last executing test programs: 52.217020281s ago: executing program 1 (id=71): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xe) syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0x4, 0x10000, 0x7fffffff}}, @mrs={0xbe, 0x18, {0x603000000013a038}}, @code={0xa, 0x84, {"e09891d20020b8f2410080d2a20180d2230080d2c40180d2020000d4008008d5c0f49ed200a0b8f2610180d2e20080d2830080d2440180d2020000d400e0400d008008d50000c06d402d8ad20000b8f2c10180d2a20080d2030080d2c40180d2020000d4000c40f80068210e0000229e"}}, @mrs={0xbe, 0x18, {0x5c7a9913291d8af4}}, @uexit={0x0, 0x18, 0x10000}, @smc={0x1e, 0x40, {0x84000051, [0x9, 0x100, 0x4, 0x2, 0xfffffffffffffffe]}}, @code={0xa, 0x9c, {"008008d5007008d50060004f205e9ad20060b8f2010180d2820180d2030180d2240180d2020000d40080c08860c182d20040b8f2a10180d2620080d2a30180d2840080d2020000d4007008d5009294d20000b0f2c10180d2620180d2230080d2840180d2020000d4008008d560288fd200e0b0f2a10180d2020080d2030080d2a40180d2020000d4"}}, @svc={0x122, 0x40, {0x400, [0x4, 0x1ff, 0x3, 0xc, 0x9]}}, @hvc={0x32, 0x40, {0x84000001, [0x4, 0x2, 0x5, 0x0, 0x1000]}}, @msr={0x14, 0x20, {0x603000000013e108, 0x7}}, @uexit={0x0, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013e6db}}, @uexit={0x0, 0x18, 0x4}, @msr={0x14, 0x20, {0x603000000013c112, 0x40}}], 0x2d8}, &(0x7f0000000100)=[@featur2={0x1, 0x40}], 0x1) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x46) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8902, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x69) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r9, 0x800454cf, 0x0) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r10, 0xae03, 0x7e) r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x6, 0x9, 0xffff0001, 0x2}}], 0x28}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r13, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0xd000, 0xd000, 0x2, 0x0, 0xffffffff}) 42.316574353s ago: executing program 0 (id=73): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) close(r3) close(r4) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece) (async) r7 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r10, 0x100000b, 0x31830, r6, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x8040aeb6, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9, 0x7fffffff, 0x2}}) close(r7) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4}) (async) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240100, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x40) (async) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x40) 41.799710047s ago: executing program 1 (id=74): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r4}) (async) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r4}) (async) r5 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x4, &(0x7f0000000000)=0x10}) (async) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, 0x0) 35.775877434s ago: executing program 1 (id=75): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x6, 0x4000000, 0x4}}], 0x50}, 0x0, 0x0) (async, rerun: 32) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (rerun: 32) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (async) r5 = mmap$KVM_VCPU(&(0x7f0000ef9000/0x4000)=nil, 0x0, 0x9, 0x11, r3, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r8, 0xc018ae85, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000000)="e3642d9b564f91dc076575de8c8bc99ba05d72fafd6ac34ecd7cf87e1c1ec034a66d3000c456be95a2de9b733bc841f42bf23215d03ff50ce1784c0dc34e686c1a1555d1510f9e28", 0x0, 0x48) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 33.89303371s ago: executing program 0 (id=76): munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000100)=@arm64={0x4e, 0x2, 0x0, '\x00', 0x4}) (async) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000000)=@arm64) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 32) syz_kvm_vgic_v3_setup(r5, 0x3, 0x60) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100050, &(0x7f0000000100)=0x8}) (async, rerun: 64) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013df65}}, @msr={0x14, 0x20, {0x603000000013deb1, 0x7}}, @msr={0x14, 0x20, {0x603000000013dce3, 0xfffffffffffffdc0}}, @eret={0xe6, 0x18, 0xfffffffffffffffc}, @hvc={0x32, 0x40, {0x4100002a, [0x1, 0x6, 0x30a8000000000000, 0x6, 0xc8]}}, @eret={0xe6, 0x18, 0x8001}, @code={0xa, 0x9c, {"0028601e804c87d200e0b8f2410080d2020080d2230080d2440080d2020000d4008008d540f598d20040b8f2210180d2420080d2c30080d2440180d2020000d4007008d5007008d5c08a82d20000b8f2c10080d2220080d2a30180d2a40080d2020000d4009c202e008c207e80f68ed20060b8f2210080d2e20080d2a30080d2440080d2020000d4"}}], 0x164}, &(0x7f00000001c0)=[@featur2={0x1, 0x81}], 0x1) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000cbf000/0x3000)=nil, 0x0, 0x1000001, 0x110, r7, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x440800, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1a) 27.07169986s ago: executing program 1 (id=77): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000100)}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) r10 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x1, 0x4, 0xeeef0000, 0x1000, &(0x7f0000d27000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_CREATE_VM(r10, 0x401c5820, 0x20000000) 25.293443446s ago: executing program 0 (id=78): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000000), 0xfffffffffffffdd8}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r6, 0x4068aea3, &(0x7f0000000240)={0xa8, 0x0, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x403}) 17.072827022s ago: executing program 1 (id=79): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x30) r1 = eventfd2(0x2, 0x80001) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000000)={0x8, 0xeeee8000, 0x4, r1, 0x4}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x8}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x9, 0xffffffffffffffff, 0x3}) ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000500)={0x101fc, 0x0, 0x1c0, &(0x7f0000000100)=[0x1000, 0x9, 0x7, 0x6, 0x4, 0x1, 0x3, 0x5, 0x8000000000000000, 0x97e, 0x7b, 0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x1, 0xfa, 0x8, 0x6, 0x4, 0x0, 0x3ff, 0xffffffffffffffff, 0x3, 0x2, 0x100000000, 0x4, 0x0, 0x8001, 0x5, 0x2, 0x8, 0x6, 0x5, 0x0, 0x200, 0x2, 0x2, 0xfffffffffffff801, 0x1ff, 0x5fc0000000000000, 0x40000000000, 0x7ff, 0xe6b1, 0x80000001, 0x4, 0x9, 0x9, 0x800, 0x6, 0x3, 0x4, 0x8, 0x2, 0x1a3, 0x9, 0x9, 0x1, 0x2, 0x0, 0x3ff, 0x800, 0x8000000000000000, 0xffffffffffffffff, 0x7, 0x4, 0x400, 0x7, 0x5, 0x3, 0x5, 0xb5bf, 0x100, 0x5, 0x2, 0x8b, 0x1, 0x3, 0x7, 0x3, 0x100000001, 0xf032, 0x9, 0x4, 0x100000001, 0x6, 0x5, 0x5000000, 0x3, 0x101, 0xe, 0xfffffffffffffffb, 0x8, 0x8, 0xc, 0x6, 0x38, 0x8000, 0x2, 0x7, 0x81, 0x280000000, 0x0, 0x0, 0x4, 0x0, 0x8, 0x6, 0x7, 0xe0, 0x154, 0x2, 0x4, 0x9, 0x6, 0xf03, 0x1, 0x6, 0x643e, 0x0, 0x5, 0xfb93, 0x100000001, 0x9, 0x8, 0x7fffffffffffffff, 0xb, 0xf000000000000]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x468042, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x30) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000580)={0x3, 0x4}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x38) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f00000005c0)={r1, 0x7fffffff, 0x2, r1}) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x9) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000600)={0xeeee8000, 0x11000}) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000640)={0x0, 0x58}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f0000000680)={0x6, 0x6}) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f00000006c0)={0xfffffff8, 0x7fffffff}) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x10) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x400, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0xb) r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000740)={0x8, 0x2}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x8000, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0xc) ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f0000000800)=@attr_other={0x0, 0xba, 0x0, &(0x7f00000007c0)=0x7}) 14.78424586s ago: executing program 0 (id=80): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000013000/0x1000)=nil, r4, 0x4, 0x8010, r5, 0x0) r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000000) 9.98178484s ago: executing program 1 (id=81): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20000000021) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x36a01, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}, @msr={0x14, 0x20, {0x603000000013dce1, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x120}, &(0x7f0000000300)=[@featur2={0x1, 0x85}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x3, 0x11, r8, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0xfffffffffffffffd) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000c80)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x1, 0xb0, 0x5, 0xa}}, @smc={0x1e, 0x40, {0x80007fff, [0x9, 0x6, 0x0, 0x0, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x342}}, @mrs={0xbe, 0x18, {0x6030000000138004}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x0, [0x7468, 0x4, 0x401, 0x4848, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x2, 0xc, 0xfffffff9, 0x7f, 0x4}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x84, {"000008d500a39ad200c0b0f2a10080d2220180d2030080d2c40180d2020000d4000008d560749cd20080b0f2410180d2620180d2830180d2840180d2020000d4000008d5000008d5000008d500868dd20060b8f2210180d2220180d2a30180d2e40180d2020000d4000008d500c0c00d"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0xc66, 0xa}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x353}}, @msr={0x14, 0x20, {0x6030000000138010, 0x5}}, @uexit={0x0, 0x18, 0x4}, @svc={0x122, 0x40, {0x40, [0x3ff, 0x7, 0x6a35, 0x6, 0xfffffffffffffff7]}}, @code={0xa, 0x54, {"000000bce05493d200c0b0f2410080d2820180d2030180d2640080d2020000d40098200e000000ca0040200d000000ea007008d50000711e007008d5000000ac"}}, @eret={0xe6, 0x18, 0x4}, @mrs={0xbe, 0x18, {0x603000000013c663}}, @svc={0x122, 0x40, {0x84000007, [0x3, 0x4ce, 0x1]}}, @msr={0x14, 0x20, {0x603000000013c009, 0xecc}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x4, 0x7, 0x72a478dd, 0x3}}, @irq_setup={0x46, 0x18, {0x2, 0x1bf}}, @uexit={0x0, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x0, 0x38b}}, @code={0xa, 0x84, {"007008d560089cd20020b0f2610180d2420080d2e30180d2240180d2020000d40040005e000028d5007008d580cd88d20040b8f2210180d2c20080d2830080d2440180d2020000d4a00796d20000b0f2e10180d2c20180d2430180d2c40180d2020000d40050805f00d4202e007008d5"}}], 0x48c}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r13, 0x4, 0x220) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x6, 0x4, 0x0}) 7.695374438s ago: executing program 0 (id=82): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x400454cc, 0x1) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_VM(r6, 0x400454cc, 0x1) (async) 0s ago: executing program 0 (id=83): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) r6 = syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0xa, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3a0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) kernel console output (not intermixed with test programs): [ 377.827436][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.151420][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:13405' (ED25519) to the list of known hosts. [ 582.377635][ T25] audit: type=1400 audit(581.550:61): avc: denied { name_bind } for pid=3307 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 584.195816][ T25] audit: type=1400 audit(583.370:62): avc: denied { execute } for pid=3308 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 584.228547][ T25] audit: type=1400 audit(583.420:63): avc: denied { execute_no_trans } for pid=3308 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 610.640578][ T25] audit: type=1400 audit(609.830:64): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 610.675629][ T25] audit: type=1400 audit(609.860:65): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 610.763136][ T3308] cgroup: Unknown subsys name 'net' [ 610.810609][ T25] audit: type=1400 audit(610.000:66): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 611.211111][ T3308] cgroup: Unknown subsys name 'cpuset' [ 611.311699][ T3308] cgroup: Unknown subsys name 'rlimit' [ 612.217048][ T25] audit: type=1400 audit(611.410:67): avc: denied { setattr } for pid=3308 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 612.242007][ T25] audit: type=1400 audit(611.420:68): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 612.260590][ T25] audit: type=1400 audit(611.450:69): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 613.459854][ T3316] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 613.480697][ T25] audit: type=1400 audit(612.670:70): avc: denied { relabelto } for pid=3316 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.507568][ T25] audit: type=1400 audit(612.690:71): avc: denied { write } for pid=3316 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 613.690029][ T25] audit: type=1400 audit(612.880:72): avc: denied { read } for pid=3308 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.708478][ T25] audit: type=1400 audit(612.890:73): avc: denied { open } for pid=3308 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.757153][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 663.580489][ T25] audit: type=1400 audit(662.770:74): avc: denied { execmem } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 668.331926][ T25] audit: type=1400 audit(667.520:75): avc: denied { read } for pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 668.368883][ T25] audit: type=1400 audit(667.560:76): avc: denied { open } for pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 668.449157][ T25] audit: type=1400 audit(667.640:77): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 668.697444][ T25] audit: type=1400 audit(667.870:78): avc: denied { module_request } for pid=3319 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 669.788292][ T25] audit: type=1400 audit(668.970:79): avc: denied { sys_module } for pid=3319 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 693.361879][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.597486][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 693.692109][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 694.167628][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 710.962113][ T3320] hsr_slave_0: entered promiscuous mode [ 710.989404][ T3320] hsr_slave_1: entered promiscuous mode [ 711.993093][ T3319] hsr_slave_0: entered promiscuous mode [ 712.041526][ T3319] hsr_slave_1: entered promiscuous mode [ 712.096883][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 712.100975][ T3319] Cannot create hsr debugfs directory [ 717.275989][ T25] audit: type=1400 audit(716.460:80): avc: denied { create } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 717.303233][ T25] audit: type=1400 audit(716.480:81): avc: denied { write } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 717.376595][ T25] audit: type=1400 audit(716.550:82): avc: denied { read } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 717.520375][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 717.988017][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 718.228463][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 718.505967][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 720.039196][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 720.197414][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 720.368577][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 720.603516][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 733.091216][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 735.508396][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 790.699443][ T3320] veth0_vlan: entered promiscuous mode [ 791.121285][ T3320] veth1_vlan: entered promiscuous mode [ 792.828840][ T3320] veth0_macvtap: entered promiscuous mode [ 793.239696][ T3320] veth1_macvtap: entered promiscuous mode [ 794.022435][ T3319] veth0_vlan: entered promiscuous mode [ 794.629798][ T3319] veth1_vlan: entered promiscuous mode [ 795.600472][ T3369] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.610762][ T3369] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.645956][ T3369] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 795.652410][ T3369] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.564382][ T3319] veth0_macvtap: entered promiscuous mode [ 798.121120][ T3319] veth1_macvtap: entered promiscuous mode [ 798.332306][ T25] audit: type=1400 audit(797.430:83): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 798.588441][ T25] audit: type=1400 audit(797.760:84): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.a3hxVk/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 798.806559][ T25] audit: type=1400 audit(797.960:85): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 799.017644][ T25] audit: type=1400 audit(798.200:86): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.a3hxVk/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 799.152182][ T25] audit: type=1400 audit(798.340:87): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.a3hxVk/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3757 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 799.826440][ T25] audit: type=1400 audit(799.010:88): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 800.081329][ T3369] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.093353][ T3369] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.115566][ T3369] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.141798][ T3369] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.232935][ T25] audit: type=1400 audit(799.320:89): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 800.371293][ T25] audit: type=1400 audit(799.520:90): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3766 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 800.673209][ T25] audit: type=1400 audit(799.860:91): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 800.799919][ T25] audit: type=1400 audit(799.940:92): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 802.286795][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 803.360183][ T25] kauditd_printk_skb: 3 callbacks suppressed [ 803.385289][ T25] audit: type=1400 audit(802.550:96): avc: denied { ioctl } for pid=3320 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 811.775986][ T25] audit: type=1400 audit(810.960:97): avc: denied { read } for pid=3471 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 811.800648][ T25] audit: type=1400 audit(810.990:98): avc: denied { open } for pid=3471 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 812.263263][ T25] audit: type=1400 audit(811.450:99): avc: denied { ioctl } for pid=3471 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 816.655110][ T25] audit: type=1400 audit(815.840:100): avc: denied { ioctl } for pid=3473 comm="syz.0.1" path="net:[4026532627]" dev="nsfs" ino=4026532627 ioctlcmd=0xb703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 842.988230][ T25] audit: type=1400 audit(842.170:101): avc: denied { append } for pid=3490 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 882.398314][ T25] audit: type=1400 audit(881.530:102): avc: denied { execute } for pid=3504 comm="syz.0.12" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 889.585920][ T25] audit: type=1400 audit(888.770:103): avc: denied { write } for pid=3513 comm="syz.0.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 993.214408][ T25] audit: type=1400 audit(992.370:104): avc: denied { setattr } for pid=3578 comm="syz.1.36" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1176.358590][ T3702] KVM: debugfs: duplicate directory 3702-6 [ 1217.396707][ T3728] ================================================================== [ 1217.397292][ T3728] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 [ 1217.400888][ T3728] Read of size 8 at addr 44f000001e670000 by task syz.1.81/3728 [ 1217.401115][ T3728] Pointer tag: [44], memory tag: [fe] [ 1217.401232][ T3728] [ 1217.402198][ T3728] CPU: 0 UID: 0 PID: 3728 Comm: syz.1.81 Not tainted syzkaller #0 PREEMPT [ 1217.402737][ T3728] Hardware name: linux,dummy-virt (DT) [ 1217.403195][ T3728] Call trace: [ 1217.403597][ T3728] show_stack+0x2c/0x3c (C) [ 1217.404184][ T3728] __dump_stack+0x30/0x40 [ 1217.404469][ T3728] dump_stack_lvl+0xd8/0x12c [ 1217.404677][ T3728] print_address_description+0xac/0x288 [ 1217.404945][ T3728] print_report+0x84/0xa0 [ 1217.405194][ T3728] kasan_report+0xb0/0x110 [ 1217.405444][ T3728] kasan_tag_mismatch+0x28/0x3c [ 1217.405689][ T3728] __hwasan_tag_mismatch+0x30/0x60 [ 1217.405978][ T3728] __kvm_pgtable_walk+0x8e4/0xa68 [ 1217.406253][ T3728] kvm_pgtable_walk+0x294/0x468 [ 1217.406538][ T3728] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1217.406827][ T3728] kvm_free_stage2_pgd+0x198/0x28c [ 1217.407145][ T3728] kvm_uninit_stage2_mmu+0x20/0x38 [ 1217.407454][ T3728] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1217.407746][ T3728] kvm_mmu_notifier_release+0x48/0xa8 [ 1217.408017][ T3728] mmu_notifier_unregister+0x128/0x42c [ 1217.408275][ T3728] kvm_put_kvm+0x6a0/0xfa8 [ 1217.408498][ T3728] kvm_vcpu_release+0x70/0x9c [ 1217.408763][ T3728] __fput+0x4ac/0x980 [ 1217.408957][ T3728] ____fput+0x20/0x58 [ 1217.409151][ T3728] task_work_run+0x1bc/0x254 [ 1217.409393][ T3728] get_signal+0x13ec/0x1554 [ 1217.409664][ T3728] do_signal+0x23c/0x4dd0 [ 1217.409949][ T3728] do_notify_resume+0xb0/0x270 [ 1217.410191][ T3728] el0_svc+0xb8/0x164 [ 1217.410453][ T3728] el0t_64_sync_handler+0x84/0x12c [ 1217.410695][ T3728] el0t_64_sync+0x198/0x19c [ 1217.411192][ T3728] [ 1217.411390][ T3728] The buggy address belongs to the physical page: [ 1217.412481][ T3728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e670 [ 1217.412834][ T3728] flags: 0x1ffeec000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xbb) [ 1217.413953][ T3728] raw: 01ffeec000000000 ffffc1ffc0793a48 ffffc1ffc0793b48 0000000000000000 [ 1217.414188][ T3728] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1217.414415][ T3728] page dumped because: kasan: bad access detected [ 1217.414553][ T3728] [ 1217.414647][ T3728] Memory state around the buggy address: [ 1217.415006][ T3728] fff000001e66fe00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1217.415206][ T3728] fff000001e66ff00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1217.415419][ T3728] >fff000001e670000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1217.415561][ T3728] ^ [ 1217.415797][ T3728] fff000001e670100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1217.415968][ T3728] fff000001e670200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1217.416158][ T3728] ================================================================== [ 1217.700465][ T3728] Disabling lock debugging due to kernel taint [ 1217.883504][ T3728] Unable to handle kernel paging request at virtual address ffff1342ff134200 [ 1217.951693][ T3728] KASAN: probably wild-memory-access in range [0xfff9342ff1342000-0xfff9342ff134200f] [ 1217.968666][ T3728] Mem abort info: [ 1217.996679][ T3728] ESR = 0x0000000096000004 [ 1218.008988][ T3728] EC = 0x25: DABT (current EL), IL = 32 bits [ 1218.009613][ T3728] SET = 0, FnV = 0 [ 1218.009901][ T3728] EA = 0, S1PTW = 0 [ 1218.010152][ T3728] FSC = 0x04: level 0 translation fault [ 1218.010483][ T3728] Data abort info: [ 1218.010727][ T3728] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1218.011049][ T3728] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1218.011374][ T3728] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1218.011847][ T3728] swapper pgtable: 4k pages, 52-bit VAs, pgdp=00000000476e2000 [ 1218.012221][ T3728] [ffff1342ff134200] pgd=100000004c698003, p4d=0000000000000000 [ 1218.013742][ T3728] Internal error: Oops: 0000000096000004 [#1] SMP [ 1218.023439][ T3728] Modules linked in: [ 1218.025195][ T3728] CPU: 0 UID: 0 PID: 3728 Comm: syz.1.81 Tainted: G B syzkaller #0 PREEMPT [ 1218.026709][ T3728] Tainted: [B]=BAD_PAGE [ 1218.027428][ T3728] Hardware name: linux,dummy-virt (DT) [ 1218.028452][ T3728] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1218.029737][ T3728] pc : __kvm_pgtable_walk+0x268/0xa68 [ 1218.030764][ T3728] lr : __kvm_pgtable_walk+0x214/0xa68 [ 1218.031742][ T3728] sp : ffff8000a8fd7510 [ 1218.032470][ T3728] x29: ffff8000a8fd75b0 x28: 0000000000000005 x27: fff9342ff1342000 [ 1218.033978][ T3728] x26: fff9342ff1342000 x25: 0000000000000000 x24: 0000000000000001 [ 1218.035362][ T3728] x23: 00000000000000ff x22: efff800000000000 x21: ffff8000a8fd7718 [ 1218.036699][ T3728] x20: 00000000000000ff x19: 00000000000000ff x18: 0000000000001b80 [ 1218.038018][ T3728] x17: 0000000000000044 x16: 00000000000000fe x15: fff0000072d7e404 [ 1218.039362][ T3728] x14: 0000000000000002 x13: ffff8000a8fd7720 x12: ffff8000a8fd7728 [ 1218.040709][ T3728] x11: 0000000000080000 x10: 000000000007ffff x9 : ffff8000a8fd7568 [ 1218.042127][ T3728] x8 : 0fff9342ff134200 x7 : ffff800080bc7058 x6 : 0000000000000000 [ 1218.043483][ T3728] x5 : 0000000000000000 x4 : 00000000000000ff x3 : 0000000000000001 [ 1218.044806][ T3728] x2 : fff9342ff1342000 x1 : 0000000000000000 x0 : 0000000000000000 [ 1218.046213][ T3728] Call trace: [ 1218.046919][ T3728] __kvm_pgtable_walk+0x268/0xa68 (P) [ 1218.047954][ T3728] __kvm_pgtable_walk+0x600/0xa68 [ 1218.048867][ T3728] kvm_pgtable_walk+0x294/0x468 [ 1218.049781][ T3728] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1218.050838][ T3728] kvm_free_stage2_pgd+0x198/0x28c [ 1218.051807][ T3728] kvm_uninit_stage2_mmu+0x20/0x38 [ 1218.052752][ T3728] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1218.053751][ T3728] kvm_mmu_notifier_release+0x48/0xa8 [ 1218.054705][ T3728] mmu_notifier_unregister+0x128/0x42c [ 1218.055682][ T3728] kvm_put_kvm+0x6a0/0xfa8 [ 1218.056479][ T3728] kvm_vcpu_release+0x70/0x9c [ 1218.057396][ T3728] __fput+0x4ac/0x980 [ 1218.058159][ T3728] ____fput+0x20/0x58 [ 1218.058963][ T3728] task_work_run+0x1bc/0x254 [ 1218.059817][ T3728] get_signal+0x13ec/0x1554 [ 1218.060694][ T3728] do_signal+0x23c/0x4dd0 [ 1218.061584][ T3728] do_notify_resume+0xb0/0x270 [ 1218.062454][ T3728] el0_svc+0xb8/0x164 [ 1218.063258][ T3728] el0t_64_sync_handler+0x84/0x12c [ 1218.064157][ T3728] el0t_64_sync+0x198/0x19c [ 1218.065529][ T3728] Code: f94023ec f9400fed a9017d3f f800813f (38686ac8) [ 1218.067253][ T3728] ---[ end trace 0000000000000000 ]--- [ 1218.068815][ T3728] Kernel panic - not syncing: Oops: Fatal exception [ 1218.070704][ T3728] Kernel Offset: disabled [ 1218.071431][ T3728] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1218.072511][ T3728] Memory Limit: none [ 1218.074122][ T3728] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:18:01 Registers: info registers vcpu 0 CPU#0 PC=ffff80008215925c X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff800082159050 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f1ef70 X08=a6ff80008c4bb000 X09=0000000000000030 X10=0000000000000030 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=00000000000000ca X16=0000000000000082 X17=0000000000000000 X18=0000000001d2e000 X19=efff800000000000 X20=61f000000dcb4880 X21=a6ff80008c4bb018 X22=0000000000000002 X23=61f000000dcb497c X24=0000000000000061 X25=0000000000000000 X26=a6ff80008c4bb000 X27=0000000000000061 X28=0000000000000061 X29=ffff80008c4f7b40 X30=ffff800082159250 SP=ffff80008c4f7b30 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0a00000000000000:0a00000000000000 Z01=0000000a00000000:0000000000000000 Z02=000000000000000a:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000000a:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffec27cbd0:0000ffffec27cbd0 Z17=ffffff80ffffffd0:0000ffffec27cba0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000