last executing test programs: 45.744271706s ago: executing program 1 (id=268): syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@uexit={0x0, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x3, 0x30c}}, @hvc={0x32, 0x40, {0x2000000, [0xfff, 0x5, 0xfffffffffffffff7, 0x8e, 0x10001]}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x0, 0x6, 0xffff8001, 0x8000, 0x1}}], 0xb0}, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, 0x0, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r4, 0x0, 0x260) (async) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0x2, 0x4}}], 0x30}, 0x0, 0x0) (async) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x19, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x42, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x100001, 0x129, 0x0, 0x3, 0xa, 0x8, '\x00', 0x1, 0x80000000}) write$eventfd(r8, &(0x7f00000001c0)=0x3, 0x8e80) 43.345533544s ago: executing program 0 (id=269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x5452, 0x2000fdfd) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2b) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, r8, 0x100000a, 0x12, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) munmap(&(0x7f0000062000/0x2000)=nil, 0x2000) 36.500883995s ago: executing program 1 (id=270): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0x5452, 0xa) 31.843877702s ago: executing program 0 (id=271): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x3, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000040)={0x2, 0xc5}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x48, 0xdddd1000, 0x0, r4}) close(r4) close(r3) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xaf832, r5, 0x0) r6 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r7, 0x2800002, 0x4010, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r10 = ioctl$KVM_CREATE_VM(r9, 0x894c, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xb701, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0x8004b707, 0x2) openat$kvm(0x0, 0x0, 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3b) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r7, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 30.122743735s ago: executing program 1 (id=272): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x444802, 0x0) close(r4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) write$eventfd(r6, &(0x7f0000000000), 0xfffffdef) ioctl$KVM_CAP_PTP_KVM(r6, 0x4068aea3, &(0x7f0000000000)) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x9000000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000de6000/0x1000)=nil, 0x1000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006e1000/0x10000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 22.62260371s ago: executing program 0 (id=273): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 64) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000200)=0x1}) (async, rerun: 32) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (rerun: 32) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async, rerun: 64) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000380)=@arm64_sys={0x603000000013c016, &(0x7f0000000000)=0x6c7f}) (async, rerun: 64) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async, rerun: 64) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x9e) (async, rerun: 32) openat$kvm(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) (async) r12 = eventfd2(0x0, 0x0) close(r12) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a77f2, 0x1f01) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000002, 0x13, r12, 0x0) 18.352714231s ago: executing program 1 (id=274): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x3, 0x0) write$eventfd(r2, &(0x7f0000000400)=0xfffffffffffffffc, 0x8) write$eventfd(r2, &(0x7f0000000480)=0x8c49, 0x8) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0) 14.804231545s ago: executing program 0 (id=275): ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000000)=@x86={0x4, 0x8, 0x7, 0x0, 0x3, 0x81, 0x8, 0x1, 0x2, 0x2, 0x0, 0x8, 0x0, 0xe09, 0x5, 0x4, 0xe, 0x2, 0x4, '\x00', 0x81, 0xef}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x34040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6) close(r1) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000080)=0x6) r2 = mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, 0x0, 0x3000004, 0x1010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="51e044f22d3abf38b8d1fc3ff52d56c969d84c9000758701d22dbf7486e9712f0887bd4cb1a42d84bc3718af3c82e24a7b783de466992b7eadd5ce2804b170766c2a1dd43e1de8bb", 0x0, 0x48) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000240)={0x0, &(0x7f0000000140)=[@its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0x8, 0xa3fe, 0x7e6, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x38b}}, @irq_setup={0x46, 0x18, {0x0, 0x38f}}, @uexit={0x0, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x3, 0x108}}, @hvc={0x32, 0x40, {0x0, [0x9, 0x7fff, 0x2, 0x4, 0x802]}}], 0xd8}, &(0x7f0000000280)=[@featur1={0x1, 0x80}], 0x1) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x14b000, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_KVMCLOCK_CTRL(r4, 0xaead) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000300)={0x1, 0xffffffffffffffff, 0x2}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000380)=@attr_other={0x0, 0x0, 0x8, &(0x7f0000000340)=0xa}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000003c0)={0x10200, 0x2, 0x10000, 0x1000, &(0x7f0000f2c000/0x1000)=nil}) ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f0000000400)) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000480)={0x3, 0x42}) ioctl$KVM_DIRTY_TLB(r4, 0x4010aeaa, &(0x7f00000004c0)={0xc}) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000500)={0x2, 0x48}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r9 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece) ioctl$KVM_GET_MP_STATE(r9, 0x8004ae98, &(0x7f0000000540)) r10 = ioctl$KVM_GET_STATS_FD_cpu(r6, 0xaece) r11 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000bc0)={0x0, &(0x7f0000000580)=[@svc={0x122, 0x40, {0xc4000011, [0x4, 0x2, 0xb3f, 0xf99, 0x2]}}, @hvc={0x32, 0x40, {0x84000053, [0x7, 0x3e, 0x5, 0x6, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x6, 0x4, 0xfffffff2, 0x4}}, @smc={0x1e, 0x40, {0xc4000053, [0x20000000000000, 0x2, 0xb, 0x5, 0xfff]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0xa, 0x7, 0x1, 0x4}}, @svc={0x122, 0x40, {0xc5000020, [0x4, 0x5, 0x8, 0x0, 0x3]}}, @msr={0x14, 0x20, {0x603000000013f682, 0x7}}, @eret={0xe6, 0x18}, @mrs={0xbe, 0x18, {0x603000000013c662}}, @uexit={0x0, 0x18, 0xfffffffffffff863}, @hvc={0x32, 0x40, {0xc4000004, [0x5, 0x0, 0x1ff, 0x664, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x10a}}, @svc={0x122, 0x40, {0xc4000012, [0x5, 0x100000000, 0x7, 0x6, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x180, 0x3, 0x4}}, @hvc={0x32, 0x40, {0x86000000, [0x6, 0x4, 0x8000, 0x7fffffffffffffff, 0x3]}}, @code={0xa, 0xb4, {"008008d5208084d20080b8f2010180d2e20080d2a30080d2040180d2020000d460938ed200c0b0f2410180d2c20080d2e30180d2a40180d2020000d4e00300fa005d84d20080b8f2610080d2020180d2a30180d2040080d2020000d400289ad20020b8f2810080d2a20080d2430180d2440080d2020000d4808b83d20080b0f2410080d2e20080d2830080d2e40180d2020000d4008008d5007008d50040641e"}}, @eret={0xe6, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x103}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x1, 0xc}}, @svc={0x122, 0x40, {0x31000000, [0xb76, 0x1, 0x9, 0x600000, 0xf]}}, @hvc={0x32, 0x40, {0xc4000003, [0x7fff, 0x9, 0x2, 0x2, 0xffffffffffff7fff]}}, @hvc={0x32, 0x40, {0x84000007, [0xfffffffffffffffc, 0x2, 0x7, 0xf4, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x400, 0xb1c, 0xf}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x1, 0xd, 0xffffd118, 0x5, 0x3}}, @eret={0xe6, 0x18, 0x5}, @svc={0x122, 0x40, {0x80000001, [0x3, 0x7, 0xffffffffffffffff, 0x7, 0xe]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x1b5}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x2, 0xc, 0x2, 0x5, 0x1}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x89}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2de}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x209}}], 0x62c}, &(0x7f0000000c00)=[@featur1={0x1, 0x2}], 0x1) ioctl$KVM_ARM_VCPU_FINALIZE(r11, 0x4004aec2, &(0x7f0000000c40)=0x7) r12 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000e80)={0x0, &(0x7f0000000c80)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0x0, 0x100000, 0x1, 0x2}}, @irq_setup={0x46, 0x18, {0x1, 0x1f4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0xfffffffffffffffe, 0x2}}, @smc={0x1e, 0x40, {0x4, [0x3ff, 0x6, 0x3, 0xd, 0x8]}}, @msr={0x14, 0x20, {0x603000000013e65a, 0x5}}, @eret={0xe6, 0x18, 0x5}, @code={0xa, 0xb4, {"0050200e402c81d20080b0f2410180d2e20080d2030180d2840180d2020000d4807783d20020b0f2e10180d2420180d2230180d2040080d2020000d460758fd200e0b0f2c10180d2c20180d2830180d2640180d2020000d400a0600d0094007f007008d5008008d520729bd200e0b0f2e10080d2220080d2430080d2e40180d2020000d460f78bd20060b0f2810180d2c20180d2630180d2c40180d2020000d4"}}, @code={0xa, 0x54, {"007008d50040251e007008d520d39ed20060b8f2610180d2020080d2c30180d2a40180d2020000d4007008d500f4a00e000028d5e003007a00a8210e008008d5"}}], 0x1f0}, &(0x7f0000000ec0)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000f40)=@arm64_extra={0x603000000013c035, &(0x7f0000000f00)=0x1}) ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000fc0)=@riscv64_sbi_sta={0x803000000a000000, &(0x7f0000000f80)=0x5ebb}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 10.850538645s ago: executing program 1 (id=276): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x17000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f00000000c0)=@arm64_sys={0x603000000013df01, &(0x7f0000000100)=0x3}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r6, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r7, 0x3000003, 0x2011, r6, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000140)={0x10000, 0x1, 0x40000, 0x1000, &(0x7f0000d39000/0x1000)=nil, 0x8000000000000000, r6}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r9, 0xae03, 0x83) 9.752362878s ago: executing program 0 (id=277): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010002c, &(0x7f00000001c0)=0x9}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x100000000000003) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x5}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.703887168s ago: executing program 1 (id=278): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x80000, 0x10000, 0x0, 0x200, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000b7b000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, 0xffffffffffffffff, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000040)={0x1fd, 0x2, 0xffffffff, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) 0s ago: executing program 0 (id=279): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x86000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0) (async) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0x86000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xa) ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_cpu$arm64(r6, r5, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r6, r5, &(0x7f0000c00000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f0000000080)={0xfffffffa, 0x8}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x0, 0x1000, 0x1000, &(0x7f0000275000/0x1000)=nil}) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x2710, 0x0, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x23) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r9, 0x400454d8, 0x110c230005) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async) r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) kernel console output (not intermixed with test programs): [ 370.944548][ T3205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.975832][ T24] audit: type=1400 audit(377.130:77): avc: denied { write } for pid=3265 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 381.802547][ T24] audit: type=1400 audit(380.920:78): avc: denied { write } for pid=3270 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 398.161593][ T24] audit: type=1400 audit(397.310:79): avc: denied { write } for pid=3276 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 401.881589][ T24] audit: type=1400 audit(401.030:80): avc: denied { write } for pid=3279 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 404.615867][ T3205] eql: remember to turn off Van-Jacobson compression on your slave devices [ 414.305364][ T24] audit: type=1400 audit(413.460:81): avc: denied { write } for pid=3285 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 418.129559][ T24] audit: type=1400 audit(417.280:82): avc: denied { write } for pid=3288 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 428.538532][ T24] audit: type=1400 audit(427.690:83): avc: denied { write } for pid=3293 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 432.649545][ T24] audit: type=1400 audit(431.790:84): avc: denied { write } for pid=3296 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 443.965597][ T24] audit: type=1400 audit(443.110:85): avc: denied { write } for pid=3301 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 448.982677][ T24] audit: type=1400 audit(448.130:86): avc: denied { write } for pid=3304 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 456.335671][ T24] audit: type=1400 audit(455.490:87): avc: denied { write } for pid=3306 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 460.661477][ T24] audit: type=1400 audit(459.810:88): avc: denied { write } for pid=3309 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 470.762689][ T24] audit: type=1400 audit(469.910:89): avc: denied { write } for pid=3314 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 474.477511][ T24] audit: type=1400 audit(473.630:90): avc: denied { write } for pid=3317 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 479.912756][ T24] audit: type=1400 audit(479.020:91): avc: denied { write } for pid=3319 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 483.733093][ T24] audit: type=1400 audit(482.850:92): avc: denied { write } for pid=3322 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 505.576825][ T24] audit: type=1400 audit(504.730:93): avc: denied { write } for pid=3333 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 510.542437][ T24] audit: type=1400 audit(509.690:94): avc: denied { write } for pid=3336 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 525.315337][ T24] audit: type=1400 audit(524.470:95): avc: denied { write } for pid=3342 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 529.128891][ T24] audit: type=1400 audit(528.280:96): avc: denied { write } for pid=3345 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 540.298344][ T24] audit: type=1400 audit(539.450:97): avc: denied { write } for pid=3349 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 544.102469][ T24] audit: type=1400 audit(543.250:98): avc: denied { write } for pid=3352 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 571.898666][ T24] audit: type=1400 audit(571.050:99): avc: denied { write } for pid=3355 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 575.812478][ T24] audit: type=1400 audit(574.920:100): avc: denied { write } for pid=3358 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '[localhost]:65261' (ED25519) to the list of known hosts. [ 588.368192][ T24] audit: type=1400 audit(587.520:101): avc: denied { name_bind } for pid=3362 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 589.245144][ T24] audit: type=1400 audit(588.400:102): avc: denied { execute } for pid=3363 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 589.267831][ T24] audit: type=1400 audit(588.420:103): avc: denied { execute_no_trans } for pid=3363 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 613.117359][ T24] audit: type=1400 audit(612.270:104): avc: denied { mounton } for pid=3363 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 613.155595][ T24] audit: type=1400 audit(612.310:105): avc: denied { mount } for pid=3363 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 613.268490][ T3363] cgroup: Unknown subsys name 'net' [ 613.326724][ T24] audit: type=1400 audit(612.480:106): avc: denied { unmount } for pid=3363 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 613.737425][ T3363] cgroup: Unknown subsys name 'cpuset' [ 613.849092][ T3363] cgroup: Unknown subsys name 'rlimit' [ 614.735092][ T24] audit: type=1400 audit(613.890:107): avc: denied { setattr } for pid=3363 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 614.755528][ T24] audit: type=1400 audit(613.900:108): avc: denied { mounton } for pid=3363 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 614.778956][ T24] audit: type=1400 audit(613.930:109): avc: denied { mount } for pid=3363 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 615.794073][ T3366] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 615.813728][ T24] audit: type=1400 audit(614.960:110): avc: denied { relabelto } for pid=3366 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 615.839189][ T24] audit: type=1400 audit(614.980:111): avc: denied { write } for pid=3366 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 616.036531][ T24] audit: type=1400 audit(615.190:112): avc: denied { read } for pid=3363 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.058619][ T24] audit: type=1400 audit(615.200:113): avc: denied { open } for pid=3363 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.108347][ T3363] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 674.995367][ T24] audit: type=1400 audit(674.150:114): avc: denied { execmem } for pid=3367 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 678.807444][ T24] audit: type=1400 audit(677.960:115): avc: denied { read } for pid=3369 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 678.838282][ T24] audit: type=1400 audit(677.990:116): avc: denied { open } for pid=3369 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 678.914485][ T24] audit: type=1400 audit(678.070:117): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 679.177786][ T24] audit: type=1400 audit(678.330:118): avc: denied { module_request } for pid=3370 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 680.133219][ T24] audit: type=1400 audit(679.280:119): avc: denied { sys_module } for pid=3370 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 705.373043][ T3369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 705.702725][ T3369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 705.938866][ T3370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.284483][ T3370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.623698][ T3369] hsr_slave_0: entered promiscuous mode [ 717.655343][ T3369] hsr_slave_1: entered promiscuous mode [ 718.482268][ T3370] hsr_slave_0: entered promiscuous mode [ 718.516902][ T3370] hsr_slave_1: entered promiscuous mode [ 718.562452][ T3370] debugfs: 'hsr0' already exists in 'hsr' [ 718.572025][ T3370] Cannot create hsr debugfs directory [ 724.375595][ T24] audit: type=1400 audit(723.530:120): avc: denied { create } for pid=3369 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.393356][ T24] audit: type=1400 audit(723.540:121): avc: denied { write } for pid=3369 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.451837][ T24] audit: type=1400 audit(723.600:122): avc: denied { read } for pid=3369 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.577738][ T3369] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 724.847522][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 724.955425][ T3369] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 725.154064][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 725.235949][ T3369] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 725.504831][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 725.778023][ T3369] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 725.855983][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 727.337339][ T3370] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 727.453710][ T3370] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 727.509467][ T3370] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 727.625381][ T3370] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 727.690079][ T3370] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 727.835548][ T3370] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 727.918021][ T3370] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 728.057527][ T3370] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 740.019410][ T3369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 742.037007][ T3370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 793.804018][ T3369] veth0_vlan: entered promiscuous mode [ 794.288025][ T3369] veth1_vlan: entered promiscuous mode [ 795.582739][ T3370] veth0_vlan: entered promiscuous mode [ 796.338818][ T3370] veth1_vlan: entered promiscuous mode [ 797.106427][ T3369] veth0_macvtap: entered promiscuous mode [ 797.544194][ T3369] veth1_macvtap: entered promiscuous mode [ 799.038613][ T3370] veth0_macvtap: entered promiscuous mode [ 799.688994][ T3370] veth1_macvtap: entered promiscuous mode [ 800.017372][ T21] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.133640][ T21] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.232850][ T21] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.369847][ T21] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.542451][ T24] audit: type=1400 audit(801.690:123): avc: denied { mount } for pid=3369 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 802.730083][ T24] audit: type=1400 audit(801.880:124): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/syzkaller.d6EtgE/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 803.033801][ T24] audit: type=1400 audit(802.180:125): avc: denied { mount } for pid=3369 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 803.265792][ T31] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.269931][ T31] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.299824][ T31] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.323078][ T31] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 803.397499][ T24] audit: type=1400 audit(802.530:126): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/syzkaller.d6EtgE/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 803.536570][ T24] audit: type=1400 audit(802.690:127): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/syzkaller.d6EtgE/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 804.039003][ T24] audit: type=1400 audit(803.190:128): avc: denied { unmount } for pid=3369 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 804.308620][ T24] audit: type=1400 audit(803.460:129): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 804.438056][ T24] audit: type=1400 audit(803.590:130): avc: denied { mount } for pid=3369 comm="syz-executor" name="/" dev="gadgetfs" ino=3753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 804.901697][ T24] audit: type=1400 audit(804.050:131): avc: denied { mount } for pid=3369 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 805.016221][ T24] audit: type=1400 audit(804.170:132): avc: denied { mounton } for pid=3369 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 806.049666][ T3369] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 818.041955][ T24] kauditd_printk_skb: 4 callbacks suppressed [ 818.045068][ T24] audit: type=1400 audit(817.170:137): avc: denied { read write } for pid=3520 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 818.192892][ T24] audit: type=1400 audit(817.340:138): avc: denied { open } for pid=3520 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 818.313614][ T24] audit: type=1400 audit(817.460:139): avc: denied { ioctl } for pid=3520 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 873.099829][ T24] audit: type=1400 audit(872.250:140): avc: denied { execute } for pid=3555 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4430 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 907.545201][ T24] audit: type=1400 audit(906.690:141): avc: denied { append } for pid=3572 comm="syz.0.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 913.294444][ T24] audit: type=1400 audit(912.400:142): avc: denied { create } for pid=3577 comm="syz.1.18" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 916.092609][ T24] audit: type=1400 audit(915.230:143): avc: denied { map } for pid=3577 comm="syz.1.18" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4899 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 916.154866][ T24] audit: type=1400 audit(915.270:144): avc: denied { read } for pid=3577 comm="syz.1.18" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4899 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 937.697149][ T24] audit: type=1400 audit(936.850:145): avc: denied { write } for pid=3586 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 946.145959][ T24] audit: type=1400 audit(945.280:146): avc: denied { write } for pid=3595 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1020.436111][ T3633] KVM: debugfs: duplicate directory 3633-6 [ 1020.829223][ T3633] KVM: debugfs: duplicate directory 3633-6 [ 1040.193218][ T24] audit: type=1400 audit(1039.330:147): avc: denied { execute } for pid=3637 comm="syz.1.38" path=2F31382F10FBFF67525673312B0104 dev="tmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1040.617416][ T24] audit: type=1400 audit(1039.760:148): avc: denied { setattr } for pid=3640 comm="syz.0.39" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1185.973888][ T24] audit: type=1400 audit(1185.120:149): avc: denied { write } for pid=3721 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1191.003426][ T24] audit: type=1400 audit(1190.150:150): avc: denied { write } for pid=3724 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1274.793310][ T24] audit: type=1400 audit(1273.940:151): avc: denied { ioctl } for pid=3770 comm="syz.1.77" path="net:[4026531833]" dev="nsfs" ino=4026531833 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1313.795416][ T3799] kvm [3798]: Unsupported guest access at: eeef0000 [ 1313.795416][ T3799] { Op0( 2), Op1( 4), CRn(15), CRm(13), Op2( 6), func_write }, [ 1543.853731][ T24] audit: type=1400 audit(1542.980:152): avc: denied { write } for pid=3930 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1553.268226][ T24] audit: type=1400 audit(1552.380:153): avc: denied { write } for pid=3940 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1584.232269][ T3962] kvm [3962]: Failed to find VMA for hva 0x20c79000 [ 1592.994549][ T24] audit: type=1400 audit(1592.140:154): avc: denied { ioctl } for pid=3969 comm="syz.0.136" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=11527 ioctlcmd=0xae49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1800.013087][ T24] audit: type=1400 audit(1799.160:155): avc: denied { write } for pid=4074 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1808.493435][ T24] audit: type=1400 audit(1807.550:156): avc: denied { write } for pid=4086 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1853.158626][ T4112] kvm [4110]: Unsupported guest access at: eeef0000 [ 1853.158626][ T4112] { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_read }, [ 2127.281001][ T24] audit: type=1400 audit(2126.340:157): avc: denied { write } for pid=4278 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2135.123940][ T24] audit: type=1400 audit(2134.270:158): avc: denied { write } for pid=4287 comm="rm" name="hook-state" dev="tmpfs" ino=118 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2267.133637][ T24] audit: type=1400 audit(2266.280:159): avc: denied { write } for pid=4359 comm="syz.1.258" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=18267 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2310.572983][ T4380] kvm [4380]: Failed to find VMA for hva 0x20c01000 [ 2336.847031][ T4397] kvm [4397]: Failed to find VMA for hva 0x20c01000 [ 2378.998174][ T4422] Unable to handle kernel paging request at virtual address ffef800000000001 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2379.125401][ T4422] KASAN: null-ptr-deref in range [0x0000000000000010-0x000000000000001f] [ 2379.152007][ T4422] Mem abort info: [ 2379.157457][ T4422] ESR = 0x0000000096000004 [ 2379.197233][ T4422] EC = 0x25: DABT (current EL), IL = 32 bits [ 2379.212655][ T24] audit: type=1400 audit(2378.350:160): avc: denied { read } for pid=3164 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 2379.236334][ T24] audit: type=1400 audit(2378.380:161): avc: denied { search } for pid=3164 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2379.297178][ T4422] SET = 0, FnV = 0 [ 2379.304604][ T4422] EA = 0, S1PTW = 0 [ 2379.315585][ T4422] FSC = 0x04: level 0 translation fault [ 2379.333938][ T4422] Data abort info: [ 2379.350075][ T24] audit: type=1400 audit(2378.500:162): avc: denied { write search } for pid=3164 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2379.352399][ T4422] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 2379.377721][ T24] audit: type=1400 audit(2378.520:163): avc: denied { add_name } for pid=3164 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2379.378644][ T24] audit: type=1400 audit(2378.520:164): avc: denied { create } for pid=3164 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2379.393610][ T4422] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2379.412281][ T4422] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2379.489210][ T24] audit: type=1400 audit(2378.610:165): avc: denied { append open } for pid=3164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2379.513432][ T4422] [ffef800000000001] address between user and kernel address ranges [ 2379.518500][ T4422] Internal error: Oops: 0000000096000004 [#1] SMP [ 2379.521835][ T4422] Modules linked in: [ 2379.523847][ T4422] CPU: 0 UID: 0 PID: 4422 Comm: syz.1.278 Not tainted syzkaller #0 PREEMPT [ 2379.525456][ T4422] Hardware name: linux,dummy-virt (DT) [ 2379.526736][ T4422] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2379.528105][ T4422] pc : vgic_its_save_tables_v0+0x3b0/0xe38 [ 2379.530578][ T4422] lr : vgic_its_save_tables_v0+0x308/0xe38 [ 2379.531607][ T4422] sp : ffff80008f687be0 [ 2379.532367][ T4422] x29: ffff80008f687c60 x28: f8f000001ee272e8 x27: 0000000000000000 [ 2379.534130][ T4422] x26: 00000000000000d3 x25: 78f00000218f4180 x24: ddf000002064d980 [ 2379.535538][ T4422] x23: f8f000001ee27238 x22: b9070000c0000600 x21: 87f000002064d940 [ 2379.537015][ T4422] x20: 5af000002064dc90 x19: efff800000000000 x18: 0000000000000000 [ 2379.538354][ T4422] x17: 0000000000000082 x16: ffff80008001159c x15: 0000000000000089 [ 2379.539736][ T4422] x14: 0000000000000089 x13: fff0000018965408 x12: 0ff0000000000001 [ 2379.541164][ T4422] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000 [ 2379.542467][ T4422] x8 : 0001000000000000 x7 : ffff800080263220 x6 : 0000000000000000 [ 2379.543866][ T4422] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008016e3fc [ 2379.545245][ T4422] x2 : 87f000002064d940 x1 : 0000000000000000 x0 : 0000000000000000 [ 2379.546825][ T4422] Call trace: [ 2379.547746][ T4422] vgic_its_save_tables_v0+0x3b0/0xe38 (P) [ 2379.549164][ T4422] vgic_its_set_attr+0x65c/0x85c [ 2379.550152][ T4422] kvm_device_ioctl+0x354/0x418 [ 2379.551135][ T4422] __arm64_sys_ioctl+0x18c/0x244 [ 2379.552245][ T4422] invoke_syscall+0x94/0x1ec [ 2379.553214][ T4422] el0_svc_common+0x120/0x2f4 [ 2379.554236][ T4422] do_el0_svc+0x58/0x74 [ 2379.555045][ T4422] el0_svc+0x60/0x238 [ 2379.555974][ T4422] el0t_64_sync_handler+0x84/0x12c [ 2379.556926][ T4422] el0t_64_sync+0x198/0x19c [ 2379.558542][ T4422] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) [ 2379.560578][ T4422] ---[ end trace 0000000000000000 ]--- [ 2379.562393][ T4422] Kernel panic - not syncing: Oops: Fatal exception [ 2379.564424][ T4422] Kernel Offset: disabled [ 2379.565156][ T4422] CPU features: 0x00000000,0034600b,f7c647a1,057ffe1f [ 2379.566289][ T4422] Memory Limit: none [ 2379.568023][ T4422] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:53:45 Registers: info registers vcpu 0 CPU#0 PC=ffff8000869be474 X00=0000000000000001 X01=ffff80008ca88000 X02=4cf000000de6d400 X03=0000000000000000 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800080d7ae60 X08=ffff80008ca47b10 X09=0000000000000000 X10=0000000000ff0100 X11=0000000000000001 X12=19f000001eed6000 X13=000000000000006a X14=0000000000002000 X15=ffff80008ca479c0 X16=ffff800080010528 X17=0000000000000052 X18=00000000000000ff X19=ffff80008ca47b00 X20=ffff80008ca47a38 X21=ffff800080773da4 X22=ffff80008ca479d8 X23=ffff80008ca47b60 X24=ffff80008ca47b60 X25=ffff80008ca47a28 X26=00000000000000f0 X27=4cf000000de6d400 X28=0000000000000001 X29=ffff80008ca47ad0 X30=ffff80008699cf08 SP=ffff80008ca47b20 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=0000000000000075:25203a6b63617473 Z02=000000000000000c:0000000000000000 Z03=ffffffffffffff00:ff00000000000000 Z04=0000000000000000:fffffff0f0000000 Z05=000000000000000c:0000000000000002 Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=bb448243222c92da:e3914ed4e87380b0 Z23=43788d6f07084f17:4508b00c6052a10f Z24=b20fae707afde253:388e9c6c4fa85ca0 Z25=8e9f894b2581e79e:20c883c9819d5c97 Z26=57c93d417f4d0394:89cd11f6992873d1 Z27=6b69be1163cb6500:a4ac85c293540e63 Z28=6edc4d3a2914b135:d8e9c869e2695c88 Z29=0000000000000000:0009000700030001 Z30=0000000000274000:0000000000000000 Z31=0000000000000000:ffffffff00000007