last executing test programs: 52.796689786s ago: executing program 0 (id=143): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1bff82, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) (async) r7 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0}) (async) ioctl$KVM_CREATE_VM(r7, 0x401c5820, 0x20000001) (async) ioctl$KVM_GET_SREGS(r2, 0x8000ae83, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x202000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r12, 0x2000003, 0x11, r10, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r12, 0x2000009, 0x22010, r10, 0x0) (async) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000540)={0xe4, 0x0, 0x2}) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r14, 0xc018aec0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x2000000}) (rerun: 32) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="e6000000000000001800000000000000070000000000000032000000000000004000000000000000f83b0004000000000100000000000000bf00000000000000080000000000000001ffffffffffffffffffffffffffffff220100000000000040000000000000005300008400000000450b00000000000000000000000000800000000000000000020000000000000080000000000000004600000000000000180000000000000000000000dc01f2dd82000000000000002800000000000000040000000000000001000000000000009301000000000000be00000000000000180000000000000045df130000003060320000000000000040000000000000000020000000000000ff0f00070000000000000000000000000500000000000000ff0f00000000000001000000010000000000000000000000180000000000000002000000000000002201000000000000400000000000000001ff008600000000b40e0000000000000a0000000000000002000000000000003d01000000000000feffffffffffffff220100000000000040000000000000000020000000000000040000000000000006000000000000000700000000000000010000000000000000000000000000801400000000000000200000000000000023c51300000030600800000000000000aa0000000000000028000000000000000900030000000d000000060000000101000004000000000032000000000000004000000000000000000000000000000003000000000000008d050000000000000e0000000000008277000000000000000900000000000000be00000000000000180000000000000074df13000000306000000000000000001800000000000000000001000000000032000000000000004000000000000000000000310000000004000000000000004000000000000000008000000000000007000008000000000e000000000000006e00000000000000300000000000000000000c08000000007800000000000000050000000000000007000000000000006e0000000000000030000000000000000000000800000000000c000000000000faffffffffffffff01000000000000001e000000000000004000000000000000000000800000000000100000000000000000010000000000080000000000000080000000000000000400000000000000be00000000000000180000000000000001d8130000003060aa0000000000000028000000000000000901000000000d0000000000000000080000010000000000e600000000000000180000000000000006000000000000001e000000000000004000000000000000050000c4000000000000000000000000050000000000000007000000000000003e000000000000000800000000000000"], 0x3f8}], 0x1, 0x0, &(0x7f00000000c0)=[@featur1={0x1, 0xa0}], 0x1) 47.88539995s ago: executing program 1 (id=144): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x16) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f000098e000/0x400000)=nil) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x21) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r9 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000a62000/0x1000)=nil, 0x0, 0x9, 0x11, r2, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0x40086602, 0x24) r11 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) (async, rerun: 64) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0xc, 0x32, 0xffffffffffffffff, 0x0) 41.499998513s ago: executing program 0 (id=145): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000d95000/0x4000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000180)={0xdddd0000, 0x8000}) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) (async) r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 38.591724067s ago: executing program 1 (id=146): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x3000}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) 31.954661625s ago: executing program 0 (id=147): r0 = openat$kvm(0x0, &(0x7f00000001c0), 0xd40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x3, 0x3, 0x0}) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a00ed}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x200, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000340)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0xfffffffffffffffe, 0x1, 0x1}}, @svc={0x122, 0x40, {0x84000011, [0x2, 0x9, 0x2, 0x3ff, 0x10]}}], 0x80}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x1}) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r8, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 30.037876616s ago: executing program 1 (id=148): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x1000, &(0x7f0000c42000/0x1000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000f32000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 19.012052356s ago: executing program 0 (id=149): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100050, &(0x7f0000000000)=0x12}) (async) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000140)=@arm64_core={0x6030000000100010, &(0x7f0000000100)=0x2}) 18.668994691s ago: executing program 1 (id=150): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r4, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x444480, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r13, 0x2000003, 0x11, r11, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r13, 0x2000009, 0x11, r11, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r16, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r16, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r8, 0x0) r17 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x3a) r18 = syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil) r19 = syz_kvm_add_vcpu$arm64(r18, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r19, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) 9.89156862s ago: executing program 0 (id=151): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x27) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x3, 0x0}) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0x1c}}], 0xffffffffffffffc0}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 6.910246337s ago: executing program 1 (id=152): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x100010, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x80000031) ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) close(r1) close(r1) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) 1.69576481s ago: executing program 0 (id=153): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2c) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000140)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x7f}) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000180), 0x201, 0x0) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000000)=@arm64_ccsidr={0x6030000000110001, 0x0}) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_RUN(r8, 0xae80, 0x0) 0s ago: executing program 1 (id=154): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000000)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x77) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x2, 0x354}}, @irq_setup={0x46, 0x18, {0x4, 0x30c}}, @hvc={0x32, 0x40, {0x1000, [0x800, 0x3, 0x3, 0x800, 0x10001]}}, @eret={0xe6, 0x18, 0x4}, @eret={0xe6, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x1, 0x3a1}}, @svc={0x122, 0x40, {0x40, [0x6, 0x0, 0x9, 0x3, 0xe00]}}, @hvc={0x32, 0x40, {0x8600ff01, [0x5, 0x1, 0x800, 0x3, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013f099}}, @mrs={0xbe, 0x18, {0x603000000013e649}}], 0x168}, &(0x7f0000000040)=[@featur1={0x1, 0x1}], 0x1) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) kernel console output (not intermixed with test programs): [ 378.542566][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.193399][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:50769' (ED25519) to the list of known hosts. [ 590.204077][ T25] audit: type=1400 audit(589.410:61): avc: denied { name_bind } for pid=3309 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 591.168544][ T25] audit: type=1400 audit(590.370:62): avc: denied { execute } for pid=3310 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 591.193549][ T25] audit: type=1400 audit(590.400:63): avc: denied { execute_no_trans } for pid=3310 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 614.297936][ T25] audit: type=1400 audit(613.500:64): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 614.331151][ T25] audit: type=1400 audit(613.530:65): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 614.410633][ T3310] cgroup: Unknown subsys name 'net' [ 614.459340][ T25] audit: type=1400 audit(613.660:66): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 614.865390][ T3310] cgroup: Unknown subsys name 'cpuset' [ 614.973594][ T3310] cgroup: Unknown subsys name 'rlimit' [ 615.889507][ T25] audit: type=1400 audit(615.090:67): avc: denied { setattr } for pid=3310 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 615.908835][ T25] audit: type=1400 audit(615.110:68): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 615.938488][ T25] audit: type=1400 audit(615.140:69): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 617.162333][ T3313] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 617.182972][ T25] audit: type=1400 audit(616.390:70): avc: denied { relabelto } for pid=3313 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.212051][ T25] audit: type=1400 audit(616.410:71): avc: denied { write } for pid=3313 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 617.385729][ T25] audit: type=1400 audit(616.590:72): avc: denied { read } for pid=3310 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.412113][ T25] audit: type=1400 audit(616.620:73): avc: denied { open } for pid=3310 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.461196][ T3310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 667.801516][ T25] audit: type=1400 audit(667.010:74): avc: denied { execmem } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 672.408104][ T25] audit: type=1400 audit(671.610:75): avc: denied { read } for pid=3316 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.439495][ T25] audit: type=1400 audit(671.640:76): avc: denied { open } for pid=3316 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.523821][ T25] audit: type=1400 audit(671.730:77): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 672.773231][ T25] audit: type=1400 audit(671.980:78): avc: denied { module_request } for pid=3316 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 673.864670][ T25] audit: type=1400 audit(673.070:79): avc: denied { sys_module } for pid=3316 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 699.107561][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.549719][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.657924][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.217569][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 715.366793][ T3316] hsr_slave_0: entered promiscuous mode [ 715.394009][ T3316] hsr_slave_1: entered promiscuous mode [ 716.263715][ T3317] hsr_slave_0: entered promiscuous mode [ 716.303298][ T3317] hsr_slave_1: entered promiscuous mode [ 716.334283][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 716.340147][ T3317] Cannot create hsr debugfs directory [ 721.764984][ T25] audit: type=1400 audit(720.970:80): avc: denied { create } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 721.792496][ T25] audit: type=1400 audit(720.990:81): avc: denied { write } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 721.848822][ T25] audit: type=1400 audit(721.050:82): avc: denied { read } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.009897][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 722.334580][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 722.553521][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 723.037439][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 724.198938][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 724.359353][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 724.550090][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 724.683138][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 738.052809][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 739.104182][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 795.705591][ T3316] veth0_vlan: entered promiscuous mode [ 796.342053][ T3316] veth1_vlan: entered promiscuous mode [ 797.316667][ T3317] veth0_vlan: entered promiscuous mode [ 798.135403][ T3317] veth1_vlan: entered promiscuous mode [ 798.640928][ T3316] veth0_macvtap: entered promiscuous mode [ 799.012883][ T3316] veth1_macvtap: entered promiscuous mode [ 800.451589][ T3317] veth0_macvtap: entered promiscuous mode [ 800.879516][ T3317] veth1_macvtap: entered promiscuous mode [ 801.532030][ T3355] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.632582][ T3355] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.637669][ T3355] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.691397][ T3355] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.001790][ T25] audit: type=1400 audit(803.200:83): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 804.023869][ T3358] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.028627][ T3358] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.032213][ T3358] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.040446][ T3358] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.391989][ T25] audit: type=1400 audit(803.590:84): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.HbYKm9/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 804.683003][ T25] audit: type=1400 audit(803.890:85): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 805.095097][ T25] audit: type=1400 audit(804.300:86): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.HbYKm9/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 805.224222][ T25] audit: type=1400 audit(804.430:87): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.HbYKm9/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 805.930811][ T25] audit: type=1400 audit(805.050:88): avc: denied { unmount } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 806.229274][ T25] audit: type=1400 audit(805.420:89): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 806.355396][ T25] audit: type=1400 audit(805.560:90): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=3769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 806.639692][ T25] audit: type=1400 audit(805.840:91): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 806.673859][ T25] audit: type=1400 audit(805.880:92): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 807.384339][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 816.588147][ T25] kauditd_printk_skb: 5 callbacks suppressed [ 816.608700][ T25] audit: type=1400 audit(815.790:98): avc: denied { read } for pid=3470 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 816.770056][ T25] audit: type=1400 audit(815.970:99): avc: denied { open } for pid=3470 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.154753][ T25] audit: type=1400 audit(816.360:100): avc: denied { ioctl } for pid=3470 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 820.726978][ T25] audit: type=1400 audit(819.920:101): avc: denied { append } for pid=3471 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 823.719727][ T25] audit: type=1400 audit(822.910:102): avc: denied { execute } for pid=3471 comm="syz.0.1" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3866 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 845.852371][ T25] audit: type=1400 audit(845.060:103): avc: denied { write } for pid=3489 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 886.478480][ T3513] KVM: debugfs: duplicate directory 3513-5 [ 1168.880963][ T3691] kvm [3691]: Failed to find VMA for hva 0x21016000 [ 1339.314369][ T3787] kvm [3787]: Failed to find VMA for hva 0x20c01000 [ 1455.648641][ T3863] kvm [3863]: Failed to find VMA for hva 0x20d8d000 [ 1598.642761][ T3957] ================================================================== [ 1598.643379][ T3957] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 [ 1598.645115][ T3957] Read of size 8 at addr 10f000001e5ad000 by task syz.0.153/3957 [ 1598.645357][ T3957] Pointer tag: [10], memory tag: [fe] [ 1598.645503][ T3957] [ 1598.646499][ T3957] CPU: 0 UID: 0 PID: 3957 Comm: syz.0.153 Not tainted syzkaller #0 PREEMPT [ 1598.647050][ T3957] Hardware name: linux,dummy-virt (DT) [ 1598.647490][ T3957] Call trace: [ 1598.647852][ T3957] show_stack+0x2c/0x3c (C) [ 1598.648476][ T3957] __dump_stack+0x30/0x40 [ 1598.648746][ T3957] dump_stack_lvl+0xd8/0x12c [ 1598.648976][ T3957] print_address_description+0xac/0x288 [ 1598.649258][ T3957] print_report+0x84/0xa0 [ 1598.649540][ T3957] kasan_report+0xb0/0x110 [ 1598.649766][ T3957] kasan_tag_mismatch+0x28/0x3c [ 1598.650042][ T3957] __hwasan_tag_mismatch+0x30/0x60 [ 1598.650342][ T3957] __kvm_pgtable_walk+0x8e4/0xa68 [ 1598.650626][ T3957] kvm_pgtable_walk+0x294/0x468 [ 1598.650906][ T3957] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1598.651217][ T3957] kvm_free_stage2_pgd+0x198/0x28c [ 1598.651494][ T3957] kvm_uninit_stage2_mmu+0x20/0x38 [ 1598.651767][ T3957] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1598.652080][ T3957] kvm_mmu_notifier_release+0x48/0xa8 [ 1598.652355][ T3957] mmu_notifier_unregister+0x128/0x42c [ 1598.652617][ T3957] kvm_put_kvm+0x6a0/0xfa8 [ 1598.652818][ T3957] kvm_vcpu_release+0x70/0x9c [ 1598.653110][ T3957] __fput+0x4ac/0x980 [ 1598.653306][ T3957] ____fput+0x20/0x58 [ 1598.653532][ T3957] task_work_run+0x1bc/0x254 [ 1598.653761][ T3957] get_signal+0x13ec/0x1554 [ 1598.654071][ T3957] do_signal+0x23c/0x4dd0 [ 1598.654369][ T3957] do_notify_resume+0xb0/0x270 [ 1598.654614][ T3957] el0_svc+0xb8/0x164 [ 1598.654848][ T3957] el0t_64_sync_handler+0x84/0x12c [ 1598.655125][ T3957] el0t_64_sync+0x198/0x19c [ 1598.655615][ T3957] [ 1598.655785][ T3957] The buggy address belongs to the physical page: [ 1598.656886][ T3957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xa8f0000000000000 pfn:0x5e5ad [ 1598.657271][ T3957] flags: 0x1fffbc000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xef) [ 1598.658440][ T3957] raw: 01fffbc000000000 ffffc1ffc079cfc8 ffffc1ffc0631808 0000000000000000 [ 1598.658681][ T3957] raw: a8f0000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1598.658895][ T3957] page dumped because: kasan: bad access detected [ 1598.659047][ T3957] [ 1598.659144][ T3957] Memory state around the buggy address: [ 1598.659489][ T3957] fff000001e5ace00: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a [ 1598.659683][ T3957] fff000001e5acf00: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a [ 1598.659863][ T3957] >fff000001e5ad000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1598.660021][ T3957] ^ [ 1598.660259][ T3957] fff000001e5ad100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1598.660437][ T3957] fff000001e5ad200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1598.660635][ T3957] ================================================================== [ 1598.900781][ T3957] Disabling lock debugging due to kernel taint [ 1599.019711][ T3957] Unable to handle kernel paging request at virtual address fffea72652b20300 [ 1599.038576][ T3957] KASAN: probably wild-memory-access in range [0xfff272652b203000-0xfff272652b20300f] [ 1599.056787][ T3957] Mem abort info: [ 1599.058904][ T3957] ESR = 0x0000000096000004 [ 1599.069369][ T3957] EC = 0x25: DABT (current EL), IL = 32 bits [ 1599.074476][ T3957] SET = 0, FnV = 0 [ 1599.134453][ T3957] EA = 0, S1PTW = 0 [ 1599.149598][ T3957] FSC = 0x04: level 0 translation fault [ 1599.167676][ T3957] Data abort info: [ 1599.180174][ T3957] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1599.183263][ T3957] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1599.208683][ T3957] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1599.217855][ T3957] swapper pgtable: 4k pages, 52-bit VAs, pgdp=00000000476e2000 [ 1599.225664][ T3957] [fffea72652b20300] pgd=0000000047f43003 [ 1599.231725][ T25] audit: type=1400 audit(1598.440:104): avc: denied { read } for pid=3114 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1599.264361][ T25] audit: type=1400 audit(1598.470:105): avc: denied { search } for pid=3114 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1599.283164][ T3957] , p4d=0000000000000000 [ 1599.289731][ T25] audit: type=1400 audit(1598.490:106): avc: denied { search } for pid=3114 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1599.300964][ T3957] [ 1599.319610][ T3957] Internal error: Oops: 0000000096000004 [#1] SMP [ 1599.322821][ T3957] Modules linked in: [ 1599.324611][ T3957] CPU: 0 UID: 0 PID: 3957 Comm: syz.0.153 Tainted: G B syzkaller #0 PREEMPT [ 1599.326263][ T3957] Tainted: [B]=BAD_PAGE [ 1599.326956][ T3957] Hardware name: linux,dummy-virt (DT) [ 1599.328041][ T3957] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1599.329368][ T3957] pc : __kvm_pgtable_walk+0x268/0xa68 [ 1599.330425][ T3957] lr : __kvm_pgtable_walk+0x214/0xa68 [ 1599.331428][ T3957] sp : ffff80008ed77510 [ 1599.332172][ T3957] x29: ffff80008ed775b0 x28: 0000000000000005 x27: fff272652b203000 [ 1599.333812][ T3957] x26: fff272652b203000 x25: 0000000000000000 x24: 0000000000000001 [ 1599.335185][ T3957] x23: 00000000000000ff x22: efff800000000000 x21: ffff80008ed77718 [ 1599.336387][ T3957] x20: 00000000000000ff x19: 00000000000000ff x18: 0000000000001b80 [ 1599.337737][ T3957] x17: 0000000000000010 x16: 00000000000000fe x15: fff0000072d7e404 [ 1599.339073][ T3957] x14: 0000000000000002 x13: ffff80008ed77720 x12: ffff80008ed77728 [ 1599.340428][ T3957] x11: 0000000000080000 x10: 0000000000050f8b x9 : ffff80008ed77568 [ 1599.341950][ T3957] x8 : 0fff272652b20300 x7 : ffff800080bc7058 x6 : 0000000000000000 [ 1599.343286][ T3957] x5 : 0000000000000000 x4 : 00000000000000ff x3 : 0000000000000001 [ 1599.344560][ T3957] x2 : fff272652b203000 x1 : 0000000000000000 x0 : 0000000000000000 [ 1599.345988][ T3957] Call trace: [ 1599.346642][ T3957] __kvm_pgtable_walk+0x268/0xa68 (P) [ 1599.347677][ T3957] __kvm_pgtable_walk+0x600/0xa68 [ 1599.348649][ T3957] kvm_pgtable_walk+0x294/0x468 [ 1599.349615][ T3957] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1599.350680][ T3957] kvm_free_stage2_pgd+0x198/0x28c [ 1599.351635][ T3957] kvm_uninit_stage2_mmu+0x20/0x38 [ 1599.352607][ T3957] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1599.353664][ T3957] kvm_mmu_notifier_release+0x48/0xa8 [ 1599.354650][ T3957] mmu_notifier_unregister+0x128/0x42c [ 1599.355623][ T3957] kvm_put_kvm+0x6a0/0xfa8 [ 1599.356440][ T3957] kvm_vcpu_release+0x70/0x9c [ 1599.357342][ T3957] __fput+0x4ac/0x980 [ 1599.358126][ T3957] ____fput+0x20/0x58 [ 1599.358909][ T3957] task_work_run+0x1bc/0x254 [ 1599.359724][ T3957] get_signal+0x13ec/0x1554 [ 1599.360640][ T3957] do_signal+0x23c/0x4dd0 [ 1599.361564][ T3957] do_notify_resume+0xb0/0x270 [ 1599.362483][ T3957] el0_svc+0xb8/0x164 [ 1599.363223][ T3957] el0t_64_sync_handler+0x84/0x12c [ 1599.364146][ T3957] el0t_64_sync+0x198/0x19c [ 1599.365532][ T3957] Code: f94023ec f9400fed a9017d3f f800813f (38686ac8) [ 1599.367309][ T3957] ---[ end trace 0000000000000000 ]--- [ 1599.368860][ T3957] Kernel panic - not syncing: Oops: Fatal exception [ 1599.370768][ T3957] Kernel Offset: disabled [ 1599.371495][ T3957] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1599.372598][ T3957] Memory Limit: none [ 1599.374285][ T3957] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:39:17 Registers: info registers vcpu 0 CPU#0 PC=ffff800080694794 X00=fff0000072d64248 X01=ffff80008710b349 X02=eef000000d9b9d80 X03=0000000000000000 X04=0000000000000003 X05=0000000000000000 X06=0000000000000000 X07=ffff80008534d3c0 X08=eef000000d9b9d80 X09=0000000000000101 X10=0000000000ff0100 X11=0000000000000004 X12=ffff800080010e20 X13=00000000dab70e75 X14=00000000ffff8000 X15=ffff800080007708 X16=ffff800080010e20 X17=0000000000000070 X18=00000000000000ff X19=ffff800080007840 X20=ffff800080007768 X21=ffff800080007778 X22=0000000000000002 X23=00000000000000ff X24=0000000000000000 X25=fff0000072d77120 X26=ffff800087725000 X27=00000000000000ff X28=0000000000000000 X29=ffff800080007750 X30=ffff800080453abc SP=ffff8000800077c0 PSTATE=204020c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ff0000ff0000:ffff00000000706d Z02=c0fc00fcc000c0fc:0000c0fcc0fc0000 Z03=0000000000000000:0000000000000000 Z04=3303330333033303:3303330333033303 Z05=bcfcc0bc00bcbc00:bcfcc0bc00bcbc00 Z06=0000000000000073:0000aaaad81653c0 Z07=0000000000000074:0000aaaad8162600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffffa8c1a00:0000fffffa8c1a00 Z17=ffffff80ffffffd0:0000fffffa8c19d0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000