last executing test programs: 1m4.589926125s ago: executing program 0 (id=416): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000300)={0x1000020, 0x1}) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x800035a3, 0x9}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r7 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, 0x0) 54.889338177s ago: executing program 0 (id=418): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, r1, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x101fc, 0x3, 0x5000, 0x1000, &(0x7f0000f3d000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0xffffffffffffffff, 0x3}) ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000001) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, r1, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x101fc, 0x3, 0x5000, 0x1000, &(0x7f0000f3d000/0x1000)=nil}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0xffffffffffffffff, 0x3}) (async) ioctl$KVM_CREATE_VM(r6, 0x401c5820, 0x20000001) (async) 51.490441917s ago: executing program 1 (id=419): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x401, 0x3}}) (async) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x0, 0x4}}) (async) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async, rerun: 64) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8) (rerun: 64) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r3, 0x4068aea3, &(0x7f0000000100)) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r4, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x3}) (async) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000200)=0xc0fd) ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000640)={0x10001, 0x40, 0x280, &(0x7f0000000240)=[0x7, 0x6, 0xd7c, 0x1000, 0xfffffffffffffffe, 0x2, 0x2a5f, 0x7, 0xfffffffffffffffc, 0x4, 0x8, 0x80000001, 0x101, 0x0, 0x7fffffff, 0x8, 0xd8c, 0x2, 0x6, 0x8, 0xffffffffffffffff, 0xfffffffffffffff9, 0x4, 0x6, 0xfda5, 0x3, 0x7, 0xf, 0x900, 0x8, 0xe099, 0xfa, 0x8, 0x8, 0x9, 0x9, 0x5, 0x3, 0x2, 0xfff, 0x0, 0x77b3, 0x0, 0xfffffffffffffff8, 0x7, 0x9, 0x0, 0x6, 0x1, 0x8, 0x2, 0xb989, 0xfffffffffffeffff, 0x1, 0x4, 0x7f, 0x5, 0x6, 0x0, 0x2, 0x7bab, 0x401, 0x101, 0x8001, 0x9, 0x100000000, 0x4, 0x3, 0x8, 0x4, 0xd, 0x2, 0x4, 0x9, 0x7, 0xfffffffffffffe00, 0x5, 0x7f, 0xffff, 0x1, 0x5c2, 0x0, 0x9, 0x7fff, 0x8, 0xffffffffffffffff, 0x2, 0x6, 0x8001, 0x0, 0x0, 0x827, 0x0, 0x9, 0x8000000000000001, 0x2, 0x2bf1, 0xa, 0xf0fa, 0xb, 0xffff, 0x400, 0x4, 0x8, 0xb, 0x7fff, 0x1, 0x9, 0x4, 0x4, 0x9, 0x1, 0x1, 0x5, 0xffffffffffffffff, 0x6a, 0x7, 0x9, 0x4, 0x8000, 0x5, 0xa7a, 0x3, 0x6e0, 0x801, 0x401, 0x3, 0x7ff]}) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x20) (async) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000680)={0xb6, 0x0, 0xb3}) (async) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r0, 0x4068aea3, &(0x7f0000000700)) (async) ioctl$KVM_CAP_ARM_USER_IRQ(r4, 0x4068aea3, &(0x7f0000000780)) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (rerun: 32) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000800)={0x3, 0x1, 0xf000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000840)) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) close(r5) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000900)=@arm64_fp={0x6040000000100097, &(0x7f00000008c0)=0xf}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000940)={0x2, 0x0, 0xf000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24) syz_kvm_vgic_v3_setup(r6, 0x0, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10) r8 = syz_kvm_vgic_v3_setup(r7, 0x2, 0x20) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f00000009c0)=@attr_other={0x0, 0x200, 0x4, &(0x7f0000000980)=0x400}) (async, rerun: 64) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) (async, rerun: 64) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) 45.843363923s ago: executing program 0 (id=420): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 45.741338173s ago: executing program 1 (id=421): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) close(r2) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) (async) close(r2) 40.370015312s ago: executing program 0 (id=422): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async, rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) (rerun: 32) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r7, 0xe, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r7, 0x6000002, 0x4d832, 0xffffffffffffffff, 0x0) 31.730708458s ago: executing program 0 (id=423): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG_arm64(0xffffffffffffffff, 0x4208ae9b, &(0x7f0000000240)={0x10001, 0x0, {[0x0, 0x7, 0x9, 0xb086, 0xfff, 0x3, 0x1, 0xfffffffffffffff7, 0x5, 0x7, 0x9, 0x100000000, 0x8, 0xfffffffffffffffc, 0x89, 0xffffffff00000000], [0x9, 0x9, 0x80000000, 0xb, 0x6, 0x8, 0x488, 0x8, 0x3, 0x4, 0x10, 0x2, 0xd, 0x4, 0xffffffff, 0x4], [0xc760, 0x8000000000000001, 0x1000, 0x1, 0xa, 0x2fb89584, 0x9, 0x7, 0x2, 0x7, 0x3, 0x2, 0x9, 0x4, 0x10000, 0x8000000000000001], [0x6, 0x2558, 0x8, 0x80000001, 0x27e1d36f, 0x7, 0x9, 0x4, 0x26da, 0x5, 0x3, 0x7f, 0x4, 0x6, 0x7, 0x25]}}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_GET_STATS_FD_cpu(r3, 0xaece) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000140)=@arm64={0x0, 0x1, 0x4, '\x00', 0x2}) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0x69}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r10, 0x2, 0x100) ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000000)={0x8000000, 0x5000}) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r14, 0x1, 0x100) r16 = eventfd2(0x4, 0x80801) ioctl$KVM_IRQFD(r14, 0x4020ae76, &(0x7f0000000000)={r16, 0x6, 0x2, r15}) 31.031846768s ago: executing program 1 (id=424): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xc0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xc0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) 21.326248261s ago: executing program 1 (id=425): mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xa, 0x23ac5f9b426ec4b2, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x8000ae8c, 0x0) munmap(&(0x7f0000003000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000080)=@arm64_ccsidr={0x602000000011000d, &(0x7f0000000000)=0xffffffffffffffff}) 14.440038392s ago: executing program 1 (id=426): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140001, &(0x7f0000000000)=0x7}) openat$kvm(0x0, 0x0, 0x0, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, 0x0}, &(0x7f00000001c0)=[@featur2={0x1, 0x24}], 0x1) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r4, 0x1, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x30}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r12, 0x0) r14 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x3a) r15 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0xc4000053, [0xa, 0x2, 0xfffffffffffffa3a, 0x1000, 0x1]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) eventfd2(0xde8, 0x80800) 8.933284664s ago: executing program 0 (id=427): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r5, 0x4018aee2, &(0x7f00000002c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bf4000/0x400000)=nil) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x1000, &(0x7f0000f13000/0x1000)=nil}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece) r11 = eventfd2(0xd, 0x1) close(r11) write$eventfd(r11, 0x0, 0x0) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000001c0)={0x200, 0x3000, 0x8, r11, 0x4}) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x4, 0x2}) r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xc5000020, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) 0s ago: executing program 1 (id=428): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x7) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x1, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x1, &(0x7f0000000080)=0x2}) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1c) munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000380)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x4, 0x4, 0x36d}}, @svc={0x122, 0x40, {0x2000, [0x25d8, 0xfffffffffffffe00, 0x8, 0x100, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0x8, 0x7ff, 0xb, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x10, 0x81, 0x2, 0x4}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x2d8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0xe, 0x0, 0x9}}, @uexit={0x0, 0x18, 0xfffffffffffffffd}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x730, 0x28}}, @eret={0xe6, 0x18, 0x2}, @smc={0x1e, 0x40, {0x31000000, [0x39cb, 0x0, 0x9aae, 0xf, 0x3]}}, @code={0xa, 0x3c, {"00eca02e0000206a00b0204e00fc202e007008d50000209b0028216e00b4205e0010206e007008d5"}}, @eret={0xe6, 0x18, 0x1}, @hvc={0x32, 0x40, {0x8600ff01, [0x3, 0x3, 0xc49, 0x6, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013def0}}], 0x254}, &(0x7f00000003c0)=[@featur2={0x1, 0x3}], 0x1) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000440)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000400)=0x4}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x9, 0x4000010, r5, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2b) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1b) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000500)=@attr_other={0x0, 0x8, 0x1, &(0x7f00000004c0)=0xd84}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000540)={0x10000, 0x4, 0x10000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000580)={0x9, 0xffffffffffffffff}) r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r10, 0x4008ae73, &(0x7f00000005c0)={0xfff, 0x2}) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000600)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0x2eb}}, @eret={0xe6, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x603000000013f665}}, @msr={0x14, 0x20, {0x603000000013800f, 0x1}}, @msr={0x14, 0x20, {0x603000000013805d, 0x3}}, @hvc={0x32, 0x40, {0x10, [0x800, 0x7, 0x8, 0xf89e, 0x7fffffffffffffff]}}], 0xd8}, &(0x7f0000000740)=[@featur1={0x1, 0x80}], 0x1) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000007c0)=@attr_other={0x0, 0x10, 0x4, &(0x7f0000000780)=0x3}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000840)=@attr_other={0x0, 0x8, 0x4, &(0x7f0000000800)=0xc}) mmap$KVM_VCPU(&(0x7f0000ff8000/0x3000)=nil, 0x0, 0x2, 0x13, r5, 0x0) r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000e00)={0x0, &(0x7f0000000880)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0x2, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x4f8, 0xc}}, @code={0xa, 0x9c, {"007008d5e0d39bd200c0b0f2a10180d2820180d2e30180d2840080d2020000d480498fd20040b0f2410080d2020080d2830080d2e40180d2020000d4000028d50024002f00b391d200c0b0f2610180d2c20080d2030080d2a40180d2020000d400084078007008d5007008d540ba90d200e0b0f2810080d2820180d2430080d2440180d2020000d4"}}, @uexit={0x0, 0x18, 0x2}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0xb, 0x8}}, @msr={0x14, 0x20, {0x603000000013c600, 0x9}}, @svc={0x122, 0x40, {0x1000000, [0xe, 0xd, 0x8, 0x5b0f, 0x8f0]}}, @mrs={0xbe, 0x18, {0x603000000013f2b0}}, @smc={0x1e, 0x40, {0x84000050, [0x3b8b, 0x5, 0x3, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013805f}}, @uexit={0x0, 0x18, 0x700}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e510, 0x8000}}, @mrs={0xbe, 0x18, {0x603000000013c081}}, @irq_setup={0x46, 0x18, {0x3, 0x164}}, @code={0xa, 0x84, {"008008d5007008d500c0e00dc00b87d20080b0f2a10080d2820080d2630080d2240180d2020000d4007008d5003490d20020b8f2c10080d2220180d2630080d2040180d2020000d40040601e809797d200a0b0f2410080d2420180d2e30180d2c40180d2020000d40000039e0000c0ad"}}, @uexit={0x0, 0x18, 0x6a37}, @mrs={0xbe, 0x18, {0x603000000013802e}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0xa, 0x2805, 0x0, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013dea8}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xc00}}, @irq_setup={0x46, 0x18, {0x0, 0x33c}}, @irq_setup={0x46, 0x18, {0x2, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6d1bba99b59ba23c, 0x4, 0x4}}, @svc={0x122, 0x40, {0x84000013, [0x8000, 0x0, 0x2, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x74, 0x3}}, @code={0xa, 0x54, {"0028200e000c40bc007008d5007008d560d797d200c0b0f2610080d2220080d2a30180d2e40080d2020000d4008008d50020202e007008d5008008d5000028d5"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf20, 0xffffffff, 0x8}}, @irq_setup={0x46, 0x18, {0x1, 0x1ea}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x0, 0x1}}], 0x554}, &(0x7f0000000e40)=[@featur2={0x1, 0x84}], 0x1) ioctl$KVM_DIRTY_TLB(r11, 0x4010aeaa, &(0x7f0000000e80)={0x101, 0x8}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000ec0)={0xeeee0000, 0x15000}) kernel console output (not intermixed with test programs): [ 419.342033][ T3145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.356207][ T3145] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:44485' (ED25519) to the list of known hosts. [ 635.674684][ T25] audit: type=1400 audit(634.840:61): avc: denied { name_bind } for pid=3316 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 636.642409][ T25] audit: type=1400 audit(635.820:62): avc: denied { execute } for pid=3317 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 636.666002][ T25] audit: type=1400 audit(635.830:63): avc: denied { execute_no_trans } for pid=3317 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 662.712677][ T25] audit: type=1400 audit(661.890:64): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 662.741317][ T25] audit: type=1400 audit(661.910:65): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 662.823516][ T3317] cgroup: Unknown subsys name 'net' [ 662.872787][ T25] audit: type=1400 audit(662.050:66): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 663.279975][ T3317] cgroup: Unknown subsys name 'cpuset' [ 663.391708][ T3317] cgroup: Unknown subsys name 'rlimit' [ 664.404394][ T25] audit: type=1400 audit(663.580:67): avc: denied { setattr } for pid=3317 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 664.431887][ T25] audit: type=1400 audit(663.600:68): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 664.450241][ T25] audit: type=1400 audit(663.620:69): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 665.673608][ T3320] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 665.695383][ T25] audit: type=1400 audit(664.870:70): avc: denied { relabelto } for pid=3320 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 665.723433][ T25] audit: type=1400 audit(664.900:71): avc: denied { write } for pid=3320 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 665.905962][ T25] audit: type=1400 audit(665.080:72): avc: denied { read } for pid=3317 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 665.924714][ T25] audit: type=1400 audit(665.100:73): avc: denied { open } for pid=3317 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 665.976092][ T3317] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 719.504053][ T25] audit: type=1400 audit(718.680:74): avc: denied { execmem } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 724.309912][ T25] audit: type=1400 audit(723.480:75): avc: denied { read } for pid=3323 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 724.345512][ T25] audit: type=1400 audit(723.520:76): avc: denied { open } for pid=3323 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 724.433898][ T25] audit: type=1400 audit(723.610:77): avc: denied { mounton } for pid=3323 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 724.702765][ T25] audit: type=1400 audit(723.880:78): avc: denied { module_request } for pid=3323 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 724.739946][ T25] audit: type=1400 audit(723.910:79): avc: denied { module_request } for pid=3324 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 725.873132][ T25] audit: type=1400 audit(725.040:80): avc: denied { sys_module } for pid=3324 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 750.482421][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 750.617776][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 751.853855][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 751.992120][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 765.944492][ T3324] hsr_slave_0: entered promiscuous mode [ 765.996469][ T3324] hsr_slave_1: entered promiscuous mode [ 768.307553][ T3323] hsr_slave_0: entered promiscuous mode [ 768.375883][ T3323] hsr_slave_1: entered promiscuous mode [ 768.450384][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 768.454399][ T3323] Cannot create hsr debugfs directory [ 776.380226][ T25] audit: type=1400 audit(775.550:81): avc: denied { create } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 776.430259][ T25] audit: type=1400 audit(775.600:82): avc: denied { write } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 776.460688][ T25] audit: type=1400 audit(775.630:83): avc: denied { read } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 776.614272][ T3324] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 776.936296][ T3324] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 777.280093][ T3324] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 777.713605][ T3324] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 779.323650][ T3323] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 779.525833][ T3323] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 779.677836][ T3323] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 779.922667][ T3323] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 792.937300][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.054011][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 855.272556][ T3324] veth0_vlan: entered promiscuous mode [ 855.763563][ T3324] veth1_vlan: entered promiscuous mode [ 857.981997][ T3323] veth0_vlan: entered promiscuous mode [ 858.155644][ T3324] veth0_macvtap: entered promiscuous mode [ 858.517581][ T3324] veth1_macvtap: entered promiscuous mode [ 858.802540][ T3323] veth1_vlan: entered promiscuous mode [ 860.779894][ T3371] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.792766][ T3371] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.913292][ T3359] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.914798][ T3359] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.043950][ T3323] veth0_macvtap: entered promiscuous mode [ 862.650698][ T3323] veth1_macvtap: entered promiscuous mode [ 863.642204][ T25] audit: type=1400 audit(862.810:84): avc: denied { mount } for pid=3324 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 863.816021][ T25] audit: type=1400 audit(862.990:85): avc: denied { mounton } for pid=3324 comm="syz-executor" path="/syzkaller.GILzAi/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 863.967031][ T25] audit: type=1400 audit(863.140:86): avc: denied { mount } for pid=3324 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 864.379714][ T25] audit: type=1400 audit(863.480:87): avc: denied { mounton } for pid=3324 comm="syz-executor" path="/syzkaller.GILzAi/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 864.534354][ T25] audit: type=1400 audit(863.710:88): avc: denied { mounton } for pid=3324 comm="syz-executor" path="/syzkaller.GILzAi/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 865.223249][ T25] audit: type=1400 audit(864.390:89): avc: denied { unmount } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 865.334818][ T2128] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.411636][ T2128] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.422806][ T2128] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.451063][ T2128] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.537338][ T25] audit: type=1400 audit(864.710:90): avc: denied { mounton } for pid=3324 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 865.675618][ T25] audit: type=1400 audit(864.850:91): avc: denied { mount } for pid=3324 comm="syz-executor" name="/" dev="gadgetfs" ino=3789 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 865.993127][ T25] audit: type=1400 audit(865.140:92): avc: denied { mount } for pid=3324 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 866.139607][ T25] audit: type=1400 audit(865.270:93): avc: denied { mounton } for pid=3324 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 867.714746][ T3324] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 868.874833][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 868.884121][ T25] audit: type=1400 audit(868.050:95): avc: denied { read write } for pid=3324 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 868.949970][ T25] audit: type=1400 audit(868.110:96): avc: denied { open } for pid=3324 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 868.974741][ T25] audit: type=1400 audit(868.150:97): avc: denied { ioctl } for pid=3324 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 877.934648][ T25] audit: type=1400 audit(877.110:98): avc: denied { read } for pid=3476 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 877.999196][ T25] audit: type=1400 audit(877.170:99): avc: denied { open } for pid=3476 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 878.401701][ T25] audit: type=1400 audit(877.570:100): avc: denied { ioctl } for pid=3476 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 880.077192][ T25] audit: type=1400 audit(879.250:101): avc: denied { execute } for pid=3476 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3857 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 883.395131][ T25] audit: type=1400 audit(882.570:102): avc: denied { write } for pid=3478 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 896.494731][ T25] audit: type=1400 audit(895.600:103): avc: denied { append } for pid=3485 comm="syz.1.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 919.549286][ T25] audit: type=1400 audit(918.680:104): avc: denied { setattr } for pid=3497 comm="syz.1.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1103.914920][ T25] audit: type=1400 audit(1103.050:105): avc: denied { map } for pid=3602 comm="syz.0.41" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1172.477147][ T25] audit: type=1400 audit(1171.640:106): avc: denied { map } for pid=3639 comm="syz.0.53" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1345.532014][ T3744] kvm [3744]: Failed to find VMA for hva 0x20d8d000 [ 1345.561361][ T3747] kvm [3747]: Failed to find VMA for hva 0x20d8d000 [ 1737.134336][ T3994] kvm [3994]: Failed to find VMA for hva 0x21016000 [ 2016.472533][ T4146] kvm [4146]: Failed to find VMA for hva 0x21016000 [ 2119.182363][ T25] audit: type=1400 audit(2118.330:107): avc: denied { ioctl } for pid=4216 comm="syz.1.230" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2142.204275][ T4230] kvm [4230]: Failed to find VMA for hva 0x21016000 [ 2457.981717][ T4433] kvm [4433]: Failed to find VMA for hva 0x20dcd000 [ 2498.291358][ T25] audit: type=1400 audit(2497.450:108): avc: denied { execute } for pid=4461 comm="syz.1.302" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2809.296919][ T4649] kvm [4649]: Failed to find VMA for hva 0x20e8b000 [ 2917.742370][ T4692] kvm [4692]: Failed to find VMA for hva 0x21016000 [ 2939.896860][ T4704] KVM: debugfs: duplicate directory 4704-8 [ 3206.122357][ T4884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60209 [ 3206.153478][ T4884] flags: 0x1ffe50000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x94) [ 3206.181060][ T4884] raw: 01ffe50000000000 ffffc1ffc080a188 ffffc1ffc080c288 0000000000000000 [ 3206.219853][ T4884] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 3206.229267][ T4884] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 3206.244059][ T4884] ------------[ cut here ]------------ [ 3206.244322][ T4884] kernel BUG at ./include/linux/mm.h:1036! [ 3206.246088][ T4884] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 3206.251545][ T4884] Modules linked in: [ 3206.253552][ T4884] CPU: 0 UID: 0 PID: 4884 Comm: syz.0.427 Not tainted syzkaller #0 PREEMPT [ 3206.255137][ T4884] Hardware name: linux,dummy-virt (DT) [ 3206.256483][ T4884] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 3206.257929][ T4884] pc : kvm_s2_put_page+0x374/0x3a0 [ 3206.260249][ T4884] lr : kvm_s2_put_page+0x374/0x3a0 [ 3206.261379][ T4884] sp : ffff80008eae7570 [ 3206.262157][ T4884] x29: ffff80008eae7570 x28: 94f000002030a000 x27: 94f000002030a000 [ 3206.263928][ T4884] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 3206.265435][ T4884] x23: ffffc1ffc0808248 x22: 0000000000000000 x21: ffffc1ffc0808274 [ 3206.266960][ T4884] x20: 0000000000000000 x19: ffffc1ffc0808240 x18: 00000000f1642a4b [ 3206.268368][ T4884] x17: 00000000049c2827 x16: 00000000f163fa03 x15: 000000001ae634b2 [ 3206.269841][ T4884] x14: ffffffffffffffff x13: fff000000d388008 x12: 0000000000000001 [ 3206.271287][ T4884] x11: 0000000000080000 x10: 000000000004d40c x9 : 25eb08c7b02f3e00 [ 3206.272883][ T4884] x8 : 25eb08c7b02f3e00 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 3206.274358][ T4884] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008074b7f8 [ 3206.275804][ T4884] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 3206.277447][ T4884] Call trace: [ 3206.278347][ T4884] kvm_s2_put_page+0x374/0x3a0 (P) [ 3206.279743][ T4884] stage2_free_walker+0x1b0/0x264 [ 3206.280875][ T4884] __kvm_pgtable_walk+0x7d8/0xa68 [ 3206.281980][ T4884] kvm_pgtable_walk+0x294/0x468 [ 3206.283012][ T4884] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 3206.284175][ T4884] kvm_free_stage2_pgd+0x198/0x28c [ 3206.285215][ T4884] kvm_uninit_stage2_mmu+0x20/0x38 [ 3206.286215][ T4884] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 3206.287321][ T4884] kvm_mmu_notifier_release+0x48/0xa8 [ 3206.288373][ T4884] mmu_notifier_unregister+0x128/0x42c [ 3206.289283][ T4884] kvm_put_kvm+0x6a0/0xfa8 [ 3206.290200][ T4884] kvm_vcpu_release+0x70/0x9c [ 3206.291281][ T4884] __fput+0x4ac/0x980 [ 3206.292082][ T4884] ____fput+0x20/0x58 [ 3206.292846][ T4884] task_work_run+0x1bc/0x254 [ 3206.293768][ T4884] get_signal+0x13ec/0x1554 [ 3206.294735][ T4884] do_signal+0x23c/0x4dd0 [ 3206.295684][ T4884] do_notify_resume+0xb0/0x270 [ 3206.296732][ T4884] el0_svc+0xb8/0x164 [ 3206.297628][ T4884] el0t_64_sync_handler+0x84/0x12c [ 3206.298708][ T4884] el0t_64_sync+0x198/0x19c [ 3206.300253][ T4884] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 3206.302206][ T4884] ---[ end trace 0000000000000000 ]--- [ 3206.303857][ T4884] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 3206.305975][ T4884] Kernel Offset: disabled [ 3206.306679][ T4884] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 3206.307875][ T4884] Memory Limit: none [ 3206.311428][ T4884] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:16:01 Registers: info registers vcpu 0 CPU#0 PC=ffff80008656e72c X00=0000000000000003 X01=0000000000000000 X02=0000000000000000 X03=ffff80008717352c X04=ffff80008eae70b0 X05=0000000000000000 X06=ffff800080363b94 X07=ffff800080015834 X08=ffff80008656e724 X09=0000000000000003 X10=000000000004e615 X11=0000000000080000 X12=0000000000ff0100 X13=0000000000000003 X14=0000000000000002 X15=ffff800087f83a20 X16=0000000000000000 X17=00000000049c2827 X18=00000000f1642a4b X19=0000000000000004 X20=ffff8000878230c0 X21=35f000000d388008 X22=0000000000000035 X23=00000000ffffffff X24=35f000000d388000 X25=ffff80008eae70b0 X26=ffff8000878230c0 X27=0000000000000035 X28=0000000000000028 X29=ffff80008eae6f20 X30=ffff8000805a31d4 SP=ffff80008eae6f10 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=65642f000a732520:7325207334362e25 Z02=635f6665725f6567:617028454741505f Z03=000000ff0000ff00:00ff0000000000ff Z04=0000000000000000:000f00f00f00000f Z05=41505f4e4f5f4755:425f4d56203a6573 Z06=3030203030303030:3030303030303030 Z07=3020303030303030:3030303030303030 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffff8366cf0:0000fffff8366cf0 Z17=ffffff80ffffffd0:0000fffff8366cc0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000