last executing test programs: 51.952984282s ago: executing program 0 (id=299): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000340)=@attr_arm64={0x0, 0x2, 0x0, 0x0}) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece) close(r8) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 46.601418072s ago: executing program 1 (id=300): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="053941ff01000000000000a9de80b2b1314558b40d172c37fccd1f1826fc14770ba4cfcf9bd1410870767505b7c1739f89746d146125a4cdd7af811d770000000000008000", 0x0, 0x48) 43.803575658s ago: executing program 0 (id=301): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x145001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x26) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x4, 0x4}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) eventfd2(0x1, 0x80000) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x145001, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x26) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x4, 0x4}}], 0x30}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) (async) eventfd2(0x1, 0x80000) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) 38.879551448s ago: executing program 0 (id=302): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0x4}) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2000000002, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4000000, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000040)={0x1ff, 0x4}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6}) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@mrs={0xbe, 0x18, {0x6030000000139808}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000010000000000000008"]) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r11, &(0x7f00000001c0)=0x11, 0xfdef) 35.952070407s ago: executing program 1 (id=303): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xfa, 0x1, 0x5, 0x0, 0x1, 0x4, 0x40, 0x2, 0x4, 0x2, 0xd, 0x3, 0x0, 0x3, 0x1000, 0x50, 0x3, 0x5, 0x9, '\x00', 0x5, 0x8}) write$eventfd(r2, &(0x7f00000001c0)=0x9, 0x1d) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xd2000, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xd2000, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9) (async) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) close(r7) (async) close(r7) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40102, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x6, 0x5c759b19, 0x2}}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r8, 0x0, 0x0) (async) write$eventfd(r8, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x8, 0x80, '\x00', 0x81}) (async) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0x8, 0x80, '\x00', 0x81}) ioctl$KVM_CAP_ARM_MTE(r5, 0x4068aea3, &(0x7f00000000c0)) 27.549186689s ago: executing program 1 (id=304): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000}) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000180)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) 25.65112567s ago: executing program 0 (id=305): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffe) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, 0xffffffffffffffff) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, 0x0, 0x202201, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_vgic_v3_setup(r4, 0x2, 0x1a0) r6 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) close(r6) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r7 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) syz_kvm_setup_cpu$arm64(r0, r2, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000300)=[@smc={0x1e, 0x40, {0x84000000, [0x8, 0x5, 0x1, 0x7, 0x93]}}, @hvc={0x32, 0x40, {0x0, [0x1, 0x10000, 0x8000, 0x648, 0x1]}}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e6ca, 0x80}}, @code={0xa, 0xb4, {"806c99d20080b8f2010080d2e20180d2e30180d2440080d2020000d40038601ee09d92d200a0b0f2a10180d2020080d2230180d2440180d2020000d4007008d5000028d540f79ed200c0b8f2810080d2a20180d2830080d2040080d2020000d4000080780054002f80b784d20020b0f2e10080d2420180d2e30080d2a40180d2020000d480bd9ad200c0b0f2610080d2a20180d2230180d2a40080d2020000d4"}}, @memwrite={0x6e, 0x30, @generic={0xffff1000, 0x70c, 0x5, 0xa}}, @eret={0xe6, 0x18, 0x1}, @eret={0xe6, 0x18, 0x81}, @code={0xa, 0xe4, {"e0a08cd200e0b0f2c10080d2620080d2230080d2040080d2020000d4c00c98d200e0b0f2810180d2420180d2830180d2440080d2020000d400cb99d20080b8f2410180d2e20080d2830180d2a40180d2020000d4000000120090800f805781d20000b8f2e10180d2a20180d2030080d2c40180d2020000d4605e94d200e0b8f2e10080d2020180d2230080d2840080d2020000d480de80d20020b8f2010080d2620080d2a30080d2c40180d2020000d400e894d200a0b8f2a10180d2820180d2230080d2040080d2020000d4000028d5"}}, @svc={0x122, 0x40, {0x40000000, [0xdef, 0xfffffffffffffff8, 0x1, 0x1ff, 0x1]}}, @eret={0xe6, 0x18, 0x6b3a}, @hvc={0x32, 0x40, {0x84000012, [0x86e, 0x9, 0x2, 0x2, 0x5]}}, @msr={0x14, 0x20, {0x603000000013df67, 0xdb}}, @memwrite={0x6e, 0x30, @generic={0xdddd0000, 0x1f3, 0x3, 0x4}}, @smc={0x1e, 0x40, {0x84000050, [0x4, 0x8000000000000000, 0xd, 0x4, 0x6]}}, @uexit={0x0, 0x18, 0xf5}, @code={0xa, 0x9c, {"000028d540f18bd200e0b8f2010080d2620080d2430080d2640180d2020000d4007008d5a0ef8fd20040b8f2e10080d2220180d2c30080d2a40080d2020000d4007008d5000028d5007992d20080b8f2810080d2020080d2a30180d2c40080d2020000d4c0cc82d20060b0f2810080d2620180d2830180d2a40180d2020000d4007008d500a4200e"}}, @eret={0xe6, 0x18, 0x7}, @hvc={0x32, 0x40, {0xc5000021, [0xffff, 0x80000000, 0x6, 0x8001, 0x3]}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x80000000, [0x6, 0x69d3097d, 0x6, 0x5, 0x391]}}, @hvc={0x32, 0x40, {0x30000000, [0x7fffffff, 0x2, 0x8, 0xfffffffffffff800, 0x17]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe0, 0xfffffffffffffffc, 0x3}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x270, 0x10001, 0xf92e8db56d37b665}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0x4, 0x6, 0xffffffff, 0x3}}, @msr={0x14, 0x20, {0x603000000013f200, 0x7f}}, @mrs={0xbe, 0x18, {0x603000000013c529}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x0, 0x3, 0xd, 0x9, 0x3}}, @msr={0x14, 0x20, {0x603000000013c4cc, 0x3}}, @uexit={0x0, 0x18, 0xa4}, @msr={0x14, 0x20, {0x603000000013e092, 0x100}}, @eret={0xe6, 0x18, 0x7}], 0x6d4}], 0x1, 0x0, &(0x7f00000000c0)=[@featur1={0x1, 0x4}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0xb, 0x7, 0x0}) mmap$KVM_VCPU(&(0x7f0000001000/0x3000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) 13.690306692s ago: executing program 1 (id=306): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000180)=@arm64_ccsidr={0x6020000000110007, 0x0}) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000080)={0x7}) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000000, [0x40000099a, 0x5cf, 0xaca, 0x6, 0x1]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x2}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 5.926122273s ago: executing program 0 (id=307): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x222240, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0x2, 0x10000000000000) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160003, &(0x7f0000000000)=0x7}) 5.844384681s ago: executing program 1 (id=308): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000013000/0x3000)=nil, r3, 0x0, 0x12, r2, 0x0) r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r3, 0x2, 0x12, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000180)="66ae48b21646fe8d3216e9dbe341f0e555d754c47f3d35e4b086d58410f63aead30f8902cfa325aec5fa4d54ef4006953bbb5697cdb0b09c13a661914f7721cbf98149362853d2ee", 0x0, 0x48) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000000)={0x101, 0x6, 0x5}) mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, r3, 0x100000a, 0x12, r2, 0x0) 2.272287902s ago: executing program 0 (id=309): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x3, 0x1, 0x0, 0x0, @adapter={0x0, 0x6a, 0x8, 0x5, 0x3}}, {0x3, 0x2, 0x0, 0x0, @msi={0x1, 0x5, 0x0, 0x7}}]}) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x84000007, [0x60e, 0xfffffffffffffffb, 0x4, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3}}], 0x89}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x200) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4020ae46, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000000000000080000000000"]) r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x29) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r11, 0x2, 0x12, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48) munmap(&(0x7f000000e000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 0s ago: executing program 1 (id=310): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r0 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000000)=0x3}) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@smc={0x1e, 0x40, {0xc4000004, [0x0, 0x9f6, 0x8000000000000000, 0x6, 0x7fffffffffffffff]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x1, 0xe, 0xa0, 0xfffffffd, 0x4}}, @code={0xa, 0x9c, {"0000719e40489bd200a0b8f2810080d2020180d2430080d2c40080d2020000d4007008d5000028d540d193d20080b8f2410180d2020180d2230080d2840180d2020000d440cb9bd200a0b0f2a10180d2020080d2630080d2840180d2020000d4000028d5e0a688d200c0b0f2810180d2820180d2c30080d2e40080d2020000d400b8215e007008d5"}}, @hvc={0x32, 0x40, {0x4, [0x48e, 0x9, 0x8001, 0x7, 0x7f]}}, @code={0xa, 0x6c, {"007008d500a8212e0080204ea0d597d20080b8f2610180d2a20180d2a30080d2c40180d2020000d4000020880000c06c00df8ad200c0b8f2c10080d2a20080d2630080d2040080d2020000d400c0000f007008d500005fd6"}}, @svc={0x122, 0x40, {0x0, [0x4, 0x7, 0x0, 0x6, 0x101]}}, @uexit={0x0, 0x18, 0x3}, @svc={0x122, 0x40, {0x8400000e, [0x8, 0x7, 0x4, 0x5, 0x101]}}, @svc={0x122, 0x40, {0x84000011, [0x2, 0xc16, 0x7, 0x8000000000000001, 0x5]}}, @irq_setup={0x46, 0x18, {0x3, 0x175}}, @mrs={0xbe, 0x18, {0x603000000013e643}}, @irq_setup={0x46, 0x18, {0x4, 0x152}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0x4, 0x8}}, @hvc={0x32, 0x40, {0xc4000003, [0x7fffffffffffffff, 0x7, 0x0, 0x7, 0x1ff]}}, @irq_setup={0x46, 0x18, {0x3, 0x2c1}}, @hvc={0x32, 0x40, {0x200, [0x100000001, 0x5, 0xea8, 0x8, 0x7a4b2952]}}, @irq_setup={0x46, 0x18, {0x1, 0x19a}}, @irq_setup={0x46, 0x18, {0x0, 0x207}}, @irq_setup={0x46, 0x18, {0x3, 0x26b}}, @uexit={0x0, 0x18, 0x3}, @code={0xa, 0x84, {"000000ea007008d580578ad20000b8f2a10080d2420080d2630080d2e40080d2020000d4600685d20060b8f2a10080d2020080d2a30180d2840180d2020000d400a692d200e0b8f2210180d2420080d2630180d2240180d2020000d40068000e007008d5007c209b008008d5007008d5"}}, @smc={0x1e, 0x40, {0x84000009, [0xffffffffffffffff, 0x100000001, 0x5, 0x80000, 0x3]}}, @eret={0xe6, 0x18, 0xca7a}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x3, 0xfffffff9, 0x6, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x4, 0x8}}, @eret={0xe6, 0x18, 0x100}, @svc={0x122, 0x40, {0x32000000, [0xd, 0xe31b, 0x7, 0x4, 0x4]}}, @irq_setup={0x46, 0x18, {0x4, 0x16a}}, @irq_setup={0x46, 0x18, {0x0, 0x1b5}}], 0x5cc}, &(0x7f00000007c0)=[@featur1={0x1, 0x4e}], 0x1) ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000800)=0x6) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f0000000840)=0x6, 0x8) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) kernel console output (not intermixed with test programs): [ 392.448421][ T3165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.422381][ T3165] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:61935' (ED25519) to the list of known hosts. [ 608.737873][ T25] audit: type=1400 audit(607.960:61): avc: denied { name_bind } for pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 609.598053][ T25] audit: type=1400 audit(608.830:62): avc: denied { execute } for pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 609.631089][ T25] audit: type=1400 audit(608.860:63): avc: denied { execute_no_trans } for pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 631.911942][ T25] audit: type=1400 audit(631.140:64): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 631.975661][ T25] audit: type=1400 audit(631.200:65): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.132287][ T3325] cgroup: Unknown subsys name 'net' [ 632.249338][ T25] audit: type=1400 audit(631.460:66): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.816398][ T3325] cgroup: Unknown subsys name 'cpuset' [ 632.949296][ T3325] cgroup: Unknown subsys name 'rlimit' [ 634.395284][ T25] audit: type=1400 audit(633.620:67): avc: denied { setattr } for pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 634.445818][ T25] audit: type=1400 audit(633.640:68): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 634.452904][ T25] audit: type=1400 audit(633.670:69): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 636.619174][ T3329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 636.652706][ T25] audit: type=1400 audit(635.880:70): avc: denied { relabelto } for pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 636.707773][ T25] audit: type=1400 audit(635.910:71): avc: denied { write } for pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 637.020695][ T25] audit: type=1400 audit(636.250:72): avc: denied { read } for pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.051388][ T25] audit: type=1400 audit(636.260:73): avc: denied { open } for pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.111044][ T3325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 688.765671][ T25] audit: type=1400 audit(687.990:74): avc: denied { execmem } for pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 693.212922][ T25] audit: type=1400 audit(692.440:75): avc: denied { read } for pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.225731][ T25] audit: type=1400 audit(692.450:76): avc: denied { open } for pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.294661][ T25] audit: type=1400 audit(692.520:77): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 693.570838][ T25] audit: type=1400 audit(692.800:78): avc: denied { module_request } for pid=3333 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 693.586553][ T25] audit: type=1400 audit(692.810:79): avc: denied { module_request } for pid=3332 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 694.545908][ T25] audit: type=1400 audit(693.770:80): avc: denied { sys_module } for pid=3333 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 720.667560][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.798955][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.899373][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.057444][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.988556][ T3333] hsr_slave_0: entered promiscuous mode [ 733.022606][ T3333] hsr_slave_1: entered promiscuous mode [ 734.348985][ T3332] hsr_slave_0: entered promiscuous mode [ 734.382050][ T3332] hsr_slave_1: entered promiscuous mode [ 734.409690][ T3332] debugfs: 'hsr0' already exists in 'hsr' [ 734.424693][ T3332] Cannot create hsr debugfs directory [ 739.561680][ T25] audit: type=1400 audit(738.790:81): avc: denied { create } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 739.638061][ T25] audit: type=1400 audit(738.870:82): avc: denied { write } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 739.676883][ T25] audit: type=1400 audit(738.880:83): avc: denied { read } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 739.882134][ T3333] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 740.266443][ T3333] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 740.528541][ T3333] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 740.689425][ T3333] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 742.586602][ T3332] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 742.909944][ T3332] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 743.101337][ T3332] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 743.292318][ T3332] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 754.777001][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.700671][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 809.509077][ T3333] veth0_vlan: entered promiscuous mode [ 810.077273][ T3333] veth1_vlan: entered promiscuous mode [ 811.909256][ T3333] veth0_macvtap: entered promiscuous mode [ 812.336530][ T3333] veth1_macvtap: entered promiscuous mode [ 812.561887][ T3332] veth0_vlan: entered promiscuous mode [ 813.259681][ T3332] veth1_vlan: entered promiscuous mode [ 814.626236][ T3260] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.734795][ T3260] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.757483][ T3424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 814.758504][ T3424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.706354][ T3332] veth0_macvtap: entered promiscuous mode [ 817.550582][ T3332] veth1_macvtap: entered promiscuous mode [ 817.655689][ T25] audit: type=1400 audit(816.880:84): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 817.969302][ T25] audit: type=1400 audit(817.100:85): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.mFft3e/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 818.239934][ T25] audit: type=1400 audit(817.410:86): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 818.797145][ T25] audit: type=1400 audit(817.900:87): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.mFft3e/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 819.018443][ T25] audit: type=1400 audit(818.210:88): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.mFft3e/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 819.836188][ T25] audit: type=1400 audit(819.050:89): avc: denied { unmount } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 820.317995][ T25] audit: type=1400 audit(819.500:90): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 820.505999][ T25] audit: type=1400 audit(819.720:91): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="gadgetfs" ino=3788 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 820.749145][ T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.764847][ T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.770903][ T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.787024][ T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 821.110142][ T25] audit: type=1400 audit(820.340:92): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 821.220813][ T25] audit: type=1400 audit(820.450:93): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 823.442509][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 824.976358][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 824.994249][ T25] audit: type=1400 audit(824.180:95): avc: denied { read write } for pid=3333 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 825.027814][ T25] audit: type=1400 audit(824.250:96): avc: denied { open } for pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 825.091730][ T25] audit: type=1400 audit(824.290:97): avc: denied { ioctl } for pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 837.062094][ T25] audit: type=1400 audit(836.290:98): avc: denied { read } for pid=3484 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 837.154808][ T25] audit: type=1400 audit(836.380:99): avc: denied { open } for pid=3484 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 837.664904][ T25] audit: type=1400 audit(836.870:100): avc: denied { ioctl } for pid=3484 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.047495][ T25] audit: type=1400 audit(853.250:101): avc: denied { write } for pid=3499 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 879.217276][ T25] audit: type=1400 audit(878.400:102): avc: denied { execute } for pid=3516 comm="syz.1.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4320 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 905.351283][ T25] audit: type=1400 audit(904.580:103): avc: denied { append } for pid=3530 comm="syz.0.15" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 915.196661][ T25] audit: type=1400 audit(914.410:104): avc: denied { setattr } for pid=3536 comm="syz.0.17" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1114.527592][ T25] audit: type=1400 audit(1113.750:105): avc: denied { create } for pid=3661 comm="syz.0.56" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1114.929852][ T25] audit: type=1400 audit(1114.160:106): avc: denied { ioctl } for pid=3661 comm="syz.0.56" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=6577 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1168.462290][ T25] audit: type=1400 audit(1167.690:107): avc: denied { map } for pid=3700 comm="syz.1.69" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=7104 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1168.549141][ T25] audit: type=1400 audit(1167.760:108): avc: denied { read } for pid=3700 comm="syz.1.69" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=7104 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1723.988309][ T25] audit: type=1400 audit(1723.210:109): avc: denied { ioctl } for pid=4036 comm="syz.0.183" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1773.368502][ T4062] kvm [4062]: Failed to find VMA for hva 0x20c01000 [ 1883.147465][ T4135] FAULT_INJECTION: forcing a failure. [ 1883.147465][ T4135] name failslab, interval 1, probability 0, space 0, times 1 [ 1883.155249][ T4135] CPU: 0 UID: 0 PID: 4135 Comm: syz.1.214 Not tainted syzkaller #0 PREEMPT [ 1883.155929][ T4135] Hardware name: linux,dummy-virt (DT) [ 1883.156437][ T4135] Call trace: [ 1883.156856][ T4135] show_stack+0x2c/0x3c (C) [ 1883.158738][ T4135] __dump_stack+0x30/0x40 [ 1883.159003][ T4135] dump_stack_lvl+0xd8/0x12c [ 1883.159201][ T4135] dump_stack+0x1c/0x28 [ 1883.159399][ T4135] should_fail_ex+0x570/0x6e0 [ 1883.159638][ T4135] should_failslab+0xb8/0xec [ 1883.159878][ T4135] kmem_cache_alloc_lru_noprof+0x88/0x5ac [ 1883.160171][ T4135] __d_alloc+0x40/0x844 [ 1883.160428][ T4135] d_alloc_pseudo+0x2c/0x130 [ 1883.160673][ T4135] alloc_file_pseudo+0x94/0x1e8 [ 1883.160930][ T4135] anon_inode_getfile_fmode+0xd8/0x240 [ 1883.161205][ T4135] kvm_vcpu_ioctl_get_stats_fd+0xb8/0x1f0 [ 1883.161500][ T4135] kvm_vcpu_ioctl+0x484/0xc2c [ 1883.161755][ T4135] __arm64_sys_ioctl+0x18c/0x244 [ 1883.161970][ T4135] invoke_syscall+0x90/0x238 [ 1883.162254][ T4135] el0_svc_common+0x180/0x2f4 [ 1883.162536][ T4135] do_el0_svc+0x58/0x74 [ 1883.162800][ T4135] el0_svc+0x5c/0x234 [ 1883.163069][ T4135] el0t_64_sync_handler+0x84/0x12c [ 1883.163357][ T4135] el0t_64_sync+0x198/0x19c [ 2054.950742][ T4233] KVM: debugfs: duplicate directory 4233-5 [ 2368.375710][ T4424] ================================================================== [ 2368.376952][ T4424] BUG: KASAN: slab-use-after-free in mtree_range_walk+0x604/0x8d0 [ 2368.377464][ T4424] Read of size 8 at addr a8f000000d211e78 by task syz.0.309/4424 [ 2368.377695][ T4424] Pointer tag: [a8], memory tag: [fe] [ 2368.377825][ T4424] [ 2368.378031][ T4424] CPU: 0 UID: 0 PID: 4424 Comm: syz.0.309 Not tainted syzkaller #0 PREEMPT [ 2368.378279][ T4424] Hardware name: linux,dummy-virt (DT) [ 2368.378389][ T4424] Call trace: [ 2368.378515][ T4424] show_stack+0x2c/0x3c (C) [ 2368.378850][ T4424] __dump_stack+0x30/0x40 [ 2368.379045][ T4424] dump_stack_lvl+0xd8/0x12c [ 2368.379260][ T4424] print_address_description+0xac/0x288 [ 2368.379548][ T4424] print_report+0x84/0xa0 [ 2368.379830][ T4424] kasan_report+0xb0/0x110 [ 2368.380138][ T4424] kasan_tag_mismatch+0x28/0x3c [ 2368.380376][ T4424] __hwasan_tag_mismatch+0x30/0x60 [ 2368.380663][ T4424] mtree_range_walk+0x604/0x8d0 [ 2368.380937][ T4424] mas_walk+0xf8/0x34c [ 2368.381165][ T4424] lock_vma_under_rcu+0x10c/0x35c [ 2368.381450][ T4424] do_page_fault+0x3a8/0x1508 [ 2368.381732][ T4424] do_translation_fault+0xbc/0xfc [ 2368.382000][ T4424] do_mem_abort+0x50/0x110 [ 2368.382268][ T4424] el0_da+0x64/0x210 [ 2368.382556][ T4424] el0t_64_sync_handler+0x90/0x12c [ 2368.382841][ T4424] el0t_64_sync+0x198/0x19c [ 2368.383141][ T4424] [ 2368.383283][ T4424] Allocated by task 4430: [ 2368.383620][ T4424] kasan_save_stack+0x40/0x6c [ 2368.383964][ T4424] save_stack_info+0x30/0x138 [ 2368.384152][ T4424] kasan_save_alloc_info+0x14/0x20 [ 2368.384358][ T4424] __kasan_slab_alloc+0x94/0x98 [ 2368.384621][ T4424] kmem_cache_alloc_noprof+0x320/0x5a8 [ 2368.384878][ T4424] mas_alloc_nodes+0x350/0x3b8 [ 2368.385095][ T4424] mas_preallocate+0x544/0x970 [ 2368.385319][ T4424] __split_vma+0x318/0xb00 [ 2368.385562][ T4424] vms_gather_munmap_vmas+0x2d4/0x1474 [ 2368.385784][ T4424] do_vmi_align_munmap+0x174/0x280 [ 2368.385999][ T4424] do_vmi_munmap+0x1ac/0x210 [ 2368.386210][ T4424] __vm_munmap+0x1a8/0x2e8 [ 2368.386469][ T4424] __arm64_sys_munmap+0x78/0xa4 [ 2368.386686][ T4424] invoke_syscall+0x90/0x238 [ 2368.386946][ T4424] el0_svc_common+0x180/0x2f4 [ 2368.387200][ T4424] do_el0_svc+0x58/0x74 [ 2368.387472][ T4424] el0_svc+0x5c/0x234 [ 2368.387713][ T4424] el0t_64_sync_handler+0x84/0x12c [ 2368.388001][ T4424] el0t_64_sync+0x198/0x19c [ 2368.388274][ T4424] [ 2368.388361][ T4424] Freed by task 4425: [ 2368.388489][ T4424] kasan_save_stack+0x40/0x6c [ 2368.388741][ T4424] save_stack_info+0x30/0x138 [ 2368.388910][ T4424] __kasan_save_free_info+0x18/0x24 [ 2368.389085][ T4424] __kasan_slab_free+0x64/0x68 [ 2368.389356][ T4424] __rcu_free_sheaf_prepare+0x11c/0x2c4 [ 2368.389542][ T4424] rcu_free_sheaf+0x2c/0x138 [ 2368.389791][ T4424] rcu_core+0xe14/0x1d30 [ 2368.389976][ T4424] rcu_core_si+0x10/0x1c [ 2368.390128][ T4424] handle_softirqs+0x36c/0xd08 [ 2368.390398][ T4424] __do_softirq+0x14/0x20 [ 2368.390646][ T4424] [ 2368.390734][ T4424] The buggy address belongs to the object at fff000000d211e00 [ 2368.390734][ T4424] which belongs to the cache maple_node of size 256 [ 2368.390920][ T4424] The buggy address is located 120 bytes inside of [ 2368.390920][ T4424] 256-byte region [fff000000d211e00, fff000000d211f00) [ 2368.391116][ T4424] [ 2368.391287][ T4424] The buggy address belongs to the physical page: [ 2368.392434][ T4424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xa8f000000d211e00 pfn:0x4d211 [ 2368.392809][ T4424] flags: 0x1ffc00000000200(workingset|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 2368.393539][ T4424] page_type: f5(slab) [ 2368.394222][ T4424] raw: 01ffc00000000200 01f000000cc09700 ffffc1ffc046a910 ffffc1ffc0573d90 [ 2368.394478][ T4424] raw: a8f000000d211e00 000000000010000f 00000000f5000000 0000000000000000 [ 2368.394678][ T4424] page dumped because: kasan: bad access detected [ 2368.394805][ T4424] [ 2368.394892][ T4424] Memory state around the buggy address: [ 2368.395237][ T4424] fff000000d211c00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2368.395436][ T4424] fff000000d211d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2368.395626][ T4424] >fff000000d211e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 2368.395762][ T4424] ^ [ 2368.396039][ T4424] fff000000d211f00: 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 [ 2368.396215][ T4424] fff000000d212000: 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 [ 2368.396439][ T4424] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2369.200711][ T4424] Disabling lock debugging due to kernel taint [ 2377.419309][ T3412] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2377.898770][ T3412] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2378.548416][ T3412] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2379.030129][ T3412] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2386.575990][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2386.747093][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2386.815401][ T3412] bond0 (unregistering): Released all slaves [ 2387.509239][ T3412] hsr_slave_0: left promiscuous mode [ 2387.548776][ T3412] hsr_slave_1: left promiscuous mode [ 2387.690887][ T3412] veth1_macvtap: left promiscuous mode [ 2387.698364][ T3412] veth0_macvtap: left promiscuous mode [ 2387.708982][ T3412] veth1_vlan: left promiscuous mode [ 2387.717291][ T3412] veth0_vlan: left promiscuous mode [ 2396.407634][ T3412] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2396.715430][ T3412] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2397.070339][ T3412] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2397.427999][ T3412] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 16:59:42 Registers: info registers vcpu 0 CPU#0 PC=ffff8000821a3374 X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff8000821a3270 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f63130 X08=4ef000000dc01dc0 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=000000002453cda4 X16=00000000aa458da9 X17=0000000000000000 X18=00000000aa4dcf41 X19=efff800000000000 X20=28f000000dcbc880 X21=81ff80008c5cb018 X22=0000000000000002 X23=28f000000dcbc97c X24=0000000000000028 X25=28f000000dcbcac8 X26=28f000000dcbc8c8 X27=0000000000000028 X28=0000000000000028 X29=ffff80008c607b50 X30=ffff8000821a3374 SP=ffff80008c607b40 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d Z02=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z03=0000000000000000:00ff00ff00000000 Z04=0000000000000000:000000000f0f0000 Z05=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z06=203a29315f657661:6c735f646e6f6220 Z07=206e612073612067:6e6976616c736e45 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc0490350:0000ffffc0490350 Z17=ffffff80ffffffd8:0000ffffc0490320 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000