last executing test programs: 55.014872658s ago: executing program 0 (id=1712): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0x541b, 0xac) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff8000/0x8000)=nil, r3, 0x1000000, 0xe637a22295c143f8, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r3, 0x0, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 51.980746456s ago: executing program 1 (id=1713): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0xb}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013dcf3, &(0x7f0000000000)=0x8}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x18b080, 0x0) ioctl$KVM_CREATE_VM(r10, 0xc0189436, 0x20004000) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) r12 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000400)=[@msr={0x14, 0x20, {0x603000000013e661, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x0, 0xb, 0x0, 0x10000, 0x2}}, @code={0xa, 0xb4, {"007008d500b492d20080b0f2e10080d2c20180d2a30080d2a40180d2020000d4007008d5007008d5007008d5000028d5005299d20060b0f2610080d2620080d2e30180d2440180d2020000d4e0e097d200c0b8f2810180d2420180d2230080d2e40180d2020000d4a05595d20080b0f2a10180d2820180d2c30180d2040080d2020000d4209e89d20060b0f2010180d2a20180d2430180d2e40080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x4, 0x323}}], 0x114}, &(0x7f0000000040)=[@featur2={0x1, 0x81}], 0x1) r13 = openat$kvm(0x0, &(0x7f0000000240), 0x2400, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r15, 0x4020aeae, &(0x7f0000000340)={0x5}) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async) ioctl$KVM_RUN(r15, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r14, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x7, 0x4, 0x2}}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r11, 0x2000001, 0x10010, r12, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x800454df, 0x0) 49.116644959s ago: executing program 0 (id=1714): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)=0x401) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r6, 0xa, 0x4010, r5, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r4, 0x4, 0x40) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x13}) 42.982062242s ago: executing program 1 (id=1715): mmap$KVM_VCPU(&(0x7f00006b5000/0x2000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x3000007, 0x32, 0xffffffffffffffff, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac3bc4a22332fdaa8de0518df242008031d1dfd92f0000000001fff9ffdc9610fbff77521ce30d8f00", 0x0, 0xfcf7) 41.211310884s ago: executing program 0 (id=1716): eventfd2(0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000240), 0x580, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x2000009, 0x4102932, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x8030aeb4, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x117}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x812}) (async) r7 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f00008a0000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0, 0x630}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r3, 0x4, 0x300) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r8 = eventfd2(0x0, 0x0) close(r8) 35.085543087s ago: executing program 1 (id=1717): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40cc00, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f0000000000)=ANY=[], 0x40}, 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x1) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000ab3000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x0, 0x8, 0x7b832, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, 0x10, r5, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000040)={0x3, 0xeeee0000, 0x2, r10, 0x8}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r10, 0x1}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x1, r10}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0xb) r11 = openat$kvm(0x0, &(0x7f0000000040), 0xa000, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x4}) 32.516239763s ago: executing program 0 (id=1718): r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x400454d8, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8}) r8 = syz_kvm_vgic_v3_setup(r7, 0x0, 0xe0) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x541b, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xc0189436, 0x1ffffffc) r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x3b) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x801054db, 0x0) 22.914498567s ago: executing program 1 (id=1719): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xf3) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc04484212e8eab50d4bdfe7ad519d2f702045dabffb1b8dbb02aa8b7d52f1a16a704c2450199e29df9761e83fe4e9218e58da2e2c18b847c2357c6ed6", 0x0, 0x48) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r3, &(0x7f00000001c0)=0xffffff7f, 0xff25) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) r7 = openat$kvm(0x0, &(0x7f0000000240), 0xca680, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x8, 0x4, 0x0}) r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r12 = syz_kvm_vgic_v3_setup(r11, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x9, 0x0, 0xfffffffffffffffe}) r13 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) 12.049435768s ago: executing program 0 (id=1720): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x53033, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ecc000/0x3000)=nil, 0x930, 0x300000f, 0x40032, 0xffffffffffffffff, 0x0) 10.325048167s ago: executing program 1 (id=1721): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x1c1040, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async, rerun: 64) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x86) (rerun: 64) r5 = mmap$KVM_VCPU(&(0x7f0000f48000/0x3000)=nil, 0x930, 0x1000003, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000100)="d4ece25438ac761d768f5c3f54d9506333a3efeda6b20c676f2c855f9505e66570fef4c314d949f94d16402868c2c64a1e54a0541230b4183257337f2ffb4f655500672bee04cb71", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x2f46b2, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000040)={0x9}) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0x80111500, 0xfffffffffffff000) (async, rerun: 32) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async, rerun: 32) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e87000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (rerun: 32) 3.831044926s ago: executing program 0 (id=1722): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000280)=[@hvc={0x32, 0x40, {0xc400000c, [0x3ff, 0x6, 0x4, 0x400, 0x9]}}, @uexit={0x0, 0x18}, @svc={0x122, 0x40, {0xc4000005, [0x401, 0xffffffffffffffe1, 0x5800000000000, 0x1ff, 0x5]}}], 0x98}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0x64}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="14000000"], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x0, 0x3000000, 0x10010, r8, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) openat$kvm(0x0, &(0x7f0000000040), 0x109000, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x1000001, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000000), 0x508500, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04) r13 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, r12, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1723): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000200)=@arm64_extra={0x603000000013c024, &(0x7f00000001c0)=0x5}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f932, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 372.976344][ T3130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.601176][ T3130] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:17370' (ED25519) to the list of known hosts. [ 578.307109][ T25] audit: type=1400 audit(577.420:61): avc: denied { name_bind } for pid=3288 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 581.160917][ T25] audit: type=1400 audit(580.300:62): avc: denied { execute } for pid=3289 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 581.221007][ T25] audit: type=1400 audit(580.360:63): avc: denied { execute_no_trans } for pid=3289 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 603.313919][ T25] audit: type=1400 audit(602.450:64): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 603.346843][ T25] audit: type=1400 audit(602.480:65): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 603.428847][ T3289] cgroup: Unknown subsys name 'net' [ 603.478699][ T25] audit: type=1400 audit(602.620:66): avc: denied { unmount } for pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 603.860914][ T3289] cgroup: Unknown subsys name 'cpuset' [ 603.961757][ T3289] cgroup: Unknown subsys name 'rlimit' [ 604.857519][ T25] audit: type=1400 audit(604.000:67): avc: denied { setattr } for pid=3289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 604.882128][ T25] audit: type=1400 audit(604.010:68): avc: denied { mounton } for pid=3289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 604.906299][ T25] audit: type=1400 audit(604.040:69): avc: denied { mount } for pid=3289 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 606.079586][ T3292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 606.100086][ T25] audit: type=1400 audit(605.240:70): avc: denied { relabelto } for pid=3292 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 606.127523][ T25] audit: type=1400 audit(605.260:71): avc: denied { write } for pid=3292 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 606.309841][ T25] audit: type=1400 audit(605.450:72): avc: denied { read } for pid=3289 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 606.337264][ T25] audit: type=1400 audit(605.470:73): avc: denied { open } for pid=3289 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 606.376438][ T3289] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 652.937647][ T25] audit: type=1400 audit(652.080:74): avc: denied { execmem } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 656.411155][ T25] audit: type=1400 audit(655.550:75): avc: denied { read } for pid=3295 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 656.447345][ T25] audit: type=1400 audit(655.590:76): avc: denied { open } for pid=3295 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 656.519412][ T25] audit: type=1400 audit(655.650:77): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 656.768142][ T25] audit: type=1400 audit(655.910:79): avc: denied { module_request } for pid=3296 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 656.784674][ T25] audit: type=1400 audit(655.900:78): avc: denied { module_request } for pid=3295 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 657.909891][ T25] audit: type=1400 audit(657.050:80): avc: denied { sys_module } for pid=3295 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 681.456959][ T3296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 681.660982][ T3296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 682.159439][ T3295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.435869][ T3295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 694.645276][ T3296] hsr_slave_0: entered promiscuous mode [ 694.671606][ T3296] hsr_slave_1: entered promiscuous mode [ 695.899045][ T3295] hsr_slave_0: entered promiscuous mode [ 695.951416][ T3295] hsr_slave_1: entered promiscuous mode [ 696.025892][ T3295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 696.037856][ T3295] Cannot create hsr debugfs directory [ 705.039763][ T25] audit: type=1400 audit(704.160:81): avc: denied { create } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 705.124991][ T25] audit: type=1400 audit(704.260:82): avc: denied { write } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 705.155190][ T25] audit: type=1400 audit(704.290:83): avc: denied { read } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 705.370669][ T3296] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 705.868232][ T3296] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 706.152608][ T3296] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 706.818530][ T3296] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 708.155347][ T3295] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 708.376839][ T3295] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 708.519066][ T3295] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 708.670738][ T3295] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 720.635509][ T3296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.990437][ T3295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 777.927924][ T3296] veth0_vlan: entered promiscuous mode [ 778.363619][ T3296] veth1_vlan: entered promiscuous mode [ 780.160340][ T3296] veth0_macvtap: entered promiscuous mode [ 780.308536][ T3295] veth0_vlan: entered promiscuous mode [ 780.557232][ T3296] veth1_macvtap: entered promiscuous mode [ 781.222254][ T3295] veth1_vlan: entered promiscuous mode [ 782.550197][ T3296] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.556739][ T3296] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.574542][ T3296] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 782.585603][ T3296] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.812219][ T3295] veth0_macvtap: entered promiscuous mode [ 784.589085][ T3295] veth1_macvtap: entered promiscuous mode [ 785.180005][ T25] audit: type=1400 audit(784.310:84): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 785.339898][ T25] audit: type=1400 audit(784.470:85): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.e0y1Wk/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 785.492542][ T25] audit: type=1400 audit(784.630:86): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 785.987475][ T25] audit: type=1400 audit(785.130:87): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.e0y1Wk/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 786.172179][ T25] audit: type=1400 audit(785.310:88): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzkaller.e0y1Wk/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 786.518452][ T3295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.560128][ T3295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.595738][ T3295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.606568][ T3295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 786.800819][ T25] audit: type=1400 audit(785.940:89): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 786.973740][ T25] audit: type=1400 audit(786.100:90): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 787.020700][ T25] audit: type=1400 audit(786.160:91): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="gadgetfs" ino=3266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 787.281602][ T25] audit: type=1400 audit(786.420:92): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 787.485073][ T25] audit: type=1400 audit(786.510:93): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 788.995676][ T3296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 793.009105][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 793.025325][ T25] audit: type=1400 audit(792.150:98): avc: denied { read } for pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 793.147324][ T25] audit: type=1400 audit(792.210:99): avc: denied { open } for pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 793.339584][ T25] audit: type=1400 audit(792.440:100): avc: denied { ioctl } for pid=3448 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 794.286694][ T25] audit: type=1400 audit(793.390:101): avc: denied { append } for pid=3449 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 794.605782][ T25] audit: type=1400 audit(793.740:102): avc: denied { write } for pid=3448 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 897.087059][ T25] audit: type=1400 audit(896.140:103): avc: denied { execute } for pid=3512 comm="syz.1.19" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4622 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 969.859999][ T3567] kvm [3567]: Failed to find VMA for hva 0x21016000 [ 1025.574184][ T25] audit: type=1400 audit(1024.700:104): avc: denied { ioctl } for pid=3602 comm="syz.0.44" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1026.339041][ T3603] kvm [3603]: Failed to find VMA for hva 0x208a1000 [ 1146.863567][ T25] audit: type=1400 audit(1146.000:105): avc: denied { map } for pid=3682 comm="syz.0.72" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1146.882536][ T25] audit: type=1400 audit(1146.020:106): avc: denied { execute } for pid=3682 comm="syz.0.72" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1167.358263][ T3697] KVM: debugfs: duplicate directory 3697-13 [ 1167.774808][ T3697] KVM: debugfs: duplicate directory 3697-13 [ 1200.341494][ T25] audit: type=1400 audit(1199.470:107): avc: denied { setattr } for pid=3725 comm="syz.1.84" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1277.638869][ T3789] KVM: debugfs: duplicate directory 3789-5 [ 1347.060835][ T3829] kvm [3829]: Failed to find VMA for hva 0x20c01000 [ 1351.026570][ T3831] kvm [3831]: Failed to find VMA for hva 0x20000000 [ 1370.172680][ T3841] kvm [3841]: Failed to find VMA for hva 0x21016000 [ 1555.942109][ T3994] kvm [3994]: Failed to find VMA for hva 0x20c01000 [ 1627.592333][ T4046] kvm [4045]: Unsupported guest access at: eeef0000 [ 1627.592333][ T4046] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 1657.537045][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 1657.537045][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.568453][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.568453][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.632167][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.632167][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.706505][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.706505][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.745736][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.745736][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.779187][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.779187][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.812574][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.812574][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.879568][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.879568][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1657.969780][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1657.969780][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1658.000916][ T4065] kvm [4064]: Unsupported guest CP15 access at: 00000100 [000001db] [ 1658.000916][ T4065] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 1755.896618][ T4142] kvm [4142]: Failed to find VMA for hva 0x20c01000 [ 1788.500489][ T4163] kvm [4163]: Failed to find VMA for hva 0x208a1000 [ 1833.195318][ T4195] debugfs: File 'vgic-its-state@8080000' in directory '4195-4' already present! [ 1958.941947][ T4283] kvm [4281]: Unsupported guest access at: eeef0000 [ 1958.941947][ T4283] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 2143.128980][ T4408] kvm [4408]: Failed to find VMA for hva 0x20d8d000 [ 2226.758813][ T4466] kvm [4465]: Unsupported guest access at: eeef0000 [ 2226.758813][ T4466] { Op0( 2), Op1( 7), CRn(15), CRm(13), Op2( 1), func_write }, [ 2233.315878][ T4469] kvm [4469]: Failed to find VMA for hva 0x20c01000 [ 2302.788911][ T4515] kvm [4515]: Failed to find VMA for hva 0x21016000 [ 2423.882619][ T4611] kvm [4611]: Failed to find VMA for hva 0x20d8d000 [ 2487.481787][ T4646] kvm [4646]: Failed to find VMA for hva 0x20c01000 [ 2532.400665][ T4681] kvm [4681]: Failed to find VMA for hva 0x20c00000 [ 2550.630321][ T4691] kvm [4691]: Failed to find VMA for hva 0x20d8d000 [ 2664.618216][ T4762] kvm [4762]: Failed to find VMA for hva 0x20c01000 [ 2708.429767][ T4790] kvm [4790]: Failed to find VMA for hva 0x208a1000 [ 2957.570187][ T25] audit: type=1400 audit(2956.710:108): avc: denied { map } for pid=4952 comm="syz.1.453" path="pipe:[2419]" dev="pipefs" ino=2419 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3029.791210][ T5008] kvm [5008]: Failed to find VMA for hva 0x208a1000 [ 3165.251041][ T5103] kvm [5103]: Failed to find VMA for hva 0x21016000 [ 3350.898109][ T5244] kvm [5244]: Failed to find VMA for hva 0x20d8d000 [ 3919.730241][ T5664] kvm [5664]: Failed to find VMA for hva 0x20c01000 [ 3926.172402][ T5666] kvm [5666]: Failed to find VMA for hva 0x208a1000 [ 4050.845279][ T5761] kvm [5761]: Failed to find VMA for hva 0x21016000 [ 4210.336130][ T5869] kvm [5869]: Failed to find VMA for hva 0x20c01000 [ 4328.902043][ T5955] KVM: debugfs: duplicate directory 5955-6 [ 4329.564592][ T5955] KVM: debugfs: duplicate directory 5955-6 [ 4535.390413][ T6115] print_sys_reg_msg: 515 callbacks suppressed [ 4535.417949][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 4535.417949][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.428890][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.428890][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.467222][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.467222][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.526677][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.526677][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.547265][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.547265][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.585792][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.585792][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.609033][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.609033][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.637695][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.637695][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.675493][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.675493][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4535.715790][ T6115] kvm [6114]: Unsupported guest CP15 access at: 00000100 [000001db] [ 4535.715790][ T6115] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4538.607236][ T6115] kvm [6115]: Failed to find VMA for hva 0x20000000 [ 4617.859697][ T6188] kvm [6188]: Failed to find VMA for hva 0x20abe000 [ 4617.908092][ T6191] kvm [6191]: Failed to find VMA for hva 0x20abe000 [ 4705.172346][ T25] audit: type=1400 audit(4704.300:109): avc: denied { execute } for pid=6249 comm="syz.0.839" path=2F3432302FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=2128 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 4725.674595][ T6265] kvm [6265]: Failed to find VMA for hva 0x20d8d000 [ 4778.888633][ T6302] kvm [6302]: Failed to find VMA for hva 0x20c01000 [ 4800.851647][ T6317] kvm [6317]: Failed to find VMA for hva 0x20c00000 [ 4800.957897][ T6317] kvm [6317]: Failed to find VMA for hva 0x20c00000 [ 4856.147415][ T6358] debugfs: File 'vgic-its-state@8080000' in directory '6358-17' already present! [ 4891.658951][ T6381] kvm [6381]: Failed to find VMA for hva 0x208a1000 [ 4904.431280][ T6395] print_sys_reg_msg: 291 callbacks suppressed [ 4904.477518][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001d3] [ 4904.477518][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.505510][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.505510][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.525737][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.525737][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.548954][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.548954][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.587370][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.587370][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.631507][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.631507][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.685360][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.685360][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.696741][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.696741][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.745392][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.745392][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4904.806837][ T6395] kvm [6394]: Unsupported guest CP15 access at: 000001c0 [000001db] [ 4904.806837][ T6395] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 4998.629274][ T6458] kvm [6458]: Failed to find VMA for hva 0x20c01000 [ 5208.796603][ T6613] kvm [6613]: Failed to find VMA for hva 0x20d8d000 [ 5550.661403][ T6856] kvm [6856]: Failed to find VMA for hva 0x20d8d000 [ 5663.350667][ T6933] kvm [6933]: Failed to find VMA for hva 0x20c00000 [ 5664.194470][ T6935] irq bypass consumer (token 00000000fa0c606e) registration fails: -16 [ 5696.082090][ T6957] print_sys_reg_msg: 69 callbacks suppressed [ 5696.154580][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 5696.154580][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.177917][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.177917][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.271031][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.271031][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.316597][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.316597][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.367911][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.367911][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.422201][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.422201][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.545629][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.545629][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.567810][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.567810][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.665316][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.665316][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5696.698242][ T6957] kvm [6956]: Unsupported guest CP15 access at: 00000100 [000001db] [ 5696.698242][ T6957] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 5731.959401][ T6985] kvm [6985]: Failed to find VMA for hva 0x21016000 [ 6291.036737][ T7377] kvm [7377]: Failed to find VMA for hva 0x20d8d000 [ 6345.489845][ T7414] kvm [7414]: Failed to find VMA for hva 0x21016000 [ 6399.062536][ T7440] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6400.421223][ T7440] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6401.529305][ T7440] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6402.970104][ T7440] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6421.636405][ T7440] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6421.935956][ T7440] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6422.197556][ T7440] bond0 (unregistering): Released all slaves [ 6424.286667][ T7440] hsr_slave_0: left promiscuous mode [ 6424.460447][ T7440] hsr_slave_1: left promiscuous mode [ 6425.104311][ T7440] veth1_macvtap: left promiscuous mode [ 6425.109004][ T7440] veth0_macvtap: left promiscuous mode [ 6425.146678][ T7440] veth1_vlan: left promiscuous mode [ 6425.178471][ T7440] veth0_vlan: left promiscuous mode [ 6501.885276][ T7453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6502.138056][ T7453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6529.028527][ T7453] hsr_slave_0: entered promiscuous mode [ 6529.168371][ T7453] hsr_slave_1: entered promiscuous mode [ 6529.238973][ T7453] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 6529.255567][ T7453] Cannot create hsr debugfs directory [ 6553.741812][ T7453] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 6554.172072][ T7453] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 6554.624413][ T7453] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 6554.959969][ T7453] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 6580.408560][ T7453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6671.951736][ T7453] veth0_vlan: entered promiscuous mode [ 6672.679159][ T7453] veth1_vlan: entered promiscuous mode [ 6675.269290][ T7453] veth0_macvtap: entered promiscuous mode [ 6675.670711][ T7453] veth1_macvtap: entered promiscuous mode [ 6678.010537][ T7453] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6678.035547][ T7453] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6678.047237][ T7453] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6678.065320][ T7453] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6696.850724][ T6542] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6698.226737][ T6542] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6699.694933][ T6542] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6701.107846][ T6542] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6724.558130][ T6542] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6724.864876][ T6542] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6725.070012][ T6542] bond0 (unregistering): Released all slaves [ 6727.399154][ T6542] hsr_slave_0: left promiscuous mode [ 6727.536834][ T6542] hsr_slave_1: left promiscuous mode [ 6728.230890][ T6542] veth1_macvtap: left promiscuous mode [ 6728.250542][ T6542] veth0_macvtap: left promiscuous mode [ 6728.315324][ T6542] veth1_vlan: left promiscuous mode [ 6728.321973][ T6542] veth0_vlan: left promiscuous mode [ 6806.325218][ T7696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6806.567453][ T7696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6832.048606][ T7696] hsr_slave_0: entered promiscuous mode [ 6832.128774][ T7696] hsr_slave_1: entered promiscuous mode [ 6843.989119][ T7818] kvm [7818]: Failed to find VMA for hva 0x21016000 [ 6857.862232][ T7696] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6858.442244][ T7696] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6858.821590][ T7696] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6859.225484][ T7696] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6883.722288][ T7696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6966.885364][ T7921] print_sys_reg_msg: 300 callbacks suppressed [ 6966.928087][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 6966.928087][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6966.951257][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6966.951257][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6966.990469][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6966.990469][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.039753][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.039753][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.080117][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.080117][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.106198][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.106198][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.156904][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.156904][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.196840][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.196840][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.228882][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.228882][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6967.251633][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6967.251633][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6968.700515][ T7696] veth0_vlan: entered promiscuous mode [ 6969.485471][ T7696] veth1_vlan: entered promiscuous mode [ 6971.731534][ T7696] veth0_macvtap: entered promiscuous mode [ 6971.918882][ T7921] print_sys_reg_msg: 404 callbacks suppressed [ 6971.928478][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6971.928478][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6971.979603][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6971.979603][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.039972][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.039972][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.098318][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.098318][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.141658][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.141658][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.171126][ T7696] veth1_macvtap: entered promiscuous mode [ 6972.298725][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.298725][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.322602][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.322602][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.435444][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.435444][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.516683][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.516683][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6972.538539][ T7921] kvm [7920]: Unsupported guest CP15 access at: 00000100 [000001db] [ 6972.538539][ T7921] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 6974.908835][ T7696] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6974.929906][ T7696] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6974.941656][ T7696] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6974.965883][ T7696] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7249.450736][ T8136] KVM: debugfs: duplicate directory 8136-5 [ 7407.407484][ T8256] kvm [8256]: Failed to find VMA for hva 0x21016000 [ 7717.691395][ T8483] debugfs: File 'vgic-its-state@0' in directory '8483-7' already present! [ 7963.675433][ T8658] kvm [8658]: Failed to find VMA for hva 0x20c01000 [ 7976.901666][ T8670] KVM: debugfs: duplicate directory 8670-6 [ 7979.619101][ T8673] kvm [8673]: Failed to find VMA for hva 0x21016000 [ 8090.657576][ T8760] print_sys_reg_msg: 315 callbacks suppressed [ 8090.698370][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 8090.698370][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.721730][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.721730][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.750191][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.750191][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.807216][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.807216][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.851647][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.851647][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.897239][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.897239][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.951339][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.951339][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8090.985557][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8090.985557][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8091.019523][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8091.019523][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8091.052360][ T8760] kvm [8759]: Unsupported guest CP15 access at: 00000100 [000001db] [ 8091.052360][ T8760] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 8182.639276][ T8820] kvm [8820]: Failed to find VMA for hva 0x20c01000 [ 8226.847624][ T8846] kvm [8846]: Failed to find VMA for hva 0x20d8d000 [ 8466.967907][ T9030] kvm [9030]: Failed to find VMA for hva 0x20d8d000 [ 8916.979586][ T9360] kvm [9360]: Failed to find VMA for hva 0x20d8d000 [ 9044.891568][ T9445] kvm [9445]: Failed to find VMA for hva 0x208a1000 [ 9169.428621][ T9538] [ 9169.429815][ T9538] ============================= [ 9169.430734][ T9538] [ BUG: Invalid wait context ] [ 9169.432135][ T9538] 6.16.0-rc3-syzkaller-g7b8346bd9fce #0 Not tainted [ 9169.433390][ T9538] ----------------------------- [ 9169.434192][ T9538] syz.0.1722/9538 is trying to lock: [ 9169.435096][ T9538] 01ff80008e4c9e18 (&xa->xa_lock#20){....}-{3:3}, at: vgic_put_irq+0xb4/0x190 [ 9169.439440][ T9538] other info that might help us debug this: [ 9169.440382][ T9538] context-{5:5} [ 9169.441148][ T9538] 3 locks held by syz.0.1722/9538: [ 9169.442030][ T9538] #0: 01ff80008e4c90a8 (&kvm->slots_lock){+.+.}-{4:4}, at: kvm_vgic_destroy+0x50/0x624 [ 9169.444277][ T9538] #1: 01ff80008e4c9fa0 (&kvm->arch.config_lock){+.+.}-{4:4}, at: kvm_vgic_destroy+0x5c/0x624 [ 9169.446416][ T9538] #2: 4cf000001d70b1a8 (&vgic_cpu->ap_list_lock){....}-{2:2}, at: vgic_flush_pending_lpis+0x3c/0x31c [ 9169.448678][ T9538] stack backtrace: [ 9169.450017][ T9538] CPU: 0 UID: 0 PID: 9538 Comm: syz.0.1722 Not tainted 6.16.0-rc3-syzkaller-g7b8346bd9fce #0 PREEMPT [ 9169.451350][ T9538] Hardware name: linux,dummy-virt (DT) [ 9169.452477][ T9538] Call trace: [ 9169.453346][ T9538] show_stack+0x2c/0x3c (C) [ 9169.454515][ T9538] __dump_stack+0x30/0x40 [ 9169.455313][ T9538] dump_stack_lvl+0xd8/0x12c [ 9169.456062][ T9538] dump_stack+0x1c/0x28 [ 9169.456776][ T9538] __lock_acquire+0x978/0x299c [ 9169.457584][ T9538] lock_acquire+0x14c/0x2e0 [ 9169.458397][ T9538] _raw_spin_lock_irqsave+0x5c/0x7c [ 9169.459268][ T9538] vgic_put_irq+0xb4/0x190 [ 9169.460073][ T9538] vgic_flush_pending_lpis+0x24c/0x31c [ 9169.460950][ T9538] __kvm_vgic_vcpu_destroy+0x44/0x500 [ 9169.461820][ T9538] kvm_vgic_destroy+0x100/0x624 [ 9169.462630][ T9538] kvm_arch_destroy_vm+0x80/0x138 [ 9169.463442][ T9538] kvm_put_kvm+0x800/0xff8 [ 9169.464180][ T9538] kvm_vm_release+0x58/0x78 [ 9169.464937][ T9538] __fput+0x4ac/0x980 [ 9169.465693][ T9538] ____fput+0x20/0x58 [ 9169.466458][ T9538] task_work_run+0x1bc/0x254 [ 9169.467221][ T9538] do_notify_resume+0x1b4/0x270 [ 9169.468049][ T9538] el0_svc+0xb4/0x160 [ 9169.468784][ T9538] el0t_64_sync_handler+0x78/0x108 [ 9169.469596][ T9538] el0t_64_sync+0x198/0x19c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 9174.007626][ T9168] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9174.335104][ T9168] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9174.662161][ T9168] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9174.995688][ T9168] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9182.651403][ T9168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 9182.817996][ T9168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 9182.895966][ T9168] bond0 (unregistering): Released all slaves [ 9183.570377][ T9168] hsr_slave_0: left promiscuous mode [ 9183.604716][ T9168] hsr_slave_1: left promiscuous mode [ 9183.731787][ T9168] veth1_macvtap: left promiscuous mode [ 9183.755576][ T9168] veth0_macvtap: left promiscuous mode [ 9183.767187][ T9168] veth1_vlan: left promiscuous mode [ 9183.775942][ T9168] veth0_vlan: left promiscuous mode [ 9192.564625][ T9168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9192.877833][ T9168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9193.188202][ T9168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9193.502321][ T9168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 9199.356787][ T9168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 9199.425476][ T9168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 9199.476284][ T9168] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 04:05:39 Registers: info registers vcpu 0 CPU#0 PC=ffff800080012a60 X00=0000000000000000 X01=0000ffffd8e6e01c X02=0000000040000001 X03=0000000000000000 X04=0000ffffba357498 X05=00000000fffffffa X06=00000000000f4240 X07=0000ffffba34d798 X08=0000000000000104 X09=00000000000023d0 X10=00000000000023d0 X11=000000003b9ac9ff X12=0000ffffbafb0000 X13=000000007fffffff X14=00000000001bf770 X15=00000858660d9967 X16=0000000000800000 X17=0000000000000017 X18=0000000000003a98 X19=0000000040000001 X20=ffffffffffffffff X21=00000000001b7740 X22=0000ffffd8e6e070 X23=0000ffffba370000 X24=0000ffffba370000 X25=00000000008be48d X26=00000000000001f4 X27=0000000000000006 X28=0000000000003a98 X29=0000ffffd8e6df60 X30=0000ffffba060a60 SP=ffff80008ec88000 PSTATE=414023c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0a00000000000000:0a00000000000000 Z01=0000000a00000000:0000000000000000 Z02=000000000000000a:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000000a:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffd8e6df90:0000ffffd8e6df90 Z17=ffffff80ffffffd0:0000ffffd8e6df60 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000