last executing test programs: 54.148532208s ago: executing program 1 (id=1521): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 42.981535922s ago: executing program 1 (id=1523): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x6) r9 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000280)="fb6149dd03ffb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521c916f8f1f449a7a835673312b54ebb2aa7fc869d22627e7000000000800", 0x0, 0x48) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r10, 0x1, 0x11, r8, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x109272, 0x1f01) write$eventfd(r5, 0x0, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) eventfd2(0x1, 0x80001) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x930, 0x1, 0x13, r2, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x13) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000000)={0x9}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2) r14 = syz_kvm_vgic_v3_setup(r13, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0xc, &(0x7f00000004c0)=0x1}) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f00000000c0)={0x2, [0x5, 0x7]}) ioctl$KVM_CREATE_VM(r15, 0x80086601, 0x20000000) 42.981359882s ago: executing program 0 (id=1524): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (fail_nth: 4) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff}}) 38.501537913s ago: executing program 0 (id=1525): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000000)={0x6, 0xd, 0x9}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r2, 0x400454ce, 0x8000000000000002) 35.749015199s ago: executing program 1 (id=1526): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x2, 0x0, [{0x55, 0x2, 0x1, 0x0, @msi={0x7, 0x0, 0x9, 0xffff}}, {0x3, 0x3, 0x1, 0x0, @adapter={0x8, 0x62, 0x9, 0x9, 0x2}}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x10004, 0x2, 0xb000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10002, 0x4, 0xb000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) r2 = syz_kvm_vgic_v3_setup(r1, 0x4, 0x140) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0xffffffff, 0xe3, &(0x7f0000000100)=0xffffffffffffff26}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000180)={0x1000, 0x2, 0x8}) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f00000001c0)) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000240)={0xe4, 0x0, 0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000300)=@arm64_fp={0x6040000000100062, &(0x7f00000002c0)=0x1}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000340)={0x47c, 0x9}) syz_kvm_vgic_v3_setup(r1, 0x3, 0x200) r4 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x1, 0x20010, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000380)="dd888f42537742714a4a8fcdae0a74155350b074873682710698980571245c5f11e209f13d42852f3ff6f160d6880bee839ad4d2d08265eaa225ff142869781b5ae316f4a5b8e854", 0x0, 0x48) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000400)={0x2}) ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000440)={0xb6, 0x0, 0x2}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f00000004c0)="7689b598337a10ca5e989f4489beddd44d1e5edddc962ea5", 0x0, 0x18) close(r1) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000540)=@attr_other={0x0, 0x500, 0x7, &(0x7f0000000500)=0xfffffffffffffffb}) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000580)="be4b5ccf2ff83268b4e3ce43f2eb7b22aa9e35b9cbc1ad7d", 0x0, 0x18) ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f0000000600)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000005c0)={0x9, 0x2, 0x2}}) r5 = mmap$KVM_VCPU(&(0x7f0000c4f000/0x2000)=nil, 0x0, 0x2000000, 0x4010, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000640)="6516f3167825ed7a5162a52cc25c7da22aed7eb345408a7feae05c1521bbb3755aca397c62121f3e22f1e801802c65a5d540f3e5a5d722c93239e45b865702c03819e56963caf849", 0x0, 0x48) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f00000006c0)={0x41000, 0x10a000}) ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000700)) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f00000007c0)=@riscv64_sbi_sta={0x803000000a000001, &(0x7f0000000780)=0x9}) 31.721789323s ago: executing program 0 (id=1527): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100034, &(0x7f0000000140)=0x9}) r2 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_GET_SREGS(r2, 0x8000ae83, &(0x7f00000002c0)) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x29) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) 29.93555555s ago: executing program 1 (id=1528): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (fail_nth: 4) 23.514093139s ago: executing program 1 (id=1529): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000002c0)=[{0x0, 0x0, 0x24}], 0x1, 0x0, 0x0, 0x73) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013df1a, &(0x7f00000000c0)=0x3}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000280)={0x0, &(0x7f0000000300)=[@hvc={0x32, 0x40, {0x80000001, [0x26, 0x4, 0xf1, 0x10000, 0x7]}}], 0x40}, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r12, 0x400454da, 0x2f) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1}) r14 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) 15.644255134s ago: executing program 0 (id=1530): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xa8200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) syz_kvm_vgic_v3_setup(r1, 0x4, 0x1a0) r2 = eventfd2(0x2, 0x80000) r3 = eventfd2(0xf, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r3, 0x0, 0x2, r2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x8, 0x2, r2}) ioctl$KVM_IRQFD(r1, 0x8933, &(0x7f0000000040)={r3, 0xffffffff, 0x1}) 9.503820825s ago: executing program 0 (id=1531): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000ab8000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r10 = syz_kvm_vgic_v3_setup(r7, 0x3, 0xa0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r10, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x7, 0x1000, 0x0}) syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) ioctl$KVM_CREATE_VM(r2, 0x400454ce, 0x8000000000000002) 7.038852654s ago: executing program 1 (id=1532): openat$kvm(0x0, &(0x7f0000000040), 0x3d0100, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x109081, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4}) close(0x4) close(0x5) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f00000000c0)=[@its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0xe, 0x3, 0x400, 0x4}}, @smc={0x1e, 0x40, {0x84000007, [0x7fffffffffffffff, 0x1b67, 0x0, 0xb213, 0x1]}}], 0x68}, &(0x7f0000000180), 0x1) r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_FINALIZE(r9, 0x4004aec2, &(0x7f0000000300)=0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x1, 0x2, 0x57000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r10 = mmap$KVM_VCPU(&(0x7f0000da7000/0x2000)=nil, r7, 0x1000000, 0x80010, r6, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000000000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) munmap(&(0x7f00000c2000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f000050b000/0x1000)=nil, 0x930, 0xf, 0x8010, r8, 0x0) close(r5) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1c) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r13, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x3, 0xe0, 0x6, '\x00', 0x7}) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000040)={0x8, 0xeeee7000}) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000aaf000/0x400000)=nil) 0s ago: executing program 0 (id=1533): r0 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) (fail_nth: 5) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0xb2, 0x0}) kernel console output (not intermixed with test programs): [ 383.560143][ T24] audit: type=1400 audit(382.830:60): avc: denied { read } for pid=3170 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 400.426709][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.397786][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:60576' (ED25519) to the list of known hosts. [ 605.695590][ T24] audit: type=1400 audit(604.970:61): avc: denied { name_bind } for pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 606.586064][ T24] audit: type=1400 audit(605.860:62): avc: denied { execute } for pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 606.613062][ T24] audit: type=1400 audit(605.880:63): avc: denied { execute_no_trans } for pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 631.643292][ T24] audit: type=1400 audit(630.920:64): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 631.691870][ T24] audit: type=1400 audit(630.950:65): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 631.768306][ T3325] cgroup: Unknown subsys name 'net' [ 631.823968][ T24] audit: type=1400 audit(631.100:66): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.225924][ T3325] cgroup: Unknown subsys name 'cpuset' [ 632.335157][ T3325] cgroup: Unknown subsys name 'rlimit' [ 633.574315][ T24] audit: type=1400 audit(632.850:67): avc: denied { setattr } for pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 633.611299][ T24] audit: type=1400 audit(632.880:68): avc: denied { create } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 633.650862][ T24] audit: type=1400 audit(632.920:69): avc: denied { write } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 633.679639][ T24] audit: type=1400 audit(632.920:70): avc: denied { module_request } for pid=3325 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 634.572353][ T24] audit: type=1400 audit(633.830:71): avc: denied { read } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 634.627944][ T24] audit: type=1400 audit(633.900:72): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 634.660506][ T24] audit: type=1400 audit(633.930:73): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 636.747533][ T3329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 636.792268][ T24] audit: type=1400 audit(636.060:74): avc: denied { relabelto } for pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 636.870439][ T24] audit: type=1400 audit(636.120:75): avc: denied { write } for pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 637.160975][ T24] audit: type=1400 audit(636.430:76): avc: denied { read } for pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.190287][ T24] audit: type=1400 audit(636.460:77): avc: denied { open } for pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.260162][ T3325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 691.414331][ T24] audit: type=1400 audit(690.690:78): avc: denied { execmem } for pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 691.744050][ T24] audit: type=1400 audit(691.020:79): avc: denied { read } for pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 691.772762][ T24] audit: type=1400 audit(691.050:80): avc: denied { open } for pid=3332 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 691.846536][ T24] audit: type=1400 audit(691.120:81): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 693.948036][ T24] audit: type=1400 audit(693.220:82): avc: denied { mount } for pid=3332 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 694.032861][ T24] audit: type=1400 audit(693.310:83): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/syzkaller.rie05Z/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 694.113585][ T24] audit: type=1400 audit(693.390:84): avc: denied { mount } for pid=3332 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 694.247608][ T24] audit: type=1400 audit(693.520:85): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/syzkaller.rie05Z/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 694.308587][ T24] audit: type=1400 audit(693.580:86): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/syzkaller.rie05Z/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2822 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 694.414213][ T24] audit: type=1400 audit(693.690:87): avc: denied { unmount } for pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 708.072823][ T24] kauditd_printk_skb: 9 callbacks suppressed [ 708.080148][ T24] audit: type=1400 audit(707.340:97): avc: denied { create } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 708.381164][ T24] audit: type=1400 audit(707.650:98): avc: denied { sys_admin } for pid=3338 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 712.983422][ T24] audit: type=1400 audit(712.260:99): avc: denied { sys_chroot } for pid=3342 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 713.518050][ T3342] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 779.764764][ T24] audit: type=1400 audit(779.040:100): avc: denied { sys_module } for pid=3361 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 802.108520][ T3361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.245751][ T3361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 803.773330][ T3363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 803.933318][ T3363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 813.858600][ T3361] hsr_slave_0: entered promiscuous mode [ 813.906489][ T3361] hsr_slave_1: entered promiscuous mode [ 815.974784][ T3363] hsr_slave_0: entered promiscuous mode [ 815.998009][ T3363] hsr_slave_1: entered promiscuous mode [ 816.015535][ T3363] debugfs: 'hsr0' already exists in 'hsr' [ 816.025334][ T3363] Cannot create hsr debugfs directory [ 824.501588][ T24] audit: type=1400 audit(823.770:101): avc: denied { create } for pid=3361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 824.641539][ T24] audit: type=1400 audit(823.910:102): avc: denied { write } for pid=3361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 824.734873][ T24] audit: type=1400 audit(824.010:103): avc: denied { read } for pid=3361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 825.092703][ T3361] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 825.546263][ T3361] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 826.112415][ T3361] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 827.281157][ T3361] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 830.984270][ T3363] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 831.177655][ T3363] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 831.377962][ T3363] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 831.636714][ T3363] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 845.502041][ T3361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 848.037497][ T3363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 900.016023][ T3361] veth0_vlan: entered promiscuous mode [ 900.452697][ T3361] veth1_vlan: entered promiscuous mode [ 902.232868][ T3363] veth0_vlan: entered promiscuous mode [ 902.617583][ T3361] veth0_macvtap: entered promiscuous mode [ 903.166880][ T3361] veth1_macvtap: entered promiscuous mode [ 903.265251][ T3363] veth1_vlan: entered promiscuous mode [ 905.518525][ T3428] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.669953][ T3428] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.680791][ T3428] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.738312][ T3428] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.832356][ T3363] veth0_macvtap: entered promiscuous mode [ 906.663198][ T3363] veth1_macvtap: entered promiscuous mode [ 909.374505][ T3340] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.382368][ T3340] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.420210][ T3340] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.424068][ T3340] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.364148][ T24] audit: type=1400 audit(915.610:104): avc: denied { read } for pid=3521 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 916.441622][ T24] audit: type=1400 audit(915.700:105): avc: denied { open } for pid=3521 comm="syz.1.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 918.525228][ T24] audit: type=1400 audit(917.790:106): avc: denied { ioctl } for pid=3521 comm="syz.1.8" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 923.332350][ T24] audit: type=1400 audit(922.570:107): avc: denied { execute } for pid=3524 comm="syz.1.9" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 924.713681][ T24] audit: type=1400 audit(923.990:108): avc: denied { execmem } for pid=3526 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 944.876787][ T24] audit: type=1400 audit(944.150:109): avc: denied { append } for pid=3541 comm="syz.1.17" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 958.250164][ T24] audit: type=1400 audit(957.460:110): avc: denied { write } for pid=3549 comm="syz.1.21" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1006.636078][ T24] audit: type=1400 audit(1005.910:111): avc: denied { setattr } for pid=3586 comm="syz.0.40" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1074.465935][ T24] audit: type=1400 audit(1073.730:112): avc: denied { map } for pid=3635 comm="syz.0.64" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1074.543783][ T24] audit: type=1400 audit(1073.810:113): avc: denied { execute } for pid=3635 comm="syz.0.64" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1422.045053][ T24] audit: type=1400 audit(1421.230:114): avc: denied { create } for pid=3861 comm="syz.0.167" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1506.593030][ T24] audit: type=1400 audit(1505.860:115): avc: denied { map } for pid=3911 comm="syz.0.187" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1506.680255][ T24] audit: type=1400 audit(1505.950:116): avc: denied { read } for pid=3911 comm="syz.0.187" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1602.024538][ T24] audit: type=1400 audit(1601.280:117): avc: denied { ioctl } for pid=3968 comm="syz.0.213" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7557 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1634.207952][ T24] audit: type=1400 audit(1633.480:118): avc: denied { map } for pid=3986 comm="syz.0.221" path="pipe:[3120]" dev="pipefs" ino=3120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1634.289953][ T24] audit: type=1400 audit(1633.560:119): avc: denied { execute } for pid=3986 comm="syz.0.221" path="pipe:[3120]" dev="pipefs" ino=3120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1731.550646][ T24] audit: type=1400 audit(1730.810:120): avc: denied { execute } for pid=4037 comm="syz.1.243" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=8319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2446.975648][ T24] audit: type=1400 audit(2446.250:121): avc: denied { execute } for pid=4443 comm="syz.0.415" path="/sys/kernel/debug/kcov" dev="debugfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 2776.204643][ T24] audit: type=1400 audit(2775.470:122): avc: denied { ioctl } for pid=4628 comm="syz.0.492" path="net:[4026532629]" dev="nsfs" ino=4026532629 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 3034.291260][ T4758] kvm [4758]: Failed to find VMA for hva 0x20deb000 [ 3252.061119][ T4879] KVM: debugfs: duplicate directory 4879-6 [ 3252.541598][ T4879] KVM: debugfs: duplicate directory 4879-6 [ 3437.535646][ T4970] kvm [4970]: Failed to find VMA for hva 0x20dcf000 [ 3677.725811][ T24] audit: type=1400 audit(3676.970:123): avc: denied { execute } for pid=5098 comm="syz.0.682" path=2F3334312F10FBFF67525673312B0104 dev="tmpfs" ino=1729 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 4413.993280][ T5494] debugfs: 'vgic-its-state@8080000' already exists in '5494-4' [ 4441.864088][ T5514] debugfs: 'vgic-its-state@8080000' already exists in '5512-4' [ 4474.073567][ T5528] debugfs: 'vgic-its-state@8080000' already exists in '5528-4' [ 4597.105272][ T5599] debugfs: 'vgic-its-state@8080000' already exists in '5599-4' [ 4788.020514][ T5716] kvm [5716]: Failed to find VMA for hva 0x20c79000 [ 4837.265668][ T5748] kvm [5747]: Unsupported guest access at: eeef0000 [ 4837.265668][ T5748] { Op0( 2), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4973.153216][ T5821] debugfs: 'vgic-its-state@8080000' already exists in '5821-4' [ 4986.010373][ T5828] debugfs: 'vgic-its-state@8080000' already exists in '5828-4' [ 5009.177673][ T5839] debugfs: 'vgic-its-state@8080000' already exists in '5839-4' [ 5652.394180][ T6202] debugfs: 'vgic-its-state@8080000' already exists in '6202-4' [ 5810.597390][ T6282] debugfs: 'vgic-its-state@8080000' already exists in '6282-4' [ 6116.435215][ T6474] debugfs: 'vgic-its-state@8080000' already exists in '6474-4' [ 7674.255875][ T7284] debugfs: 'vgic-its-state@8080000' already exists in '7284-4' [ 7739.301768][ T7315] debugfs: 'vgic-its-state@8080000' already exists in '7314-4' [ 7748.541705][ T7319] FAULT_INJECTION: forcing a failure. [ 7748.541705][ T7319] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 7748.593337][ T7319] CPU: 0 UID: 0 PID: 7319 Comm: syz.0.1495 Not tainted syzkaller #0 PREEMPT [ 7748.593978][ T7319] Hardware name: linux,dummy-virt (DT) [ 7748.594466][ T7319] Call trace: [ 7748.594849][ T7319] show_stack+0x2c/0x3c (C) [ 7748.596923][ T7319] __dump_stack+0x30/0x40 [ 7748.597357][ T7319] dump_stack_lvl+0xd8/0x12c [ 7748.597689][ T7319] dump_stack+0x1c/0x28 [ 7748.598007][ T7319] should_fail_ex+0x56c/0x6d8 [ 7748.598305][ T7319] should_fail+0x14/0x24 [ 7748.598558][ T7319] should_fail_usercopy+0x20/0x30 [ 7748.598838][ T7319] simple_read_from_buffer+0xd0/0x294 [ 7748.599231][ T7319] proc_fail_nth_read+0x184/0x214 [ 7748.599495][ T7319] vfs_read+0x220/0x9d8 [ 7748.599772][ T7319] ksys_read+0x108/0x1fc [ 7748.600046][ T7319] __arm64_sys_read+0x98/0xcc [ 7748.600349][ T7319] invoke_syscall+0x90/0x230 [ 7748.600665][ T7319] el0_svc_common+0x120/0x2f4 [ 7748.600973][ T7319] do_el0_svc+0x58/0x74 [ 7748.601297][ T7319] el0_svc+0x5c/0x238 [ 7748.601533][ T7319] el0t_64_sync_handler+0x84/0x12c [ 7748.601771][ T7319] el0t_64_sync+0x198/0x19c [ 7772.253016][ T7329] debugfs: 'vgic-its-state@8080000' already exists in '7329-4' [ 7795.062427][ T7344] kvm [7344]: Failed to find VMA for hva 0x21016000 [ 7893.966205][ T7406] FAULT_INJECTION: forcing a failure. [ 7893.966205][ T7406] name failslab, interval 1, probability 0, space 0, times 1 [ 7894.010207][ T7406] CPU: 0 UID: 0 PID: 7406 Comm: syz.0.1524 Not tainted syzkaller #0 PREEMPT [ 7894.010593][ T7406] Hardware name: linux,dummy-virt (DT) [ 7894.010705][ T7406] Call trace: [ 7894.010786][ T7406] show_stack+0x2c/0x3c (C) [ 7894.011228][ T7406] __dump_stack+0x30/0x40 [ 7894.011555][ T7406] dump_stack_lvl+0xd8/0x12c [ 7894.011868][ T7406] dump_stack+0x1c/0x28 [ 7894.012192][ T7406] should_fail_ex+0x56c/0x6d8 [ 7894.012454][ T7406] should_failslab+0xb8/0xec [ 7894.012689][ T7406] __kmalloc_cache_noprof+0x8c/0x4d4 [ 7894.012997][ T7406] init_srcu_struct_fields+0x7c/0xe2c [ 7894.013361][ T7406] __init_srcu_struct+0x88/0xa4 [ 7894.013669][ T7406] kvm_dev_ioctl+0x408/0x13d4 [ 7894.013952][ T7406] __arm64_sys_ioctl+0x18c/0x244 [ 7894.014247][ T7406] invoke_syscall+0x90/0x230 [ 7894.014564][ T7406] el0_svc_common+0x120/0x2f4 [ 7894.014872][ T7406] do_el0_svc+0x58/0x74 [ 7894.015232][ T7406] el0_svc+0x5c/0x238 [ 7894.015482][ T7406] el0t_64_sync_handler+0x84/0x12c [ 7894.015721][ T7406] el0t_64_sync+0x198/0x19c [ 7908.915417][ T7416] FAULT_INJECTION: forcing a failure. [ 7908.915417][ T7416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7908.971876][ T7416] CPU: 0 UID: 0 PID: 7416 Comm: syz.1.1528 Not tainted syzkaller #0 PREEMPT [ 7908.972299][ T7416] Hardware name: linux,dummy-virt (DT) [ 7908.972416][ T7416] Call trace: [ 7908.972499][ T7416] show_stack+0x2c/0x3c (C) [ 7908.972888][ T7416] __dump_stack+0x30/0x40 [ 7908.973240][ T7416] dump_stack_lvl+0xd8/0x12c [ 7908.973558][ T7416] dump_stack+0x1c/0x28 [ 7908.973867][ T7416] should_fail_ex+0x56c/0x6d8 [ 7908.974133][ T7416] should_fail+0x14/0x24 [ 7908.974423][ T7416] should_fail_usercopy+0x20/0x30 [ 7908.974702][ T7416] simple_read_from_buffer+0xd0/0x294 [ 7908.975074][ T7416] proc_fail_nth_read+0x184/0x214 [ 7908.975374][ T7416] vfs_read+0x220/0x9d8 [ 7908.975656][ T7416] ksys_read+0x108/0x1fc [ 7908.975923][ T7416] __arm64_sys_read+0x98/0xcc [ 7908.976228][ T7416] invoke_syscall+0x90/0x230 [ 7908.976559][ T7416] el0_svc_common+0x120/0x2f4 [ 7908.976875][ T7416] do_el0_svc+0x58/0x74 [ 7908.977208][ T7416] el0_svc+0x5c/0x238 [ 7908.977458][ T7416] el0t_64_sync_handler+0x84/0x12c [ 7908.977704][ T7416] el0t_64_sync+0x198/0x19c [ 7939.165617][ T7428] FAULT_INJECTION: forcing a failure. [ 7939.165617][ T7428] name failslab, interval 1, probability 0, space 0, times 0 [ 7939.187317][ T7428] CPU: 0 UID: 0 PID: 7428 Comm: syz.0.1533 Not tainted syzkaller #0 PREEMPT [ 7939.187710][ T7428] Hardware name: linux,dummy-virt (DT) [ 7939.187821][ T7428] Call trace: [ 7939.187902][ T7428] show_stack+0x2c/0x3c (C) [ 7939.188335][ T7428] __dump_stack+0x30/0x40 [ 7939.188710][ T7428] dump_stack_lvl+0xd8/0x12c [ 7939.189055][ T7428] dump_stack+0x1c/0x28 [ 7939.189409][ T7428] should_fail_ex+0x56c/0x6d8 [ 7939.189677][ T7428] should_failslab+0xb8/0xec [ 7939.189916][ T7428] __kmalloc_cache_noprof+0x8c/0x4d4 [ 7939.190256][ T7428] vgic_allocate_private_irqs_locked+0x10c/0x608 [ 7939.190528][ T7428] kvm_vgic_create+0x4f4/0x964 [ 7939.190763][ T7428] vgic_create+0x58/0x78 [ 7939.191114][ T7428] kvm_ioctl_create_device+0x18c/0x710 [ 7939.191441][ T7428] kvm_vm_ioctl+0x704/0x9a4 [ 7939.191715][ T7428] __arm64_sys_ioctl+0x18c/0x244 [ 7939.191993][ T7428] invoke_syscall+0x90/0x230 [ 7939.192337][ T7428] el0_svc_common+0x120/0x2f4 [ 7939.192645][ T7428] do_el0_svc+0x58/0x74 [ 7939.192949][ T7428] el0_svc+0x5c/0x238 [ 7939.193211][ T7428] el0t_64_sync_handler+0x84/0x12c [ 7939.193456][ T7428] el0t_64_sync+0x198/0x19c [ 7939.830002][ T7427] Unable to handle kernel paging request at virtual address ffef800000000000 [ 7939.861340][ T7427] KASAN: maybe wild-memory-access in range [0xff00000000000000-0xff0000000000000f] [ 7939.873164][ T7427] Mem abort info: [ 7939.900059][ T7427] ESR = 0x0000000096000004 [ 7939.900858][ T7427] EC = 0x25: DABT (current EL), IL = 32 bits [ 7939.901308][ T7427] SET = 0, FnV = 0 [ 7939.901638][ T7427] EA = 0, S1PTW = 0 [ 7939.901948][ T7427] FSC = 0x04: level 0 translation fault [ 7939.902344][ T7427] Data abort info: [ 7939.902631][ T7427] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 7939.902934][ T7427] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 7939.903353][ T7427] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 7939.903849][ T7427] [ffef800000000000] address between user and kernel address ranges [ 7939.905612][ T7427] Internal error: Oops: 0000000096000004 [#1] SMP [ 7939.915554][ T7427] Modules linked in: [ 7939.916778][ T7427] CPU: 0 UID: 0 PID: 7427 Comm: syz.0.1533 Not tainted syzkaller #0 PREEMPT [ 7939.918063][ T7427] Hardware name: linux,dummy-virt (DT) [ 7939.919157][ T7427] pstate: 01402009 (nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 7939.920421][ T7427] pc : kvm_vgic_destroy+0x2d4/0x624 [ 7939.921439][ T7427] lr : kvm_vgic_destroy+0x290/0x624 [ 7939.922331][ T7427] sp : ffff8000a1a27b90 [ 7939.923031][ T7427] x29: ffff8000a1a27ba0 x28: 0000000000000005 x27: f9f000001ae112d8 [ 7939.924580][ T7427] x26: f9f000001ae10db0 x25: 00000000000000f9 x24: f9f000001ae10d8c [ 7939.925959][ T7427] x23: 00000000000000f9 x22: 00000000000000f9 x21: f9f000001ae10ad0 [ 7939.927318][ T7427] x20: efff800000000000 x19: f9f000001ae10000 x18: 00000000842429f4 [ 7939.928515][ T7427] x17: 00000000000000d7 x16: ffff80008001159c x15: ffff8000a1a27940 [ 7939.929877][ T7427] x14: ffffffffffffffff x13: 0000000000000028 x12: 28f0000012995e58 [ 7939.931286][ T7427] x11: ffff800088412ac0 x10: 0000000000ff0100 x9 : 0ff0000000000000 [ 7939.932800][ T7427] x8 : 0000000000000000 x7 : ffff800086914ed4 x6 : 0000000000000000 [ 7939.934206][ T7427] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 7939.935500][ T7427] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000007 [ 7939.936905][ T7427] Call trace: [ 7939.937594][ T7427] kvm_vgic_destroy+0x2d4/0x624 (P) [ 7939.938430][ T7427] kvm_arch_destroy_vm+0x88/0x138 [ 7939.939408][ T7427] kvm_put_kvm+0x778/0xbe0 [ 7939.940271][ T7427] kvm_vm_release+0x58/0x78 [ 7939.941189][ T7427] __fput+0x4ac/0x978 [ 7939.942065][ T7427] ____fput+0x20/0x58 [ 7939.942958][ T7427] task_work_run+0x1b8/0x250 [ 7939.943872][ T7427] exit_to_user_mode_loop+0x110/0x188 [ 7939.944878][ T7427] el0_svc+0x17c/0x238 [ 7939.945664][ T7427] el0t_64_sync_handler+0x84/0x12c [ 7939.946555][ T7427] el0t_64_sync+0x198/0x19c [ 7939.947933][ T7427] Code: 54000420 b2481c28 d344fd09 d378fc28 (38696a89) [ 7939.949885][ T7427] ---[ end trace 0000000000000000 ]--- [ 7939.951704][ T7427] Kernel panic - not syncing: Oops: Fatal exception [ 7939.953658][ T7427] Kernel Offset: disabled [ 7939.954400][ T7427] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 7939.955546][ T7427] Memory Limit: none [ 7939.957248][ T7427] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:49:48 Registers: info registers vcpu 0 CPU#0 PC=ffff8000806d39e4 X00=ffff80008c9076a8 X01=ffff80008c9077d0 X02=ffff80008c9077d0 X03=0000000000000010 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800080d462c0 X08=0000000000000003 X09=0000000000000000 X10=0000000000ff0100 X11=ffff800088412ac0 X12=0000000000000102 X13=000000000000015d X14=0000000000002000 X15=ffff80008c9076a0 X16=ffff800080010528 X17=00000000000000d7 X18=fff0000074d3a8c8 X19=f5f0000014d8dd00 X20=3af000000dd9a600 X21=0000000000000020 X22=0000000000002820 X23=00000000000000f0 X24=0000000000000001 X25=0000000000000001 X26=0000000003ffffff X27=000000000000000c X28=0000000000000007 X29=ffff80008c9074e0 X30=ffff8000800e2f30 SP=ffff80008c9074b0 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:6d766b2f7665642f Z01=ffffffffffffffff:0000000000000000 Z02=0000000000000000:ffffffff00000000 Z03=ff00ff0000000000:ffffffffffffff00 Z04=0000000000000000:f0f00000fffffff0 Z05=0000000000000000:0000cccc000cf000 Z06=0000000000000073:0000aaaac73d63c0 Z07=0000000000000074:0000aaaac73d3600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffee6d7e50:0000ffffee6d7e50 Z17=ffffff80ffffffd0:0000ffffee6d7e20 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000