last executing test programs: 57.498602117s ago: executing program 1 (id=1030): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x5, 0x0, &(0x7f0000000300)=0xfffffffffffffffc}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000080)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000180)=0x1d}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000001c0)={0x8}) ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f00000001c0)=ANY=[]) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd2(0x5, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x0, r7}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0xa) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x1f}) 43.290823056s ago: executing program 1 (id=1032): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) openat$kvm(0x0, 0x0, 0x0, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x40) r7 = eventfd2(0x3ff, 0x80001) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f00000002c0)={r7, 0x0, 0x0, r7}) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000080)=ANY=[]) 41.651008692s ago: executing program 0 (id=1033): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x3, 0x40) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0x1, 0x2}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x3, 0x40) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0x1, 0x2}) (async) 30.489831907s ago: executing program 0 (id=1034): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x260002, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x402, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x402, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_GET_ONE_REG(r6, 0x8000ae8c, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) r11 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r10, 0x1000007, 0x2012, r11, 0x0) ioctl$KVM_GET_REGS(r6, 0x8360ae81, &(0x7f0000000080)) 25.935947892s ago: executing program 1 (id=1035): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x80000) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r2, 0x3}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7a53, 0x0, 0x8, r2, 0x6}) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) eventfd2(0x0, 0x80000) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, r2, 0x3}) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7a53, 0x0, 0x8, r2, 0x6}) (async) 23.260706613s ago: executing program 0 (id=1036): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xfffffffffffffff7) 19.260566572s ago: executing program 1 (id=1037): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x20000000) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x5) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000080)={0x0, 0x6}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013df02, &(0x7f0000000100)=0x1}) ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000040)={0x0, 0x101}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0) 17.478602745s ago: executing program 0 (id=1038): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[@memwrite={0x6, 0x30, @vgic_gicr={0x8100000, 0x180, 0x2, 0x4}}, @smc={0x3, 0x40, {0x20, [0x7fb, 0x4, 0x7fffffffffffffff, 0x7ff, 0x7]}}, @mrs={0x9, 0x18, {0x603000000013c4d7}}, @uexit={0x0, 0x18, 0xd853}, @irq_setup={0x5, 0x18, {0x2, 0x93}}, @msr={0x2, 0x20, {0x6030000000138036, 0x3}}, @msr={0x2, 0x20, {0x603000000013c4d7, 0x4}}, @smc={0x3, 0x40, {0x2000, [0x982, 0x1, 0x7, 0x0, 0xad67]}}, @irq_setup={0x5, 0x18, {0x0, 0x31c}}], 0x150}, &(0x7f0000000200), 0x1) mmap$KVM_VCPU(&(0x7f0000001000/0x3000)=nil, 0x930, 0x2000003, 0x23ac5f9b426ec4b1, r1, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x4, 0xa0) 10.440712908s ago: executing program 0 (id=1039): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async, rerun: 64) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = mmap$KVM_VCPU(&(0x7f0000647000/0x4000)=nil, 0x0, 0x2000001, 0x4010, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000240)="b0329be5c3a6e7cba612188fd2f3797a84bb2aaa2b52c62d4d269c24f65aa10247b0d3840d3d5502cad31083540bc363e91a473bc5c21e2863937a9533def5c925c076f8b48b387b", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c17000/0x3000)=nil, 0x930, 0x19, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0xa}) (async) ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000180)=ANY=[@ANYBLOB="000b5501c2e639647e"]) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f00006b4000/0x1000)=nil, r7, 0x2000000, 0x12, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000040)="555c94059bbf6eb7259040253ee8ccb3cd9d322a892158af98673a73e7ebc6592149d461c934ab05ab31f08b77953b18fad823df8761ecc119d117c19c9c73ab458c057d65921074", 0x0, 0x48) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x4070ca2cbe1fbaa, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async, rerun: 64) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r11, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x2000}) (rerun: 64) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000200)=@arm64_core={0x6030000000100048, &(0x7f0000000140)=0x6}) 9.067847113s ago: executing program 1 (id=1040): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="114149dd033be3ac3bc4a223e0518df242008031d1dfd92f000000000105f9ffdc9610fbff770100", 0x0, 0x48) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013c000, &(0x7f0000000000)=0xffffffffffffffff}) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0x60) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x2000008, 0x1010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x5) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000340)={0x5}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) r9 = syz_kvm_vgic_v3_setup(r8, 0x4, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000000240)=0x200}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000080)=@arm64_core={0x6030000000100048, &(0x7f0000000040)=0x5}) munmap(&(0x7f0000001000/0x1000)=nil, 0x1000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x0, 0x80a0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) 2.829151781s ago: executing program 0 (id=1041): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x3}) (async) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x7, 0x28, {0x0, 0x1, 0x17}}, @memwrite={0x6, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xb}}], 0x58}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 1 (id=1042): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000100)={0xa, 0x8000, 0xf33d48fdd23b28c7}}) (async) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000004000/0x3000)=nil, 0x930, 0x280000f, 0x10, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) (async) r7 = eventfd2(0x0, 0x0) close(r7) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) write$eventfd(r7, &(0x7f0000000000)=0x8001, 0x8) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r8, 0x2000004, 0x2812, r7, 0x0) kernel console output (not intermixed with test programs): [ 406.182702][ T3128] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:31415' (ED25519) to the list of known hosts. [ 578.800313][ T25] audit: type=1400 audit(577.950:59): avc: denied { name_bind } for pid=3284 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 579.734499][ T25] audit: type=1400 audit(578.890:60): avc: denied { execute } for pid=3285 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 579.759683][ T25] audit: type=1400 audit(578.910:61): avc: denied { execute_no_trans } for pid=3285 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 598.684414][ T25] audit: type=1400 audit(597.840:62): avc: denied { mounton } for pid=3285 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 598.721354][ T25] audit: type=1400 audit(597.880:63): avc: denied { mount } for pid=3285 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 598.804060][ T3285] cgroup: Unknown subsys name 'net' [ 598.853479][ T25] audit: type=1400 audit(598.010:64): avc: denied { unmount } for pid=3285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 599.304250][ T3285] cgroup: Unknown subsys name 'cpuset' [ 599.403688][ T3285] cgroup: Unknown subsys name 'rlimit' [ 600.391242][ T25] audit: type=1400 audit(599.550:65): avc: denied { setattr } for pid=3285 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 600.420214][ T25] audit: type=1400 audit(599.580:66): avc: denied { mounton } for pid=3285 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 600.437941][ T25] audit: type=1400 audit(599.590:67): avc: denied { mount } for pid=3285 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 601.611190][ T3288] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 601.631773][ T25] audit: type=1400 audit(600.780:68): avc: denied { relabelto } for pid=3288 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 601.658916][ T25] audit: type=1400 audit(600.810:69): avc: denied { write } for pid=3288 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 601.832210][ T25] audit: type=1400 audit(600.990:70): avc: denied { read } for pid=3285 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 601.853831][ T25] audit: type=1400 audit(601.010:71): avc: denied { open } for pid=3285 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 601.897534][ T3285] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 648.170182][ T25] audit: type=1400 audit(647.330:72): avc: denied { execmem } for pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 651.790047][ T25] audit: type=1400 audit(650.950:73): avc: denied { read } for pid=3291 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 651.820419][ T25] audit: type=1400 audit(650.960:74): avc: denied { open } for pid=3291 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 651.909821][ T25] audit: type=1400 audit(651.050:75): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 652.163603][ T25] audit: type=1400 audit(651.320:76): avc: denied { module_request } for pid=3291 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 653.333549][ T25] audit: type=1400 audit(652.490:77): avc: denied { sys_module } for pid=3291 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 677.234872][ T3291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.469938][ T3291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.529843][ T3292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.894766][ T3292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 690.863339][ T3291] hsr_slave_0: entered promiscuous mode [ 690.923214][ T3291] hsr_slave_1: entered promiscuous mode [ 692.338532][ T3292] hsr_slave_0: entered promiscuous mode [ 692.382445][ T3292] hsr_slave_1: entered promiscuous mode [ 692.427535][ T3292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 692.437517][ T3292] Cannot create hsr debugfs directory [ 701.082573][ T25] audit: type=1400 audit(700.240:78): avc: denied { create } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 701.113812][ T25] audit: type=1400 audit(700.260:79): avc: denied { write } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 701.164471][ T25] audit: type=1400 audit(700.320:80): avc: denied { read } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 701.291105][ T3291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 701.554837][ T3291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 701.823603][ T3291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 702.103654][ T3291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 703.787108][ T3292] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 704.044373][ T3292] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 704.199524][ T3292] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 704.382993][ T3292] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 716.230906][ T3291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 719.321256][ T3292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 774.193512][ T3291] veth0_vlan: entered promiscuous mode [ 774.600234][ T3291] veth1_vlan: entered promiscuous mode [ 776.472400][ T3291] veth0_macvtap: entered promiscuous mode [ 777.100078][ T3291] veth1_macvtap: entered promiscuous mode [ 777.202150][ T3292] veth0_vlan: entered promiscuous mode [ 777.861756][ T3292] veth1_vlan: entered promiscuous mode [ 779.213131][ T3291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.221994][ T3291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.234601][ T3291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 779.248366][ T3291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 780.900273][ T3292] veth0_macvtap: entered promiscuous mode [ 781.503789][ T3292] veth1_macvtap: entered promiscuous mode [ 781.747970][ T25] audit: type=1400 audit(780.820:81): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 781.937538][ T25] audit: type=1400 audit(781.090:82): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.uCAkPa/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 782.237189][ T25] audit: type=1400 audit(781.390:83): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 782.464063][ T25] audit: type=1400 audit(781.620:84): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.uCAkPa/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 782.553841][ T25] audit: type=1400 audit(781.710:85): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzkaller.uCAkPa/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 783.123250][ T25] audit: type=1400 audit(782.270:86): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 783.478792][ T3292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.497850][ T3292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.511978][ T25] audit: type=1400 audit(782.620:87): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 783.538391][ T3292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.596446][ T3292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.664720][ T25] audit: type=1400 audit(782.810:88): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="gadgetfs" ino=3258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 784.067997][ T25] audit: type=1400 audit(783.170:89): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 784.100200][ T25] audit: type=1400 audit(783.250:90): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 785.760132][ T3291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 786.787698][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 786.793778][ T25] audit: type=1400 audit(785.930:92): avc: denied { read write } for pid=3291 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 786.878142][ T25] audit: type=1400 audit(785.970:93): avc: denied { open } for pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 786.889337][ T25] audit: type=1400 audit(786.030:94): avc: denied { ioctl } for pid=3291 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 789.857741][ T25] audit: type=1400 audit(789.000:95): avc: denied { read } for pid=3433 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 789.917598][ T25] audit: type=1400 audit(789.070:96): avc: denied { open } for pid=3433 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 790.157010][ T25] audit: type=1400 audit(789.300:97): avc: denied { ioctl } for pid=3433 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 790.913657][ T25] audit: type=1400 audit(790.060:98): avc: denied { write } for pid=3435 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 791.754011][ T25] audit: type=1400 audit(790.900:99): avc: denied { append } for pid=3435 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 866.070580][ T25] audit: type=1400 audit(865.150:100): avc: denied { execute } for pid=3483 comm="syz.0.16" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4280 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1022.751010][ T25] audit: type=1400 audit(1021.910:101): avc: denied { setattr } for pid=3589 comm="syz.1.46" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1752.018522][ T4106] kvm [4106]: Failed to find VMA for hva 0x21016000 [ 1807.522613][ T25] audit: type=1400 audit(1806.680:102): avc: denied { ioctl } for pid=4151 comm="syz.1.206" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1862.727903][ T25] audit: type=1400 audit(1861.870:103): avc: denied { execute } for pid=4191 comm="syz.1.219" path=2F3131302FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=577 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2309.641782][ T4522] kvm [4522]: Failed to find VMA for hva 0x21016000 [ 2309.739746][ T4522] kvm [4522]: Failed to find VMA for hva 0x21016000 [ 2310.884476][ T4522] KVM: debugfs: duplicate directory 4522-4 [ 2728.491236][ T4849] kvm [4849]: Failed to find VMA for hva 0x20fcc000 [ 2755.801501][ T4869] KVM: debugfs: duplicate directory 4869-5 [ 2937.050614][ T25] audit: type=1400 audit(2936.210:104): avc: denied { map } for pid=4991 comm="syz.1.442" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4283.494790][ T5953] kvm [5953]: Failed to find VMA for hva 0x20fcc000 [ 4878.261144][ T25] audit: type=1400 audit(4877.410:105): avc: denied { execute } for pid=6400 comm="syz.0.835" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4897.313180][ T25] audit: type=1400 audit(4896.470:106): avc: denied { map } for pid=6416 comm="syz.0.839" path="pipe:[2409]" dev="pipefs" ino=2409 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 5079.974341][ T6555] kvm [6555]: Failed to find VMA for hva 0x21016000 [ 5430.366613][ T6822] kvm [6822]: Failed to find VMA for hva 0x20c01000 [ 5598.672595][ T6939] kvm [6939]: Failed to find VMA for hva 0x204dc000 [ 5863.808080][ T7144] ================================================================== [ 5863.808929][ T7144] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [ 5863.810904][ T7144] Read of size 1 at addr 00000000000013c8 by task syz.0.1041/7144 [ 5863.811270][ T7144] [ 5863.812371][ T7144] CPU: 0 UID: 0 PID: 7144 Comm: syz.0.1041 Not tainted 6.15.0-rc4-syzkaller-gc4e91ea0cc7e #0 PREEMPT [ 5863.812910][ T7144] Hardware name: linux,dummy-virt (DT) [ 5863.815275][ T7144] Call trace: [ 5863.815648][ T7144] show_stack+0x2c/0x3c (C) [ 5863.816222][ T7144] __dump_stack+0x30/0x40 [ 5863.816466][ T7144] dump_stack_lvl+0xd8/0x12c [ 5863.816693][ T7144] print_report+0x5c/0xa0 [ 5863.816931][ T7144] kasan_report+0xb0/0x110 [ 5863.817163][ T7144] __kasan_check_byte+0x3c/0x54 [ 5863.817385][ T7144] lock_acquire+0xb0/0x2e0 [ 5863.817658][ T7144] _raw_spin_lock_irqsave+0x5c/0x7c [ 5863.817925][ T7144] kvm_vgic_set_owner+0x18c/0x294 [ 5863.818153][ T7144] kvm_timer_enable+0x1c4/0x794 [ 5863.818370][ T7144] kvm_arch_vcpu_run_pid_change+0x1f0/0x458 [ 5863.818610][ T7144] kvm_vcpu_ioctl+0xae8/0xc24 [ 5863.818841][ T7144] __arm64_sys_ioctl+0x18c/0x244 [ 5863.819110][ T7144] invoke_syscall+0x90/0x2b4 [ 5863.819367][ T7144] el0_svc_common+0x180/0x2f4 [ 5863.819652][ T7144] do_el0_svc+0x58/0x74 [ 5863.819908][ T7144] el0_svc+0x58/0x134 [ 5863.820164][ T7144] el0t_64_sync_handler+0x78/0x108 [ 5863.820428][ T7144] el0t_64_sync+0x198/0x19c [ 5863.821001][ T7144] ================================================================== [ 5863.823276][ T7144] Disabling lock debugging due to kernel taint [ 5863.824495][ T7144] Unable to handle kernel paging request at virtual address ffef80000000013b [ 5863.824984][ T7144] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [ 5863.825308][ T7144] Mem abort info: [ 5863.825533][ T7144] ESR = 0x0000000096000004 [ 5863.825857][ T7144] EC = 0x25: DABT (current EL), IL = 32 bits [ 5863.826147][ T7144] SET = 0, FnV = 0 [ 5863.826421][ T7144] EA = 0, S1PTW = 0 [ 5863.826705][ T7144] FSC = 0x04: level 0 translation fault [ 5863.827001][ T7144] Data abort info: [ 5863.827245][ T7144] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 5863.827502][ T7144] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 5863.827813][ T7144] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 5863.828228][ T7144] [ffef80000000013b] address between user and kernel address ranges [ 5863.829079][ T7144] Internal error: Oops: 0000000096000004 [#1] SMP [ 5863.848442][ T7144] Modules linked in: [ 5863.850411][ T7144] CPU: 0 UID: 0 PID: 7144 Comm: syz.0.1041 Tainted: G B 6.15.0-rc4-syzkaller-gc4e91ea0cc7e #0 PREEMPT [ 5863.851848][ T7144] Tainted: [B]=BAD_PAGE [ 5863.852550][ T7144] Hardware name: linux,dummy-virt (DT) [ 5863.853545][ T7144] pstate: 604020c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 5863.854739][ T7144] pc : do_raw_spin_lock+0x4c/0x2b4 [ 5863.855686][ T7144] lr : _raw_spin_lock_irqsave+0x64/0x7c [ 5863.856654][ T7144] sp : ffff8000a8ef7930 [ 5863.857387][ T7144] x29: ffff8000a8ef7940 x28: ddf00000139057c0 x27: ddf0000013906c30 [ 5863.859064][ T7144] x26: 0000000000000001 x25: ddf0000013906e10 x24: 0000000000000010 [ 5863.860437][ T7144] x23: a3ff8000a91ee000 x22: ddf00000139057c0 x21: ffff8000801fd8a4 [ 5863.861849][ T7144] x20: 00000000000013b0 x19: efff800000000000 x18: 00000000000000ff [ 5863.863212][ T7144] x17: 000000000000001f x16: 00000000000000fe x15: 0000000000000000 [ 5863.864617][ T7144] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [ 5863.865915][ T7144] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [ 5863.867414][ T7144] x8 : 00000000000013b4 x7 : ffff8000870a9afd x6 : ffff800086582ed8 [ 5863.868802][ T7144] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802a42dc [ 5863.870140][ T7144] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [ 5863.871720][ T7144] Call trace: [ 5863.872428][ T7144] do_raw_spin_lock+0x4c/0x2b4 (P) [ 5863.873422][ T7144] _raw_spin_lock_irqsave+0x64/0x7c [ 5863.874435][ T7144] kvm_vgic_set_owner+0x18c/0x294 [ 5863.875335][ T7144] kvm_timer_enable+0x1c4/0x794 [ 5863.876178][ T7144] kvm_arch_vcpu_run_pid_change+0x1f0/0x458 [ 5863.877113][ T7144] kvm_vcpu_ioctl+0xae8/0xc24 [ 5863.877983][ T7144] __arm64_sys_ioctl+0x18c/0x244 [ 5863.878925][ T7144] invoke_syscall+0x90/0x2b4 [ 5863.879771][ T7144] el0_svc_common+0x180/0x2f4 [ 5863.880649][ T7144] do_el0_svc+0x58/0x74 [ 5863.881463][ T7144] el0_svc+0x58/0x134 [ 5863.882338][ T7144] el0t_64_sync_handler+0x78/0x108 [ 5863.883252][ T7144] el0t_64_sync+0x198/0x19c [ 5863.884562][ T7144] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [ 5863.886211][ T7144] ---[ end trace 0000000000000000 ]--- [ 5863.887916][ T7144] Kernel panic - not syncing: Oops: Fatal exception [ 5863.890372][ T7144] Kernel Offset: disabled [ 5863.891476][ T7144] CPU features: 0x0000,000001a0,017de6f8,837ffe1f [ 5863.892875][ T7144] Memory Limit: none [ 5863.894505][ T7144] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:43:41 Registers: info registers vcpu 0 CPU#0 PC=ffff80008208d628 X00=0000000000000003 X01=0000000000000002 X02=000000000000007b X03=ffff80008208d524 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e77f20 X07=ffff8000870a9afd X08=adf000001d5d9d80 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000033 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=000000000000001f X18=00000000000000ff X19=efff800000000000 X20=33f000000e049080 X21=a4ff80008c41b018 X22=0000000000000002 X23=33f000000e04917a X24=0000000000000033 X25=33f000000e0492c8 X26=33f000000e0490c8 X27=0000000000000033 X28=0000000000000033 X29=ffff8000a8ef7090 X30=ffff80008208d628 SP=ffff8000a8ef7080 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=742064656c696146:0000000000006425 Z02=0000000000000000:ff0000f000000000 Z03=0000000000000000:ffffffffffff00ff Z04=0000000000000000:00000000ffffff0f Z05=0000000000000000:00000000cccccc00 Z06=0000000000000073:0000aaaaf2a483e0 Z07=0000000000000074:0000aaaaf2a45620 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffcccc2ef0:0000ffffcccc2ef0 Z17=ffffff80ffffffd8:0000ffffcccc2ec0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000