last executing test programs: 1m5.183296061s ago: executing program 1 (id=1420): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000180)) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010002c, &(0x7f0000000000)=0x7}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x101ff, 0x0, 0x8000000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) close(r1) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 53.632903106s ago: executing program 0 (id=1422): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x54e3, 0x110c230008) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b17000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x6030000000138010}}], 0x18}, 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x25) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0x28}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000240)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x8126, 0xb}) r16 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x21) syz_kvm_assert_syzos_uexit$arm64(r6, r16, 0xffffffffffffffff) 44.467105665s ago: executing program 1 (id=1423): ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x2900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x1}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async, rerun: 64) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (rerun: 64) munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000c40000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0xb2, 0x0}) (async) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 34.668126708s ago: executing program 0 (id=1424): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (fail_nth: 10) 34.614257992s ago: executing program 1 (id=1425): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x6030000000138010}}], 0x18}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x0, 0x2800002, 0x11, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) openat$kvm(0xffffff9c, 0x0, 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0x40049409, 0x9) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x2, 0x8032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, 0x0, 0x100000e, 0x80010, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x400000f, 0x40010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@riscv64_aia_csr={0x8030000003010001, &(0x7f0000000100)=0x1}) 30.773766179s ago: executing program 0 (id=1426): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0) mmap$KVM_VCPU(&(0x7f0000e04000/0x2000)=nil, 0x930, 0x1, 0x11, r10, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r11, 0x8, 0x13, r10, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r11, 0x1000001, 0x12, r10, 0x0) r12 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r13 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000180)=@arm64_core={0x603000000010001c, &(0x7f0000000200)=0x100}) 24.88131651s ago: executing program 1 (id=1427): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000080)=[@hvc={0x32, 0x40, {0x84000009, [0x9, 0x8, 0x8000, 0x603c8354, 0x200]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xffffffffffffffff) munmap(&(0x7f0000cd7000/0x2000)=nil, 0x2000) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x80) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x4, 0xfa, 0xb0, '\x00', 0x6}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14.81423477s ago: executing program 0 (id=1428): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x180) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xc0001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2000000002, 0x4, 0xa}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13.455640025s ago: executing program 1 (id=1429): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (fail_nth: 11) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) 8.517793728s ago: executing program 1 (id=1430): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0xe}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x7, &(0x7f0000000140)=0xa39}) 4.223518907s ago: executing program 0 (id=1431): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (fail_nth: 11) 0s ago: executing program 0 (id=1432): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a93000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r6 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) r7 = eventfd2(0x0, 0x80800) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x2f1, 0x5, r7}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x603000000010002a, &(0x7f00000000c0)=0x9}) kernel console output (not intermixed with test programs): [ 396.762949][ T3169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 446.317718][ T3169] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:1708' (ED25519) to the list of known hosts. [ 620.071982][ T24] audit: type=1400 audit(619.300:61): avc: denied { name_bind } for pid=3328 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 621.005861][ T24] audit: type=1400 audit(620.250:62): avc: denied { execute } for pid=3329 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 621.032765][ T24] audit: type=1400 audit(620.280:63): avc: denied { execute_no_trans } for pid=3329 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 648.227578][ T24] audit: type=1400 audit(647.470:64): avc: denied { mounton } for pid=3329 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 648.273609][ T24] audit: type=1400 audit(647.510:65): avc: denied { mount } for pid=3329 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 648.387677][ T3329] cgroup: Unknown subsys name 'net' [ 648.447421][ T24] audit: type=1400 audit(647.690:66): avc: denied { unmount } for pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 648.862109][ T3329] cgroup: Unknown subsys name 'cpuset' [ 648.983441][ T3329] cgroup: Unknown subsys name 'rlimit' [ 650.194497][ T24] audit: type=1400 audit(649.430:67): avc: denied { setattr } for pid=3329 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 650.214474][ T24] audit: type=1400 audit(649.460:68): avc: denied { create } for pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 650.240677][ T24] audit: type=1400 audit(649.480:69): avc: denied { write } for pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 650.262156][ T24] audit: type=1400 audit(649.500:70): avc: denied { module_request } for pid=3329 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 650.726839][ T24] audit: type=1400 audit(649.970:71): avc: denied { read } for pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 650.779253][ T24] audit: type=1400 audit(650.020:72): avc: denied { mounton } for pid=3329 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 650.806406][ T24] audit: type=1400 audit(650.050:73): avc: denied { mount } for pid=3329 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 651.847206][ T3333] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 652.093439][ T3329] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 709.372576][ T24] kauditd_printk_skb: 4 callbacks suppressed [ 709.383562][ T24] audit: type=1400 audit(708.620:78): avc: denied { execmem } for pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 790.262535][ T24] audit: type=1400 audit(789.490:79): avc: denied { read } for pid=3336 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 790.281122][ T24] audit: type=1400 audit(789.520:80): avc: denied { open } for pid=3336 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 790.361709][ T24] audit: type=1400 audit(789.590:81): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 790.599693][ T24] audit: type=1400 audit(789.840:82): avc: denied { module_request } for pid=3336 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 790.630882][ T24] audit: type=1400 audit(789.870:83): avc: denied { module_request } for pid=3337 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 791.595477][ T24] audit: type=1400 audit(790.840:84): avc: denied { sys_module } for pid=3337 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 815.203867][ T3336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 815.296988][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 815.371415][ T3336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 815.425939][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 831.807319][ T3337] hsr_slave_0: entered promiscuous mode [ 831.836774][ T3337] hsr_slave_1: entered promiscuous mode [ 832.832185][ T3336] hsr_slave_0: entered promiscuous mode [ 832.863104][ T3336] hsr_slave_1: entered promiscuous mode [ 832.892288][ T3336] debugfs: 'hsr0' already exists in 'hsr' [ 832.899535][ T3336] Cannot create hsr debugfs directory [ 839.199521][ T3337] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 839.627060][ T3337] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 839.956361][ T3337] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 840.259951][ T3337] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 841.833449][ T3336] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 842.021781][ T3336] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 842.182907][ T3336] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 842.484463][ T3336] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 858.664205][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.395287][ T3336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 916.747803][ T3337] veth0_vlan: entered promiscuous mode [ 917.301422][ T3337] veth1_vlan: entered promiscuous mode [ 919.142326][ T3336] veth0_vlan: entered promiscuous mode [ 919.625528][ T3337] veth0_macvtap: entered promiscuous mode [ 920.002511][ T3337] veth1_macvtap: entered promiscuous mode [ 920.116156][ T3336] veth1_vlan: entered promiscuous mode [ 922.529726][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 922.645098][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 922.651655][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 922.681340][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 923.037598][ T3336] veth0_macvtap: entered promiscuous mode [ 923.811894][ T3336] veth1_macvtap: entered promiscuous mode [ 925.356577][ T24] audit: type=1400 audit(924.600:85): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 925.691852][ T24] audit: type=1400 audit(924.920:86): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.QeHisG/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 925.901622][ T24] audit: type=1400 audit(925.130:87): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 926.270597][ T24] audit: type=1400 audit(925.510:88): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.QeHisG/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 926.452691][ T24] audit: type=1400 audit(925.670:89): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.QeHisG/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 926.616041][ T3394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.621193][ T3394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.635772][ T3394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.683444][ T3385] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.119667][ T24] audit: type=1400 audit(926.360:90): avc: denied { unmount } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 927.385850][ T24] audit: type=1400 audit(926.630:91): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 927.535916][ T24] audit: type=1400 audit(926.780:92): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="gadgetfs" ino=3760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 927.910940][ T24] audit: type=1400 audit(927.110:93): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 927.962697][ T24] audit: type=1400 audit(927.210:94): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 929.493553][ T3337] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 930.800364][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 930.808851][ T24] audit: type=1400 audit(930.020:96): avc: denied { read write } for pid=3337 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 930.827294][ T24] audit: type=1400 audit(930.070:97): avc: denied { open } for pid=3337 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 930.883255][ T24] audit: type=1400 audit(930.120:98): avc: denied { ioctl } for pid=3337 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 942.281632][ T24] audit: type=1400 audit(941.350:99): avc: denied { read } for pid=3494 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 942.306908][ T24] audit: type=1400 audit(941.530:100): avc: denied { open } for pid=3494 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 943.300575][ T24] audit: type=1400 audit(942.510:101): avc: denied { ioctl } for pid=3494 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 954.856988][ T24] audit: type=1400 audit(954.030:102): avc: denied { setattr } for pid=3502 comm="syz.0.4" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 964.352529][ T24] audit: type=1400 audit(963.580:103): avc: denied { execute } for pid=3506 comm="syz.1.6" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 967.362349][ T24] audit: type=1400 audit(966.610:104): avc: denied { write } for pid=3508 comm="syz.0.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 971.143346][ T24] audit: type=1400 audit(970.380:105): avc: denied { append } for pid=3510 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 988.194442][ T24] audit: type=1400 audit(987.420:106): avc: denied { map } for pid=3522 comm="syz.1.14" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1574.429639][ T24] audit: type=1400 audit(1573.600:107): avc: denied { create } for pid=3886 comm="syz.0.177" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1574.585853][ T24] audit: type=1400 audit(1573.830:108): avc: denied { map } for pid=3886 comm="syz.0.177" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6586 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1574.651276][ T24] audit: type=1400 audit(1573.880:109): avc: denied { read } for pid=3886 comm="syz.0.177" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6586 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1724.534403][ T24] audit: type=1400 audit(1723.760:110): avc: denied { ioctl } for pid=3965 comm="syz.1.211" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7479 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2231.371367][ T24] audit: type=1400 audit(2230.610:111): avc: denied { execute } for pid=4261 comm="syz.1.333" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=10874 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2680.171846][ T24] audit: type=1400 audit(2679.410:112): avc: denied { ioctl } for pid=4515 comm="syz.1.441" path="net:[4026532634]" dev="nsfs" ino=4026532634 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2770.975078][ T24] audit: type=1400 audit(2770.220:113): avc: denied { execute } for pid=4565 comm="syz.0.461" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3188.565378][ T4807] KVM: debugfs: duplicate directory 4807-6 [ 3189.121125][ T4807] KVM: debugfs: duplicate directory 4807-6 [ 3301.705870][ T4863] kvm [4863]: Failed to find VMA for hva 0x20c79000 [ 3408.777834][ T4928] kvm [4928]: Failed to find VMA for hva 0x20c79000 [ 3516.394004][ T4988] kvm [4988]: Failed to find VMA for hva 0x20c79000 [ 3548.552838][ T5006] debugfs: 'vgic-its-state@8080000' already exists in '5006-4' [ 3634.605307][ T24] audit: type=1400 audit(3633.830:114): avc: denied { execute } for pid=5054 comm="syz.1.644" path=2F3332322F10FBFF67525673312B0104 dev="tmpfs" ino=1631 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 3825.807680][ T5155] kvm [5155]: Failed to find VMA for hva 0x20c01000 [ 4784.019740][ T24] audit: type=1400 audit(4783.240:115): avc: denied { write } for pid=5671 comm="syz.1.891" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=28089 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 7201.277418][ T6890] FAULT_INJECTION: forcing a failure. [ 7201.277418][ T6890] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 7201.330478][ T6890] CPU: 0 UID: 0 PID: 6890 Comm: syz.1.1340 Not tainted syzkaller #0 PREEMPT [ 7201.331148][ T6890] Hardware name: linux,dummy-virt (DT) [ 7201.331624][ T6890] Call trace: [ 7201.332018][ T6890] show_stack+0x2c/0x3c (C) [ 7201.334031][ T6890] __dump_stack+0x30/0x40 [ 7201.334458][ T6890] dump_stack_lvl+0xd8/0x12c [ 7201.334782][ T6890] dump_stack+0x1c/0x28 [ 7201.335100][ T6890] should_fail_ex+0x56c/0x6d8 [ 7201.335373][ T6890] should_fail+0x14/0x24 [ 7201.335608][ T6890] should_fail_usercopy+0x20/0x30 [ 7201.335864][ T6890] simple_read_from_buffer+0xd0/0x294 [ 7201.336245][ T6890] proc_fail_nth_read+0x184/0x214 [ 7201.336507][ T6890] vfs_read+0x220/0x9d8 [ 7201.336782][ T6890] ksys_read+0x108/0x1fc [ 7201.337061][ T6890] __arm64_sys_read+0x98/0xcc [ 7201.337359][ T6890] invoke_syscall+0x90/0x230 [ 7201.337677][ T6890] el0_svc_common+0x120/0x2f4 [ 7201.338043][ T6890] do_el0_svc+0x58/0x74 [ 7201.338369][ T6890] el0_svc+0x5c/0x238 [ 7201.338611][ T6890] el0t_64_sync_handler+0x84/0x12c [ 7201.338848][ T6890] el0t_64_sync+0x198/0x19c [ 7227.561156][ T6902] FAULT_INJECTION: forcing a failure. [ 7227.561156][ T6902] name failslab, interval 1, probability 0, space 0, times 1 [ 7227.571102][ T6902] CPU: 0 UID: 0 PID: 6902 Comm: syz.0.1345 Not tainted syzkaller #0 PREEMPT [ 7227.571468][ T6902] Hardware name: linux,dummy-virt (DT) [ 7227.571577][ T6902] Call trace: [ 7227.571657][ T6902] show_stack+0x2c/0x3c (C) [ 7227.572072][ T6902] __dump_stack+0x30/0x40 [ 7227.572415][ T6902] dump_stack_lvl+0xd8/0x12c [ 7227.572731][ T6902] dump_stack+0x1c/0x28 [ 7227.573048][ T6902] should_fail_ex+0x56c/0x6d8 [ 7227.573311][ T6902] should_failslab+0xb8/0xec [ 7227.573557][ T6902] __kmalloc_cache_noprof+0x8c/0x4d4 [ 7227.573873][ T6902] kvm_uevent_notify_change+0xc0/0x374 [ 7227.574178][ T6902] kvm_put_kvm+0xa8/0xbe0 [ 7227.574401][ T6902] kvm_vcpu_release+0x70/0x9c [ 7227.574688][ T6902] __fput+0x4ac/0x978 [ 7227.574976][ T6902] fput_close_sync+0xd0/0x240 [ 7227.575302][ T6902] __arm64_sys_close+0x8c/0x13c [ 7227.575572][ T6902] invoke_syscall+0x90/0x230 [ 7227.575882][ T6902] el0_svc_common+0x120/0x2f4 [ 7227.576242][ T6902] do_el0_svc+0x58/0x74 [ 7227.576546][ T6902] el0_svc+0x5c/0x238 [ 7227.576777][ T6902] el0t_64_sync_handler+0x84/0x12c [ 7227.577015][ T6902] el0t_64_sync+0x198/0x19c [ 7235.507504][ T6906] FAULT_INJECTION: forcing a failure. [ 7235.507504][ T6906] name failslab, interval 1, probability 0, space 0, times 0 [ 7235.561567][ T6906] CPU: 0 UID: 0 PID: 6906 Comm: syz.1.1347 Not tainted syzkaller #0 PREEMPT [ 7235.561919][ T6906] Hardware name: linux,dummy-virt (DT) [ 7235.562026][ T6906] Call trace: [ 7235.562133][ T6906] show_stack+0x2c/0x3c (C) [ 7235.562514][ T6906] __dump_stack+0x30/0x40 [ 7235.562835][ T6906] dump_stack_lvl+0xd8/0x12c [ 7235.563170][ T6906] dump_stack+0x1c/0x28 [ 7235.563483][ T6906] should_fail_ex+0x56c/0x6d8 [ 7235.563740][ T6906] should_failslab+0xb8/0xec [ 7235.564001][ T6906] __kmalloc_noprof+0xe8/0x598 [ 7235.564349][ T6906] tomoyo_realpath_from_path+0xdc/0x628 [ 7235.564638][ T6906] tomoyo_path_number_perm+0x13c/0x33c [ 7235.564892][ T6906] tomoyo_file_ioctl+0x2c/0x3c [ 7235.565223][ T6906] security_file_ioctl+0xe0/0x2cc [ 7235.565527][ T6906] __arm64_sys_ioctl+0xd0/0x244 [ 7235.565797][ T6906] invoke_syscall+0x90/0x230 [ 7235.566128][ T6906] el0_svc_common+0x120/0x2f4 [ 7235.566436][ T6906] do_el0_svc+0x58/0x74 [ 7235.566727][ T6906] el0_svc+0x5c/0x238 [ 7235.566959][ T6906] el0t_64_sync_handler+0x84/0x12c [ 7235.567228][ T6906] el0t_64_sync+0x198/0x19c [ 7235.647778][ T6906] ERROR: Out of memory at tomoyo_realpath_from_path. [ 7277.626682][ T6931] FAULT_INJECTION: forcing a failure. [ 7277.626682][ T6931] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7277.701839][ T6931] CPU: 0 UID: 0 PID: 6931 Comm: syz.0.1353 Not tainted syzkaller #0 PREEMPT [ 7277.702254][ T6931] Hardware name: linux,dummy-virt (DT) [ 7277.702368][ T6931] Call trace: [ 7277.702446][ T6931] show_stack+0x2c/0x3c (C) [ 7277.702841][ T6931] __dump_stack+0x30/0x40 [ 7277.703202][ T6931] dump_stack_lvl+0xd8/0x12c [ 7277.703525][ T6931] dump_stack+0x1c/0x28 [ 7277.703830][ T6931] should_fail_ex+0x56c/0x6d8 [ 7277.704137][ T6931] should_fail+0x14/0x24 [ 7277.704389][ T6931] should_fail_usercopy+0x20/0x30 [ 7277.704650][ T6931] simple_read_from_buffer+0xd0/0x294 [ 7277.704971][ T6931] proc_fail_nth_read+0x184/0x214 [ 7277.705245][ T6931] vfs_read+0x220/0x9d8 [ 7277.705517][ T6931] ksys_read+0x108/0x1fc [ 7277.705783][ T6931] __arm64_sys_read+0x98/0xcc [ 7277.706077][ T6931] invoke_syscall+0x90/0x230 [ 7277.706405][ T6931] el0_svc_common+0x120/0x2f4 [ 7277.706710][ T6931] do_el0_svc+0x58/0x74 [ 7277.707004][ T6931] el0_svc+0x5c/0x238 [ 7277.707275][ T6931] el0t_64_sync_handler+0x84/0x12c [ 7277.707522][ T6931] el0t_64_sync+0x198/0x19c [ 7285.660434][ T6936] FAULT_INJECTION: forcing a failure. [ 7285.660434][ T6936] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7285.684613][ T6936] CPU: 0 UID: 0 PID: 6936 Comm: syz.0.1355 Not tainted syzkaller #0 PREEMPT [ 7285.684993][ T6936] Hardware name: linux,dummy-virt (DT) [ 7285.685139][ T6936] Call trace: [ 7285.685226][ T6936] show_stack+0x2c/0x3c (C) [ 7285.685600][ T6936] __dump_stack+0x30/0x40 [ 7285.685911][ T6936] dump_stack_lvl+0xd8/0x12c [ 7285.686252][ T6936] dump_stack+0x1c/0x28 [ 7285.686561][ T6936] should_fail_ex+0x56c/0x6d8 [ 7285.686818][ T6936] should_fail+0x14/0x24 [ 7285.687083][ T6936] should_fail_usercopy+0x20/0x30 [ 7285.687368][ T6936] strncpy_from_user+0x50/0x3d0 [ 7285.687660][ T6936] do_getname+0x8c/0x284 [ 7285.687983][ T6936] getname_flags+0x2c/0x3c [ 7285.688313][ T6936] do_sys_openat2+0x74/0x178 [ 7285.688589][ T6936] __arm64_sys_openat+0x14c/0x1b0 [ 7285.688860][ T6936] invoke_syscall+0x90/0x230 [ 7285.689204][ T6936] el0_svc_common+0x120/0x2f4 [ 7285.689508][ T6936] do_el0_svc+0x58/0x74 [ 7285.689797][ T6936] el0_svc+0x5c/0x238 [ 7285.690043][ T6936] el0t_64_sync_handler+0x84/0x12c [ 7285.690299][ T6936] el0t_64_sync+0x198/0x19c [ 7301.159552][ T6943] FAULT_INJECTION: forcing a failure. [ 7301.159552][ T6943] name failslab, interval 1, probability 0, space 0, times 0 [ 7301.164005][ T6943] CPU: 0 UID: 0 PID: 6943 Comm: syz.1.1358 Not tainted syzkaller #0 PREEMPT [ 7301.164360][ T6943] Hardware name: linux,dummy-virt (DT) [ 7301.164474][ T6943] Call trace: [ 7301.164560][ T6943] show_stack+0x2c/0x3c (C) [ 7301.164935][ T6943] __dump_stack+0x30/0x40 [ 7301.165297][ T6943] dump_stack_lvl+0xd8/0x12c [ 7301.165617][ T6943] dump_stack+0x1c/0x28 [ 7301.165914][ T6943] should_fail_ex+0x56c/0x6d8 [ 7301.166185][ T6943] should_failslab+0xb8/0xec [ 7301.166422][ T6943] __kmalloc_noprof+0xe8/0x598 [ 7301.166719][ T6943] tomoyo_encode+0x274/0x4e4 [ 7301.166989][ T6943] tomoyo_realpath_from_path+0x5bc/0x628 [ 7301.167299][ T6943] tomoyo_path_number_perm+0x13c/0x33c [ 7301.167564][ T6943] tomoyo_file_ioctl+0x2c/0x3c [ 7301.167843][ T6943] security_file_ioctl+0xe0/0x2cc [ 7301.168215][ T6943] __arm64_sys_ioctl+0xd0/0x244 [ 7301.168495][ T6943] invoke_syscall+0x90/0x230 [ 7301.168804][ T6943] el0_svc_common+0x120/0x2f4 [ 7301.169123][ T6943] do_el0_svc+0x58/0x74 [ 7301.169434][ T6943] el0_svc+0x5c/0x238 [ 7301.169668][ T6943] el0t_64_sync_handler+0x84/0x12c [ 7301.169908][ T6943] el0t_64_sync+0x198/0x19c [ 7301.294073][ T6943] ERROR: Out of memory at tomoyo_realpath_from_path. [ 7317.914688][ T6954] FAULT_INJECTION: forcing a failure. [ 7317.914688][ T6954] name failslab, interval 1, probability 0, space 0, times 0 [ 7317.950137][ T6954] CPU: 0 UID: 0 PID: 6954 Comm: syz.1.1362 Not tainted syzkaller #0 PREEMPT [ 7317.950535][ T6954] Hardware name: linux,dummy-virt (DT) [ 7317.950643][ T6954] Call trace: [ 7317.950727][ T6954] show_stack+0x2c/0x3c (C) [ 7317.951110][ T6954] __dump_stack+0x30/0x40 [ 7317.951438][ T6954] dump_stack_lvl+0xd8/0x12c [ 7317.951744][ T6954] dump_stack+0x1c/0x28 [ 7317.952095][ T6954] should_fail_ex+0x56c/0x6d8 [ 7317.952374][ T6954] should_failslab+0xb8/0xec [ 7317.952615][ T6954] __kmalloc_noprof+0xe8/0x598 [ 7317.952918][ T6954] tomoyo_encode+0x274/0x4e4 [ 7317.953218][ T6954] tomoyo_realpath_from_path+0x5bc/0x628 [ 7317.953504][ T6954] tomoyo_path_number_perm+0x13c/0x33c [ 7317.953763][ T6954] tomoyo_file_ioctl+0x2c/0x3c [ 7317.954067][ T6954] security_file_ioctl+0xe0/0x2cc [ 7317.954392][ T6954] __arm64_sys_ioctl+0xd0/0x244 [ 7317.954671][ T6954] invoke_syscall+0x90/0x230 [ 7317.954974][ T6954] el0_svc_common+0x120/0x2f4 [ 7317.955307][ T6954] do_el0_svc+0x58/0x74 [ 7317.955610][ T6954] el0_svc+0x5c/0x238 [ 7317.955849][ T6954] el0t_64_sync_handler+0x84/0x12c [ 7317.956140][ T6954] el0t_64_sync+0x198/0x19c [ 7318.060959][ T6954] ERROR: Out of memory at tomoyo_realpath_from_path. [ 7373.062594][ T6975] FAULT_INJECTION: forcing a failure. [ 7373.062594][ T6975] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7373.159089][ T6975] CPU: 0 UID: 0 PID: 6975 Comm: syz.0.1369 Not tainted syzkaller #0 PREEMPT [ 7373.159473][ T6975] Hardware name: linux,dummy-virt (DT) [ 7373.159580][ T6975] Call trace: [ 7373.159658][ T6975] show_stack+0x2c/0x3c (C) [ 7373.160083][ T6975] __dump_stack+0x30/0x40 [ 7373.160420][ T6975] dump_stack_lvl+0xd8/0x12c [ 7373.160736][ T6975] dump_stack+0x1c/0x28 [ 7373.161049][ T6975] should_fail_ex+0x56c/0x6d8 [ 7373.161336][ T6975] should_fail+0x14/0x24 [ 7373.161578][ T6975] should_fail_usercopy+0x20/0x30 [ 7373.161829][ T6975] _inline_copy_from_user+0x44/0x18c [ 7373.162133][ T6975] kvm_device_ioctl+0x208/0x418 [ 7373.162412][ T6975] __arm64_sys_ioctl+0x18c/0x244 [ 7373.162683][ T6975] invoke_syscall+0x90/0x230 [ 7373.162988][ T6975] el0_svc_common+0x120/0x2f4 [ 7373.163317][ T6975] do_el0_svc+0x58/0x74 [ 7373.163624][ T6975] el0_svc+0x5c/0x238 [ 7373.163861][ T6975] el0t_64_sync_handler+0x84/0x12c [ 7373.164158][ T6975] el0t_64_sync+0x198/0x19c [ 7409.035694][ T24] audit: type=1400 audit(7408.280:116): avc: denied { map } for pid=6991 comm="syz.0.1375" path="pipe:[2757]" dev="pipefs" ino=2757 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 7434.194423][ T7004] FAULT_INJECTION: forcing a failure. [ 7434.194423][ T7004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7434.273950][ T7004] CPU: 0 UID: 0 PID: 7004 Comm: syz.1.1380 Not tainted syzkaller #0 PREEMPT [ 7434.274373][ T7004] Hardware name: linux,dummy-virt (DT) [ 7434.274486][ T7004] Call trace: [ 7434.274569][ T7004] show_stack+0x2c/0x3c (C) [ 7434.274946][ T7004] __dump_stack+0x30/0x40 [ 7434.275291][ T7004] dump_stack_lvl+0xd8/0x12c [ 7434.275609][ T7004] dump_stack+0x1c/0x28 [ 7434.275909][ T7004] should_fail_ex+0x56c/0x6d8 [ 7434.276206][ T7004] should_fail+0x14/0x24 [ 7434.276464][ T7004] should_fail_usercopy+0x20/0x30 [ 7434.276729][ T7004] __kvm_read_guest_page+0x180/0x238 [ 7434.276985][ T7004] kvm_read_guest_page+0x300/0x354 [ 7434.277239][ T7004] kvm_read_guest+0x6c/0x140 [ 7434.277487][ T7004] vgic_its_restore_tables_v0+0x154/0x7d0 [ 7434.277815][ T7004] vgic_its_set_attr+0x65c/0x85c [ 7434.278057][ T7004] kvm_device_ioctl+0x354/0x418 [ 7434.278341][ T7004] __arm64_sys_ioctl+0x18c/0x244 [ 7434.278619][ T7004] invoke_syscall+0x90/0x230 [ 7434.278918][ T7004] el0_svc_common+0x120/0x2f4 [ 7434.279240][ T7004] do_el0_svc+0x58/0x74 [ 7434.279560][ T7004] el0_svc+0x5c/0x238 [ 7434.279801][ T7004] el0t_64_sync_handler+0x84/0x12c [ 7434.280079][ T7004] el0t_64_sync+0x198/0x19c [ 7455.714817][ T7016] FAULT_INJECTION: forcing a failure. [ 7455.714817][ T7016] name failslab, interval 1, probability 0, space 0, times 0 [ 7455.771537][ T7016] CPU: 0 UID: 0 PID: 7016 Comm: syz.1.1384 Not tainted syzkaller #0 PREEMPT [ 7455.771917][ T7016] Hardware name: linux,dummy-virt (DT) [ 7455.772120][ T7016] Call trace: [ 7455.772220][ T7016] show_stack+0x2c/0x3c (C) [ 7455.772607][ T7016] __dump_stack+0x30/0x40 [ 7455.772927][ T7016] dump_stack_lvl+0xd8/0x12c [ 7455.773270][ T7016] dump_stack+0x1c/0x28 [ 7455.773576][ T7016] should_fail_ex+0x56c/0x6d8 [ 7455.773820][ T7016] should_failslab+0xb8/0xec [ 7455.774070][ T7016] kmem_cache_alloc_lru_noprof+0x94/0x4c8 [ 7455.774406][ T7016] __d_alloc+0x54/0x850 [ 7455.774702][ T7016] d_alloc_pseudo+0x34/0x130 [ 7455.775001][ T7016] alloc_file_pseudo+0x94/0x1e8 [ 7455.775333][ T7016] hugetlb_file_setup+0x364/0x544 [ 7455.775598][ T7016] ksys_mmap_pgoff+0x17c/0x448 [ 7455.775840][ T7016] __arm64_sys_mmap+0x13c/0x198 [ 7455.776208][ T7016] invoke_syscall+0x90/0x230 [ 7455.776526][ T7016] el0_svc_common+0x120/0x2f4 [ 7455.776823][ T7016] do_el0_svc+0x58/0x74 [ 7455.777133][ T7016] el0_svc+0x5c/0x238 [ 7455.777390][ T7016] el0t_64_sync_handler+0x84/0x12c [ 7455.777630][ T7016] el0t_64_sync+0x198/0x19c [ 7474.032519][ T7027] FAULT_INJECTION: forcing a failure. [ 7474.032519][ T7027] name failslab, interval 1, probability 0, space 0, times 0 [ 7474.112636][ T7027] CPU: 0 UID: 0 PID: 7027 Comm: syz.0.1387 Not tainted syzkaller #0 PREEMPT [ 7474.113021][ T7027] Hardware name: linux,dummy-virt (DT) [ 7474.113159][ T7027] Call trace: [ 7474.113239][ T7027] show_stack+0x2c/0x3c (C) [ 7474.113608][ T7027] __dump_stack+0x30/0x40 [ 7474.113918][ T7027] dump_stack_lvl+0xd8/0x12c [ 7474.114266][ T7027] dump_stack+0x1c/0x28 [ 7474.114582][ T7027] should_fail_ex+0x56c/0x6d8 [ 7474.114830][ T7027] should_failslab+0xb8/0xec [ 7474.115077][ T7027] kmem_cache_alloc_noprof+0x90/0x4c4 [ 7474.115396][ T7027] security_file_alloc+0x38/0x32c [ 7474.115697][ T7027] init_file+0xb0/0x314 [ 7474.116015][ T7027] alloc_empty_file+0x74/0x17c [ 7474.116344][ T7027] path_openat+0xa8/0x3468 [ 7474.116655][ T7027] do_file_open+0x1b4/0x3e8 [ 7474.116958][ T7027] do_sys_openat2+0xc4/0x178 [ 7474.117252][ T7027] __arm64_sys_openat+0x14c/0x1b0 [ 7474.117537][ T7027] invoke_syscall+0x90/0x230 [ 7474.117842][ T7027] el0_svc_common+0x120/0x2f4 [ 7474.118171][ T7027] do_el0_svc+0x58/0x74 [ 7474.118474][ T7027] el0_svc+0x5c/0x238 [ 7474.118706][ T7027] el0t_64_sync_handler+0x84/0x12c [ 7474.118944][ T7027] el0t_64_sync+0x198/0x19c [ 7500.201710][ T7044] FAULT_INJECTION: forcing a failure. [ 7500.201710][ T7044] name failslab, interval 1, probability 0, space 0, times 0 [ 7500.206771][ T7044] CPU: 0 UID: 0 PID: 7044 Comm: syz.0.1392 Not tainted syzkaller #0 PREEMPT [ 7500.207128][ T7044] Hardware name: linux,dummy-virt (DT) [ 7500.207248][ T7044] Call trace: [ 7500.207328][ T7044] show_stack+0x2c/0x3c (C) [ 7500.207707][ T7044] __dump_stack+0x30/0x40 [ 7500.208087][ T7044] dump_stack_lvl+0xd8/0x12c [ 7500.208416][ T7044] dump_stack+0x1c/0x28 [ 7500.208713][ T7044] should_fail_ex+0x56c/0x6d8 [ 7500.208965][ T7044] should_failslab+0xb8/0xec [ 7500.209237][ T7044] kmem_cache_alloc_lru_noprof+0x94/0x4c8 [ 7500.209554][ T7044] __d_alloc+0x54/0x850 [ 7500.209844][ T7044] d_alloc_pseudo+0x34/0x130 [ 7500.210161][ T7044] alloc_file_pseudo+0x94/0x1e8 [ 7500.210468][ T7044] hugetlb_file_setup+0x364/0x544 [ 7500.210746][ T7044] ksys_mmap_pgoff+0x17c/0x448 [ 7500.210992][ T7044] __arm64_sys_mmap+0x13c/0x198 [ 7500.211329][ T7044] invoke_syscall+0x90/0x230 [ 7500.211646][ T7044] el0_svc_common+0x120/0x2f4 [ 7500.211973][ T7044] do_el0_svc+0x58/0x74 [ 7500.212313][ T7044] el0_svc+0x5c/0x238 [ 7500.212549][ T7044] el0t_64_sync_handler+0x84/0x12c [ 7500.212790][ T7044] el0t_64_sync+0x198/0x19c [ 7508.417582][ T7049] FAULT_INJECTION: forcing a failure. [ 7508.417582][ T7049] name failslab, interval 1, probability 0, space 0, times 0 [ 7508.459349][ T7049] CPU: 0 UID: 0 PID: 7049 Comm: syz.0.1393 Not tainted syzkaller #0 PREEMPT [ 7508.459705][ T7049] Hardware name: linux,dummy-virt (DT) [ 7508.459811][ T7049] Call trace: [ 7508.459888][ T7049] show_stack+0x2c/0x3c (C) [ 7508.460318][ T7049] __dump_stack+0x30/0x40 [ 7508.460644][ T7049] dump_stack_lvl+0xd8/0x12c [ 7508.460960][ T7049] dump_stack+0x1c/0x28 [ 7508.461284][ T7049] should_fail_ex+0x56c/0x6d8 [ 7508.461534][ T7049] should_failslab+0xb8/0xec [ 7508.461776][ T7049] kmem_cache_alloc_noprof+0x90/0x4c4 [ 7508.462088][ T7049] alloc_empty_file+0x60/0x17c [ 7508.462384][ T7049] alloc_file_pseudo+0xf0/0x1e8 [ 7508.462672][ T7049] hugetlb_file_setup+0x364/0x544 [ 7508.462931][ T7049] ksys_mmap_pgoff+0x17c/0x448 [ 7508.463200][ T7049] __arm64_sys_mmap+0x13c/0x198 [ 7508.463516][ T7049] invoke_syscall+0x90/0x230 [ 7508.463828][ T7049] el0_svc_common+0x120/0x2f4 [ 7508.464177][ T7049] do_el0_svc+0x58/0x74 [ 7508.464486][ T7049] el0_svc+0x5c/0x238 [ 7508.464728][ T7049] el0t_64_sync_handler+0x84/0x12c [ 7508.464977][ T7049] el0t_64_sync+0x198/0x19c [ 7640.467715][ T7118] FAULT_INJECTION: forcing a failure. [ 7640.467715][ T7118] name failslab, interval 1, probability 0, space 0, times 0 [ 7640.501692][ T7118] CPU: 0 UID: 0 PID: 7118 Comm: syz.0.1416 Not tainted syzkaller #0 PREEMPT [ 7640.502073][ T7118] Hardware name: linux,dummy-virt (DT) [ 7640.502198][ T7118] Call trace: [ 7640.502280][ T7118] show_stack+0x2c/0x3c (C) [ 7640.502652][ T7118] __dump_stack+0x30/0x40 [ 7640.502966][ T7118] dump_stack_lvl+0xd8/0x12c [ 7640.503308][ T7118] dump_stack+0x1c/0x28 [ 7640.503618][ T7118] should_fail_ex+0x56c/0x6d8 [ 7640.503876][ T7118] should_failslab+0xb8/0xec [ 7640.504177][ T7118] kmem_cache_alloc_noprof+0x90/0x4c4 [ 7640.504488][ T7118] vm_area_dup+0x3c/0x784 [ 7640.504739][ T7118] __split_vma+0x1c8/0xab0 [ 7640.505017][ T7118] vms_gather_munmap_vmas+0x2cc/0x146c [ 7640.505349][ T7118] mmap_region+0x6f4/0x1db4 [ 7640.505629][ T7118] do_mmap+0xa50/0xf50 [ 7640.505857][ T7118] vm_mmap_pgoff+0x288/0x3dc [ 7640.506115][ T7118] ksys_mmap_pgoff+0x1d0/0x448 [ 7640.506361][ T7118] __arm64_sys_mmap+0x13c/0x198 [ 7640.506663][ T7118] invoke_syscall+0x90/0x230 [ 7640.506965][ T7118] el0_svc_common+0x120/0x2f4 [ 7640.507293][ T7118] do_el0_svc+0x58/0x74 [ 7640.507592][ T7118] el0_svc+0x5c/0x238 [ 7640.507833][ T7118] el0t_64_sync_handler+0x84/0x12c [ 7640.508164][ T7118] el0t_64_sync+0x198/0x19c [ 7688.162502][ T7143] FAULT_INJECTION: forcing a failure. [ 7688.162502][ T7143] name failslab, interval 1, probability 0, space 0, times 0 [ 7688.191765][ T7143] CPU: 0 UID: 0 PID: 7143 Comm: syz.0.1424 Not tainted syzkaller #0 PREEMPT [ 7688.192191][ T7143] Hardware name: linux,dummy-virt (DT) [ 7688.192309][ T7143] Call trace: [ 7688.192388][ T7143] show_stack+0x2c/0x3c (C) [ 7688.192760][ T7143] __dump_stack+0x30/0x40 [ 7688.193094][ T7143] dump_stack_lvl+0xd8/0x12c [ 7688.193411][ T7143] dump_stack+0x1c/0x28 [ 7688.193709][ T7143] should_fail_ex+0x56c/0x6d8 [ 7688.193962][ T7143] should_failslab+0xb8/0xec [ 7688.194234][ T7143] kmem_cache_alloc_noprof+0x90/0x4c4 [ 7688.194547][ T7143] __anon_vma_prepare+0xfc/0x580 [ 7688.194846][ T7143] __vmf_anon_prepare+0x130/0x1f4 [ 7688.195154][ T7143] hugetlb_no_page+0x350/0x1a1c [ 7688.195444][ T7143] hugetlb_fault+0x5d8/0x103c [ 7688.195715][ T7143] handle_mm_fault+0x5bc/0x2be0 [ 7688.196057][ T7143] __get_user_pages+0x2d0c/0x3818 [ 7688.196310][ T7143] populate_vma_page_range+0x234/0x318 [ 7688.196558][ T7143] __mm_populate+0x198/0x350 [ 7688.196786][ T7143] vm_mmap_pgoff+0x35c/0x3dc [ 7688.197029][ T7143] ksys_mmap_pgoff+0x1d0/0x448 [ 7688.197304][ T7143] __arm64_sys_mmap+0x13c/0x198 [ 7688.197617][ T7143] invoke_syscall+0x90/0x230 [ 7688.197962][ T7143] el0_svc_common+0x120/0x2f4 [ 7688.198306][ T7143] do_el0_svc+0x58/0x74 [ 7688.198606][ T7143] el0_svc+0x5c/0x238 [ 7688.198844][ T7143] el0t_64_sync_handler+0x84/0x12c [ 7688.199110][ T7143] el0t_64_sync+0x198/0x19c [ 7711.401211][ T7155] FAULT_INJECTION: forcing a failure. [ 7711.401211][ T7155] name failslab, interval 1, probability 0, space 0, times 0 [ 7711.411949][ T7155] CPU: 0 UID: 0 PID: 7155 Comm: syz.1.1429 Not tainted syzkaller #0 PREEMPT [ 7711.412383][ T7155] Hardware name: linux,dummy-virt (DT) [ 7711.412495][ T7155] Call trace: [ 7711.412574][ T7155] show_stack+0x2c/0x3c (C) [ 7711.412945][ T7155] __dump_stack+0x30/0x40 [ 7711.413291][ T7155] dump_stack_lvl+0xd8/0x12c [ 7711.413619][ T7155] dump_stack+0x1c/0x28 [ 7711.413929][ T7155] should_fail_ex+0x56c/0x6d8 [ 7711.414217][ T7155] should_failslab+0xb8/0xec [ 7711.414465][ T7155] kmem_cache_alloc_noprof+0x90/0x4c4 [ 7711.414767][ T7155] mas_alloc_nodes+0x350/0x3b8 [ 7711.415091][ T7155] mas_preallocate+0x4ec/0x958 [ 7711.415409][ T7155] __split_vma+0x318/0xab0 [ 7711.415696][ T7155] vms_gather_munmap_vmas+0x4d0/0x146c [ 7711.415992][ T7155] mmap_region+0x6f4/0x1db4 [ 7711.416305][ T7155] do_mmap+0xa50/0xf50 [ 7711.416542][ T7155] vm_mmap_pgoff+0x288/0x3dc [ 7711.416777][ T7155] ksys_mmap_pgoff+0x1d0/0x448 [ 7711.417011][ T7155] __arm64_sys_mmap+0x13c/0x198 [ 7711.417342][ T7155] invoke_syscall+0x90/0x230 [ 7711.417651][ T7155] el0_svc_common+0x120/0x2f4 [ 7711.418008][ T7155] do_el0_svc+0x58/0x74 [ 7711.418341][ T7155] el0_svc+0x5c/0x238 [ 7711.418584][ T7155] el0t_64_sync_handler+0x84/0x12c [ 7711.418827][ T7155] el0t_64_sync+0x198/0x19c [ 7720.297453][ T7159] FAULT_INJECTION: forcing a failure. [ 7720.297453][ T7159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7720.329073][ T7159] CPU: 0 UID: 0 PID: 7159 Comm: syz.0.1431 Not tainted syzkaller #0 PREEMPT [ 7720.329466][ T7159] Hardware name: linux,dummy-virt (DT) [ 7720.329576][ T7159] Call trace: [ 7720.329657][ T7159] show_stack+0x2c/0x3c (C) [ 7720.330046][ T7159] __dump_stack+0x30/0x40 [ 7720.330385][ T7159] dump_stack_lvl+0xd8/0x12c [ 7720.330704][ T7159] dump_stack+0x1c/0x28 [ 7720.331039][ T7159] should_fail_ex+0x56c/0x6d8 [ 7720.331322][ T7159] should_fail+0x14/0x24 [ 7720.331564][ T7159] should_fail_usercopy+0x20/0x30 [ 7720.331818][ T7159] simple_read_from_buffer+0xd0/0x294 [ 7720.332202][ T7159] proc_fail_nth_read+0x184/0x214 [ 7720.332463][ T7159] vfs_read+0x220/0x9d8 [ 7720.332729][ T7159] ksys_read+0x108/0x1fc [ 7720.332993][ T7159] __arm64_sys_read+0x98/0xcc [ 7720.333299][ T7159] invoke_syscall+0x90/0x230 [ 7720.333608][ T7159] el0_svc_common+0x120/0x2f4 [ 7720.333908][ T7159] do_el0_svc+0x58/0x74 [ 7720.334231][ T7159] el0_svc+0x5c/0x238 [ 7720.334474][ T7159] el0t_64_sync_handler+0x84/0x12c [ 7720.334716][ T7159] el0t_64_sync+0x198/0x19c [ 7721.821864][ T7157] Unable to handle kernel paging request at virtual address ffef800000000001 [ 7721.873989][ T7157] KASAN: maybe wild-memory-access in range [0xff00000000000010-0xff0000000000001f] [ 7721.891576][ T7157] Mem abort info: [ 7721.916600][ T7157] ESR = 0x0000000096000004 [ 7721.917506][ T7157] EC = 0x25: DABT (current EL), IL = 32 bits [ 7721.979662][ T7157] SET = 0, FnV = 0 [ 7722.001282][ T7157] EA = 0, S1PTW = 0 [ 7722.030671][ T7157] FSC = 0x04: level 0 translation fault [ 7722.033967][ T24] audit: type=1400 audit(7721.150:117): avc: denied { read } for pid=3128 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 7722.089987][ T24] audit: type=1400 audit(7721.260:118): avc: denied { search } for pid=3128 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7722.091153][ T24] audit: type=1400 audit(7721.330:119): avc: denied { search } for pid=3128 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7722.099897][ T7157] Data abort info: [ 7722.100422][ T7157] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 7722.100792][ T7157] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 7722.101167][ T7157] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 7722.101666][ T7157] [ffef800000000001] address between user and kernel address ranges [ 7722.103372][ T7157] Internal error: Oops: 0000000096000004 [#1] SMP [ 7722.113833][ T7157] Modules linked in: [ 7722.115019][ T7157] CPU: 0 UID: 0 PID: 7157 Comm: syz.1.1430 Not tainted syzkaller #0 PREEMPT [ 7722.116271][ T7157] Hardware name: linux,dummy-virt (DT) [ 7722.117274][ T7157] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 7722.118536][ T7157] pc : vgic_its_save_tables_v0+0x3b0/0xe38 [ 7722.119662][ T7157] lr : vgic_its_save_tables_v0+0x308/0xe38 [ 7722.120733][ T7157] sp : ffff80008eb37bf0 [ 7722.121400][ T7157] x29: ffff80008eb37c70 x28: 95f000001ead8cf0 x27: 0000000000000000 [ 7722.123005][ T7157] x26: 000000000000009a x25: 1bf0000020bcf180 x24: 16f000001fcd2080 [ 7722.124356][ T7157] x23: 95f000001ead8c38 x22: b9070000c0000600 x21: 90f000001fcd2400 [ 7722.125659][ T7157] x20: 15f000002142a890 x19: efff800000000000 x18: 0000000000000000 [ 7722.126958][ T7157] x17: 000000000000001b x16: ffff80008001159c x15: 00000000000000a8 [ 7722.128341][ T7157] x14: 00000000000000a8 x13: fff0000017fd5348 x12: 0ff0000000000001 [ 7722.129676][ T7157] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000 [ 7722.131163][ T7157] x8 : 0001000000000000 x7 : ffff80008025a2a4 x6 : 0000000000000000 [ 7722.132507][ T7157] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008016d558 [ 7722.133853][ T7157] x2 : ebf000001fcd24c0 x1 : 0000000000000000 x0 : 0000000000000000 [ 7722.135321][ T7157] Call trace: [ 7722.136004][ T7157] vgic_its_save_tables_v0+0x3b0/0xe38 (P) [ 7722.137102][ T7157] vgic_its_set_attr+0x65c/0x85c [ 7722.137973][ T7157] kvm_device_ioctl+0x354/0x418 [ 7722.138857][ T7157] __arm64_sys_ioctl+0x18c/0x244 [ 7722.139792][ T7157] invoke_syscall+0x90/0x230 [ 7722.140732][ T7157] el0_svc_common+0x120/0x2f4 [ 7722.141623][ T7157] do_el0_svc+0x58/0x74 [ 7722.142500][ T7157] el0_svc+0x5c/0x238 [ 7722.143257][ T7157] el0t_64_sync_handler+0x84/0x12c [ 7722.144205][ T7157] el0t_64_sync+0x198/0x19c [ 7722.145544][ T7157] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) [ 7722.147425][ T7157] ---[ end trace 0000000000000000 ]--- [ 7722.149193][ T7157] Kernel panic - not syncing: Oops: Fatal exception [ 7722.151015][ T7157] Kernel Offset: disabled [ 7722.151690][ T7157] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 7722.152720][ T7157] Memory Limit: none [ 7722.154310][ T7157] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:15:17 Registers: info registers vcpu 0 CPU#0 PC=ffff8000803f6380 X00=0000000000000001 X01=00000000ffffffff X02=ffff80008698a3e8 X03=00000000000000ff X04=0000000002a3c2a7 X05=fff0000074d39490 X06=fff000000de6d4d0 X07=ffff80008045ece8 X08=0000000000001800 X09=00000000000000ff X10=ffffffffffeb46e9 X11=00000000000000ff X12=0000014eb29fdc80 X13=0000000000000400 X14=00000000000000fe X15=0000000002a3c2a7 X16=00000000000000fe X17=00000000000000fe X18=0000000001d5a000 X19=0000000000000c31 X20=fff0000074d393a0 X21=65f000000de6de38 X22=ffff800087af85b0 X23=00000000000000c0 X24=0000000000000000 X25=fff0000074d39ea0 X26=00000000000000ff X27=ffff800087b60000 X28=00000000000000ff X29=ffff80008c906e50 X30=ffff80008693c914 SP=ffff80008c906e60 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=00000073252f7325:0000000000006465 Z02=0000000000000011:0000000000000000 Z03=ffffff00ff0000ff:ffffffffffff0000 Z04=0000000000000000:fff0f00fffffff00 Z05=0000000000000011:0000000000000002 Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=bb448243222c92da:e3914ed4e87380b0 Z23=43788d6f07084f17:4508b00c6052a10f Z24=b20fae707afde253:388e9c6c4fa85ca0 Z25=8e9f894b2581e79e:20c883c9819d5c97 Z26=57c93d417f4d0394:89cd11f6992873d1 Z27=6b69be1163cb6500:a4ac85c293540e63 Z28=6edc4d3a2914b135:d8e9c869e2695c88 Z29=0000000000000000:0009000700030001 Z30=ffffff80ffffffd8:0000ffffec0ef2d0 Z31=0000ffffec0ef300:0000ffffec0ef300