sint={0x1, 0xc}}, {0x5d, 0x0, 0x0, 0x0, @irqchip={0x7, 0x3b}}]}) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:41059' (ED25519) to the list of known hosts. [ 725.572360][ T24] audit: type=1400 audit(724.520:69): avc: denied { name_bind } for pid=3279 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 726.882434][ T24] audit: type=1400 audit(725.830:70): avc: denied { execute } for pid=3281 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 726.902412][ T24] audit: type=1400 audit(725.850:71): avc: denied { execute_no_trans } for pid=3281 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 754.201473][ T24] audit: type=1400 audit(753.140:72): avc: denied { mounton } for pid=3281 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 754.269577][ T24] audit: type=1400 audit(753.210:73): avc: denied { mount } for pid=3281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 754.375927][ T3281] cgroup: Unknown subsys name 'net' [ 754.448292][ T24] audit: type=1400 audit(753.400:74): avc: denied { unmount } for pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 754.987783][ T3281] cgroup: Unknown subsys name 'cpuset' [ 755.111058][ T3281] cgroup: Unknown subsys name 'rlimit' [ 756.437500][ T24] audit: type=1400 audit(755.380:75): avc: denied { setattr } for pid=3281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 756.490905][ T24] audit: type=1400 audit(755.440:76): avc: denied { create } for pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 756.519247][ T24] audit: type=1400 audit(755.450:77): avc: denied { write } for pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 756.568169][ T24] audit: type=1400 audit(755.510:78): avc: denied { module_request } for pid=3281 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 757.192690][ T24] audit: type=1400 audit(756.140:79): avc: denied { read } for pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 757.288934][ T24] audit: type=1400 audit(756.230:80): avc: denied { mounton } for pid=3281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 757.335775][ T24] audit: type=1400 audit(756.270:81): avc: denied { mount } for pid=3281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 758.789307][ T3286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 759.120634][ T3281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 814.772275][ T24] kauditd_printk_skb: 4 callbacks suppressed [ 814.772584][ T24] audit: type=1400 audit(813.720:86): avc: denied { execmem } for pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 815.172467][ T24] audit: type=1400 audit(814.120:87): avc: denied { read } for pid=3289 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 815.230000][ T24] audit: type=1400 audit(814.180:88): avc: denied { open } for pid=3289 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 815.323120][ T24] audit: type=1400 audit(814.270:89): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 817.591127][ T24] audit: type=1400 audit(816.500:90): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 817.700612][ T24] audit: type=1400 audit(816.650:91): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzkaller.PCY3Tt/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 817.809222][ T24] audit: type=1400 audit(816.750:92): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 818.015702][ T24] audit: type=1400 audit(816.960:93): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/syzkaller.ChLuni/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 818.116345][ T24] audit: type=1400 audit(817.050:94): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/syzkaller.ChLuni/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2870 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 818.231519][ T24] audit: type=1400 audit(817.180:95): avc: denied { unmount } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 827.490813][ T24] kauditd_printk_skb: 9 callbacks suppressed [ 827.491095][ T24] audit: type=1400 audit(826.440:105): avc: denied { read } for pid=3300 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 827.588879][ T24] audit: type=1400 audit(826.480:106): avc: denied { open } for pid=3300 comm="syz.0.7" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 827.671157][ T24] audit: type=1400 audit(826.560:107): avc: denied { write } for pid=3300 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 831.152045][ T24] audit: type=1400 audit(830.100:108): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 837.032578][ T24] audit: type=1401 audit(835.980:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 931.771590][ T24] audit: type=1400 audit(930.720:110): avc: denied { sys_module } for pid=3307 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 971.242761][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 971.460497][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 971.600967][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 971.723000][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.730466][ T3307] hsr_slave_0: entered promiscuous mode [ 986.791536][ T3307] hsr_slave_1: entered promiscuous mode [ 988.057141][ T3309] hsr_slave_0: entered promiscuous mode [ 988.130699][ T3309] hsr_slave_1: entered promiscuous mode [ 988.206409][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 988.211314][ T3309] Cannot create hsr debugfs directory [ 994.828492][ T3307] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 995.318946][ T3307] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 995.657776][ T3307] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 996.078121][ T3307] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 998.639196][ T3309] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 998.951609][ T3309] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 999.172387][ T3309] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 999.480352][ T3309] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1020.982107][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1025.673005][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1105.262792][ T3307] veth0_vlan: entered promiscuous mode [ 1106.199423][ T3307] veth1_vlan: entered promiscuous mode [ 1108.970262][ T3307] veth0_macvtap: entered promiscuous mode [ 1109.298456][ T3309] veth0_vlan: entered promiscuous mode [ 1109.669647][ T3307] veth1_macvtap: entered promiscuous mode [ 1110.661996][ T3309] veth1_vlan: entered promiscuous mode [ 1113.041107][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1113.049746][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1113.051655][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1113.061119][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1114.798488][ T3309] veth0_macvtap: entered promiscuous mode [ 1115.688403][ T3309] veth1_macvtap: entered promiscuous mode [ 1119.141905][ T3309] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.177517][ T3309] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.179742][ T3309] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.181704][ T3309] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.733131][ T3307] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1141.742305][ T24] audit: type=1400 audit(1140.690:111): avc: denied { append } for pid=3458 comm="syz.1.11" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1142.518136][ T24] audit: type=1400 audit(1141.420:112): avc: denied { ioctl } for pid=3458 comm="syz.1.11" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1244.671973][ T24] audit: type=1400 audit(1243.620:113): avc: denied { setattr } for pid=3504 comm="syz.1.31" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1275.057455][ T24] audit: type=1400 audit(1273.990:114): avc: denied { execute } for pid=3516 comm="syz.1.37" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4032 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1988.836629][ T24] audit: type=1400 audit(1987.780:115): avc: denied { map } for pid=3834 comm="syz.2.152" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2551.232723][ T24] audit: type=1400 audit(2550.150:116): avc: denied { map } for pid=4085 comm="syz.2.232" path="pipe:[2968]" dev="pipefs" ino=2968 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3717.250909][ T4615] kvm [4615]: Failed to find VMA for hva 0x21016000 [ 3751.780628][ T4630] kvm [4630]: Failed to find VMA for hva 0x21016000 [ 3779.101795][ T4641] kvm [4641]: Failed to find VMA for hva 0x21174000 [ 3970.732119][ T4730] kvm [4730]: Failed to find VMA for hva 0x21016000 [ 4003.212766][ T4742] kvm [4742]: Failed to find VMA for hva 0x21016000 [ 4213.172527][ T4848] kvm [4848]: Failed to find VMA for hva 0x21016000 [ 4421.052477][ T4937] KVM: debugfs: duplicate directory 4937-4 [ 4598.152109][ T5011] kvm [5011]: Failed to find VMA for hva 0x21174000 [ 4844.812996][ T5104] KVM: debugfs: duplicate directory 5104-4 [ 4845.742786][ T5104] KVM: debugfs: duplicate directory 5104-4 [ 4874.102476][ T5115] kvm [5115]: Failed to find VMA for hva 0x21174000 [ 4878.596385][ T5120] kvm [5120]: Failed to find VMA for hva 0x21016000 [ 4948.940917][ T5143] kvm [5143]: Failed to find VMA for hva 0x21174000 [ 5130.129854][ T5210] kvm [5210]: Failed to find VMA for hva 0x21174000 [ 5218.533191][ T5246] kvm [5246]: Failed to find VMA for hva 0x21016000 [ 5326.600081][ T24] audit: type=1400 audit(5325.490:117): avc: denied { ioctl } for pid=5290 comm="syz.2.576" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 5462.469806][ T5354] kvm [5354]: Failed to find VMA for hva 0x21016000 [ 5580.150481][ T5410] kvm [5410]: Failed to find VMA for hva 0x21016000 [ 5775.527135][ T5494] kvm [5494]: Failed to find VMA for hva 0x21174000 [ 6549.611620][ T5801] kvm [5801]: Failed to find VMA for hva 0x21016000 [ 6626.035817][ T5832] kvm [5832]: Failed to find VMA for hva 0x21016000 [ 7090.162905][ T6016] kvm [6016]: Failed to find VMA for hva 0x21016000 [ 7105.568414][ T6018] FAULT_INJECTION: forcing a failure. [ 7105.568414][ T6018] name failslab, interval 1, probability 0, space 0, times 1 [ 7105.570218][ T6018] CPU: 0 UID: 0 PID: 6018 Comm: syz.2.780 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0 [ 7105.570917][ T6018] Hardware name: linux,dummy-virt (DT) [ 7105.571429][ T6018] Call trace: [ 7105.571640][ T6018] dump_backtrace+0x1b8/0x1e4 [ 7105.573117][ T6018] show_stack+0x2c/0x3c [ 7105.573503][ T6018] dump_stack_lvl+0xe4/0x150 [ 7105.573909][ T6018] dump_stack+0x1c/0x28 [ 7105.574264][ T6018] should_fail_ex+0x318/0x338 [ 7105.574622][ T6018] should_failslab+0x94/0xb0 [ 7105.574943][ T6018] __kmalloc_noprof+0xdc/0x438 [ 7105.575261][ T6018] tomoyo_realpath_from_path+0x8c/0x330 [ 7105.575602][ T6018] tomoyo_path_number_perm+0x10c/0x320 [ 7105.576005][ T6018] tomoyo_file_ioctl+0x2c/0x3c [ 7105.576305][ T6018] security_file_ioctl+0x108/0x364 [ 7105.576660][ T6018] __arm64_sys_ioctl+0x80/0x184 [ 7105.576973][ T6018] invoke_syscall+0x78/0x1b8 [ 7105.577327][ T6018] el0_svc_common+0xe8/0x1b0 [ 7105.577706][ T6018] do_el0_svc+0x40/0x50 [ 7105.578056][ T6018] el0_svc+0x54/0x14c [ 7105.578418][ T6018] el0t_64_sync_handler+0x84/0xfc [ 7105.578824][ T6018] el0t_64_sync+0x190/0x194 [ 7105.802117][ T6018] ERROR: Out of memory at tomoyo_realpath_from_path. [ 7282.232429][ T6093] FAULT_INJECTION: forcing a failure. [ 7282.232429][ T6093] name failslab, interval 1, probability 0, space 0, times 0 [ 7282.330993][ T6093] CPU: 0 UID: 0 PID: 6093 Comm: syz.2.802 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0 [ 7282.333129][ T6093] Hardware name: linux,dummy-virt (DT) [ 7282.334388][ T6093] Call trace: [ 7282.335548][ T6093] dump_backtrace+0x1b8/0x1e4 [ 7282.337058][ T6093] show_stack+0x2c/0x3c [ 7282.338419][ T6093] dump_stack_lvl+0xe4/0x150 [ 7282.339928][ T6093] dump_stack+0x1c/0x28 [ 7282.341173][ T6093] should_fail_ex+0x318/0x338 [ 7282.342669][ T6093] should_failslab+0x94/0xb0 [ 7282.344057][ T6093] kmem_cache_alloc_noprof+0x84/0x35c [ 7282.345510][ T6093] vm_area_dup+0x74/0x204 [ 7282.346730][ T6093] __split_vma+0x114/0x600 [ 7282.348095][ T6093] vms_gather_munmap_vmas+0x18c/0xb40 [ 7282.349523][ T6093] mmap_region+0x324/0x1020 [ 7282.350895][ T6093] do_mmap+0x630/0xa3c [ 7282.352103][ T6093] vm_mmap_pgoff+0x10c/0x278 [ 7282.353503][ T6093] ksys_mmap_pgoff+0xbc/0x2dc [ 7282.354762][ T6093] __arm64_sys_mmap+0x9c/0xb0 [ 7282.356197][ T6093] invoke_syscall+0x78/0x1b8 [ 7282.357607][ T6093] el0_svc_common+0xe8/0x1b0 [ 7282.358863][ T6093] do_el0_svc+0x40/0x50 [ 7282.360235][ T6093] el0_svc+0x54/0x14c [ 7282.361624][ T6093] el0t_64_sync_handler+0x84/0xfc [ 7282.362934][ T6093] el0t_64_sync+0x190/0x194 [ 7336.537809][ T6114] kvm [6114]: Failed to find VMA for hva 0x21174000 [ 7519.152854][ T6191] kvm [6191]: Failed to find VMA for hva 0x21016000 [ 7561.238724][ T6207] kvm [6207]: Failed to find VMA for hva 0x21016000 [ 7615.392384][ T6229] kvm [6229]: Failed to find VMA for hva 0x21016000 [ 7731.738194][ T6277] kvm [6277]: Failed to find VMA for hva 0x21016000 [ 8455.020911][ T6560] Unable to handle kernel paging request at virtual address efff800000000137 [ 8455.041432][ T6560] KASAN: probably user-memory-access in range [0x0000000000001370-0x000000000000137f] [ 8455.042000][ T6560] Mem abort info: [ 8455.042220][ T6560] ESR = 0x0000000096000005 [ 8455.042527][ T6560] EC = 0x25: DABT (current EL), IL = 32 bits [ 8455.042883][ T6560] SET = 0, FnV = 0 [ 8455.043141][ T6560] EA = 0, S1PTW = 0 [ 8455.080400][ T6560] FSC = 0x05: level 1 translation fault [ 8455.080840][ T6560] Data abort info: [ 8455.081076][ T6560] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 8455.081354][ T6560] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 8455.081663][ T6560] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 8455.082173][ T6560] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000044a53000 [ 8455.082547][ T6560] [efff800000000137] pgd=1000000049992003, p4d=1000000049993003, pud=0000000000000000 [ 8455.303122][ T6560] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 8455.305207][ T6560] Modules linked in: [ 8455.306698][ T6560] CPU: 0 UID: 0 PID: 6560 Comm: syz.2.929 Not tainted 6.12.0-rc7-syzkaller-g5db899a34f75 #0 [ 8455.308626][ T6560] Hardware name: linux,dummy-virt (DT) [ 8455.310043][ T6560] pstate: 80402009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8455.311792][ T6560] pc : __hwasan_check_x0_67043363+0x4/0x30 [ 8455.313109][ T6560] lr : vgic_get_irq+0x7c/0x3d4 [ 8455.314373][ T6560] sp : ffff80008c597650 [ 8455.315485][ T6560] x29: ffff80008c597660 x28: 00000000000000e0 x27: 0000000000000004 [ 8455.317795][ T6560] x26: 0000000000000002 x25: ffff800083a7fe20 x24: 16f0000014accd90 [ 8455.319792][ T6560] x23: 16f0000014acb9a0 x22: 0000000000000000 x21: a9ff80008c583000 [ 8455.321835][ T6560] x20: 0000000000000001 x19: efff800000000000 x18: 0000000000000005 [ 8455.323849][ T6560] x17: 0000000000000000 x16: 0000000000000137 x15: 0000000000000000 [ 8455.325875][ T6560] x14: 0000000000000002 x13: 0000000000000003 x12: 70f000000a33ba80 [ 8455.327868][ T6560] x11: 0000000000080000 x10: 0000000000001378 x9 : efff800000000000 [ 8455.330016][ T6560] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000001 [ 8455.332012][ T6560] x5 : ffff80008c597858 x4 : ffff8000800f2b38 x3 : ffff8000800f7a00 [ 8455.334035][ T6560] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000001378 [ 8455.335982][ T6560] Call trace: [ 8455.336895][ T6560] __hwasan_check_x0_67043363+0x4/0x30 [ 8455.338277][ T6560] vgic_mmio_write_invlpi+0xb0/0x174 [ 8455.339739][ T6560] dispatch_mmio_write+0x2a4/0x308 [ 8455.340885][ T6560] __kvm_io_bus_write+0x290/0x340 [ 8455.342278][ T6560] kvm_io_bus_write+0x100/0x1bc [ 8455.343660][ T6560] io_mem_abort+0x4b8/0x7a0 [ 8455.344892][ T6560] kvm_handle_guest_abort+0xb4c/0x1c64 [ 8455.346246][ T6560] handle_exit+0x1a0/0x274 [ 8455.347542][ T6560] kvm_arch_vcpu_ioctl_run+0xbc0/0x15b0 [ 8455.348765][ T6560] kvm_vcpu_ioctl+0x660/0xf78 [ 8455.350030][ T6560] __arm64_sys_ioctl+0x108/0x184 [ 8455.351322][ T6560] invoke_syscall+0x78/0x1b8 [ 8455.352636][ T6560] el0_svc_common+0xe8/0x1b0 [ 8455.353757][ T6560] do_el0_svc+0x40/0x50 [ 8455.355035][ T6560] el0_svc+0x54/0x14c [ 8455.356330][ T6560] el0t_64_sync_handler+0x84/0xfc [ 8455.357726][ T6560] el0t_64_sync+0x190/0x194 [ 8455.359495][ T6560] Code: a90efbfd d2800441 143a3ed3 9344dc10 (38706930) [ 8455.361725][ T6560] ---[ end trace 0000000000000000 ]--- [ 8455.363540][ T6560] Kernel panic - not syncing: Oops: Fatal exception [ 8455.366306][ T6560] Kernel Offset: disabled [ 8455.367426][ T6560] CPU features: 0x00,00000034,003f797c,437ffe1f [ 8455.368871][ T6560] Memory Limit: none [ 8455.370473][ T6560] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:12:32 Registers: info registers vcpu 0 CPU#0 PC=ffff8000833954b4 X00=0000000000000000 X01=ffff8000845d2f18 X02=2bf000000f8ac4f8 X03=2bf000000f8ac4f8 X04=2bf000000f8ac600 X05=0000000000000000 X06=0000000000000000 X07=ffff800083395484 X08=0000000100000100 X09=0000000000000000 X10=0000000000ff0100 X11=ffff8000852d2000 X12=0000000039529a68 X13=0000000000000028 X14=2bf000000f8ac578 X15=2bf000000f8ac500 X16=000000000000002b X17=8eb2dcef0edf6b76 X18=0000000000000055 X19=efff800000000000 X20=0000000000000001 X21=0000000000000000 X22=bef0000010993610 X23=0000000000000038 X24=0000000000000000 X25=0000000000000006 X26=ffff800084ef2468 X27=ffff800084a84b90 X28=bef000001099367f X29=ffff8000800077b0 X30=ffff800083a2b48c SP=ffff8000800077b0 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=1300000000000000:1300000000000000 Z01=0000001300000000:0000000000000000 Z02=0000000000000013:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=0000000000000013:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd74507d0:0000ffffd74507d0 Z17=ffffff80ffffffd0:0000ffffd74507a0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000