last executing test programs: 1m14.986812433s ago: executing program 0 (id=1972): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000640)=[@smc={0x1e, 0x40, {0xc4000012, [0x80, 0x4, 0x0, 0x4, 0x8001]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r6, 0x2}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r6, 0x6}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x100, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f0000000380)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0x2, 0x35, 0x7, 0x4}}, @msr={0x14, 0x20, {0x603000000013debf, 0x5}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x197}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x3e6}}, @svc={0x122, 0x40, {0x2000000, [0x6, 0x19, 0x3, 0x0, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0x1000, 0xc}}, @svc={0x122, 0x40, {0x100002004, [0x9, 0x5, 0x12, 0x7fffffffffffffff, 0x6]}}, @irq_setup={0x46, 0x18, {0x3, 0xc1}}, @irq_setup={0x46, 0x18, {0x4, 0x64}}, @eret={0xe6, 0x18, 0x1000000}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0xb, 0x9, 0xd0, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013801e}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x80, 0x2, 0x4}}, @smc={0x1e, 0x40, {0x84000012, [0x200, 0x3, 0x0, 0x2, 0xffffffffffff9ca7]}}, @mrs={0xbe, 0x18, {0x603000000013df69}}, @smc={0x1e, 0x40, {0xffff, [0x7, 0x7, 0x7f, 0x4, 0x6fac]}}, @msr={0x14, 0x20, {0x603000000013800d, 0xc16}}, @eret={0xe6, 0x18, 0x101}], 0x2d0}, &(0x7f0000000140)=[@featur2={0x1, 0x1}], 0x1) (async) syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r10 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x1, 0xc, &(0x7f00000001c0)=0x2}) (async) r11 = openat$kvm(0x0, 0x0, 0x101000, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) (async) r14 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r15, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r18, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r17, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) 1m3.7860355s ago: executing program 0 (id=1974): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x80000, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000300)=0x137}) (async) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r9, 0xae03, 0xae) (async) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6) r10 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, 0x0, 0x0, 0x0) (async) syz_memcpy_off$KVM_EXIT_MMIO(r10, 0x20, 0x0, 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000d30000/0x3000)=nil, 0x0, 0x2, 0x20010, r3, 0x0) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000c91000/0x1000)=nil, 0x0, 0x2000004, 0x11, r3, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000340)="fb2f49dd0333e3ac2cc4a39eae2bf4e7454e37c4b85400005aad10fbff67521ce16f8f1f449a7a835673312b54ebb2b076c869d22627e7000065a0c5cf54311e63000000fdffffff", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x399972, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 51.891773279s ago: executing program 0 (id=1976): syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x15) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x1}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000240)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x1}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r2, 0xc018aec0, &(0x7f00000000c0)={0x1}) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x8040aeb6, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x1, 0x0}) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x401]}}], 0x40}, 0x0, 0x0) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r15, 0x2000003, 0x11, r14, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 39.170686303s ago: executing program 1 (id=1978): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x7c1102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IRQ_LINE(r3, 0x5452, &(0x7f0000000100)={0x1000020, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000040)={0x5}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x8a880, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) eventfd2(0x0, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, 0x0) 28.449706402s ago: executing program 0 (id=1979): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x500, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x200000b, 0x4010, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000000000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) close(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) 27.713681758s ago: executing program 1 (id=1980): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x401054d5, 0x110c230020) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f0000000080)={0xfffffffffffffffa, 0x2, 0x4, 0xffffffffffffffff, 0x8a4fa382f1515d0b}) (async) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x971fe1cdf56b3eff) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x4}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100014, &(0x7f00000000c0)=0xfff}) (async) mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0x0, 0xe832, 0xffffffffffffffff, 0x0) 20.599167767s ago: executing program 0 (id=1981): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x4, 0x220) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x29f}}], 0x50}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x46) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c4f1, &(0x7f00000001c0)=0x3}) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) r17 = eventfd2(0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, 0x930, 0xc0ffff, 0x11, r17, 0x0) 17.993373755s ago: executing program 1 (id=1982): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1b) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r2, &(0x7f00000001c0)=0x1, 0x11) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x13) 11.851198785s ago: executing program 1 (id=1983): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x101800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000fe4000/0x3000)=nil, r4, 0x2, 0x4008012, r2, 0x9000000) 5.954331069s ago: executing program 1 (id=1984): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x52) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x88c80, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, r7, 0x2000004, 0x2011, r6, 0x0) r8 = eventfd2(0x0, 0x0) close(r8) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r8, 0x0) 1.308717386s ago: executing program 0 (id=1985): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x8001, 0x4}}], 0x28}, 0x0, 0x0) r8 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000000)=0x3}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$arm64(r10, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x5, 0x2, &(0x7f0000000140)=0x3}) ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000000)={0x7ffc, 0x5000, 0x2, 0xffffffffffffffff, 0x7ffffff9}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000500)={0x2710, 0x1, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) r14 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r15, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1986): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x1000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r13, r14, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100036, &(0x7f0000000000)=0xcb}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r15 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0xf, 0xffffffff, 0x0, 0x2}}], 0x28}, &(0x7f0000000280)=[@featur2={0x1, 0x8}], 0x1) ioctl$KVM_RUN(r16, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 378.809233][ T3167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.400287][ T3167] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:29244' (ED25519) to the list of known hosts. [ 586.736036][ T25] audit: type=1400 audit(585.970:61): avc: denied { name_bind } for pid=3318 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 588.044290][ T25] audit: type=1400 audit(587.280:62): avc: denied { execute } for pid=3319 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 588.077950][ T25] audit: type=1400 audit(587.320:63): avc: denied { execute_no_trans } for pid=3319 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 610.387648][ T25] audit: type=1400 audit(609.630:64): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 610.443541][ T25] audit: type=1400 audit(609.680:65): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 610.526877][ T3319] cgroup: Unknown subsys name 'net' [ 610.584887][ T25] audit: type=1400 audit(609.820:66): avc: denied { unmount } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 611.031186][ T3319] cgroup: Unknown subsys name 'cpuset' [ 611.164799][ T3319] cgroup: Unknown subsys name 'rlimit' [ 612.077917][ T25] audit: type=1400 audit(611.320:67): avc: denied { setattr } for pid=3319 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 612.104072][ T25] audit: type=1400 audit(611.340:68): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 612.126417][ T25] audit: type=1400 audit(611.360:69): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 613.157410][ T3323] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 613.177138][ T25] audit: type=1400 audit(612.410:70): avc: denied { relabelto } for pid=3323 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.197072][ T25] audit: type=1400 audit(612.430:71): avc: denied { write } for pid=3323 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 613.377408][ T25] audit: type=1400 audit(612.620:72): avc: denied { read } for pid=3319 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.400508][ T25] audit: type=1400 audit(612.630:73): avc: denied { open } for pid=3319 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.445885][ T3319] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 668.413842][ T25] audit: type=1400 audit(667.650:74): avc: denied { execmem } for pid=3329 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 672.731279][ T25] audit: type=1400 audit(671.970:75): avc: denied { read } for pid=3331 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.771462][ T25] audit: type=1400 audit(672.010:76): avc: denied { open } for pid=3331 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 672.858358][ T25] audit: type=1400 audit(672.100:77): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 673.133459][ T25] audit: type=1400 audit(672.370:78): avc: denied { module_request } for pid=3331 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 673.172783][ T25] audit: type=1400 audit(672.410:79): avc: denied { module_request } for pid=3332 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 674.108339][ T25] audit: type=1400 audit(673.350:80): avc: denied { sys_module } for pid=3332 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 696.298694][ T3331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 696.844964][ T3331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 697.014687][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 697.765631][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 711.889354][ T3331] hsr_slave_0: entered promiscuous mode [ 711.917557][ T3331] hsr_slave_1: entered promiscuous mode [ 712.947364][ T3332] hsr_slave_0: entered promiscuous mode [ 712.980552][ T3332] hsr_slave_1: entered promiscuous mode [ 713.013628][ T3332] debugfs: 'hsr0' already exists in 'hsr' [ 713.023283][ T3332] Cannot create hsr debugfs directory [ 718.097431][ T25] audit: type=1400 audit(717.340:81): avc: denied { create } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.148207][ T25] audit: type=1400 audit(717.390:82): avc: denied { write } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.183946][ T25] audit: type=1400 audit(717.420:83): avc: denied { read } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 718.370791][ T3331] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 718.807631][ T3331] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 719.074646][ T3331] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 719.389486][ T3331] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 720.710164][ T3332] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 720.807252][ T3332] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 721.000326][ T3332] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 721.244321][ T3332] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 733.414999][ T3331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.839806][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 786.215990][ T3331] veth0_vlan: entered promiscuous mode [ 786.667733][ T3331] veth1_vlan: entered promiscuous mode [ 788.003595][ T3332] veth0_vlan: entered promiscuous mode [ 788.580364][ T3332] veth1_vlan: entered promiscuous mode [ 789.306835][ T3331] veth0_macvtap: entered promiscuous mode [ 789.796286][ T3331] veth1_macvtap: entered promiscuous mode [ 791.104826][ T3332] veth0_macvtap: entered promiscuous mode [ 791.663625][ T3332] veth1_macvtap: entered promiscuous mode [ 792.130346][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.177871][ T3384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.197178][ T3376] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 792.208961][ T3376] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.618766][ T25] audit: type=1400 audit(793.860:84): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 794.719637][ T2132] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.725391][ T2132] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.758156][ T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.759295][ T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.878755][ T25] audit: type=1400 audit(794.120:85): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/syzkaller.fuYKsd/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 795.060798][ T25] audit: type=1400 audit(794.300:86): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 795.358280][ T25] audit: type=1400 audit(794.580:87): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/syzkaller.fuYKsd/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 795.494497][ T25] audit: type=1400 audit(794.730:88): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/syzkaller.fuYKsd/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 796.266957][ T25] audit: type=1400 audit(795.500:89): avc: denied { unmount } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 796.583741][ T25] audit: type=1400 audit(795.820:90): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 796.717942][ T25] audit: type=1400 audit(795.940:91): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="gadgetfs" ino=3793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 796.867233][ T25] audit: type=1400 audit(796.110:92): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 796.917031][ T25] audit: type=1400 audit(796.140:93): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 798.020712][ T3331] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 807.617211][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 807.627374][ T25] audit: type=1400 audit(806.860:98): avc: denied { read } for pid=3483 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 807.720311][ T25] audit: type=1400 audit(806.950:99): avc: denied { open } for pid=3483 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 807.933864][ T25] audit: type=1400 audit(807.170:100): avc: denied { ioctl } for pid=3483 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 809.414671][ T25] audit: type=1400 audit(808.640:101): avc: denied { write } for pid=3484 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 825.239183][ T25] audit: type=1400 audit(824.450:102): avc: denied { execute } for pid=3492 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4002 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 846.413369][ T3507] kvm [3506]: Unsupported guest access at: eeef0000 [ 846.413369][ T3507] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 847.348858][ T3507] kvm [3507]: Failed to find VMA for hva 0x20d8d000 [ 848.546830][ T25] audit: type=1400 audit(847.780:103): avc: denied { append } for pid=3509 comm="syz.1.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 910.010418][ T25] audit: type=1400 audit(909.220:104): avc: denied { create } for pid=3545 comm="syz.0.20" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 931.865253][ T3558] KVM: debugfs: duplicate directory 3558-7 [ 955.473378][ T25] audit: type=1400 audit(954.710:105): avc: denied { setattr } for pid=3564 comm="syz.1.27" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1039.103489][ T25] audit: type=1400 audit(1038.330:106): avc: denied { map } for pid=3622 comm="syz.0.45" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1039.164817][ T25] audit: type=1400 audit(1038.400:107): avc: denied { execute } for pid=3622 comm="syz.0.45" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1153.223746][ T25] audit: type=1400 audit(1152.440:108): avc: denied { ioctl } for pid=3687 comm="syz.0.66" path="net:[4026532625]" dev="nsfs" ino=4026532625 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1380.610211][ T3820] kvm [3819]: Unsupported guest access at: eeef0000 [ 1380.610211][ T3820] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1381.760276][ T3820] kvm [3820]: Failed to find VMA for hva 0x20d8d000 [ 1431.295964][ T3849] kvm [3849]: Failed to find VMA for hva 0x20c01000 [ 1431.316911][ T3846] kvm [3846]: Failed to find VMA for hva 0x20c01000 [ 1452.699466][ T3859] kvm [3858]: Unsupported guest access at: eeef0000 [ 1452.699466][ T3859] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1454.278664][ T3859] kvm [3859]: Failed to find VMA for hva 0x20d8d000 [ 1492.531035][ T3883] kvm [3883]: Failed to find VMA for hva 0x20c01000 [ 1560.223016][ T25] audit: type=1400 audit(1559.450:109): avc: denied { map } for pid=3934 comm="syz.1.145" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=12339 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1560.236527][ T25] audit: type=1400 audit(1559.460:110): avc: denied { read } for pid=3934 comm="syz.1.145" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=12339 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1693.898729][ T4004] kvm [4004]: Failed to find VMA for hva 0x20c01000 [ 1694.160130][ T4008] kvm [4008]: Failed to find VMA for hva 0x20c01000 [ 1866.173843][ T4119] kvm [4119]: Failed to find VMA for hva 0x20c01000 [ 2366.730651][ T4416] kvm [4416]: Failed to find VMA for hva 0x20dc6000 [ 2366.874813][ T4413] kvm [4413]: Failed to find VMA for hva 0x20d8d000 [ 2590.225558][ T25] audit: type=1400 audit(2589.450:111): avc: denied { execute } for pid=4552 comm="syz.1.341" path="/sys/kernel/debug/kcov" dev="debugfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 2838.286898][ T4704] kvm [4702]: Unsupported guest access at: eeef0000 [ 2838.286898][ T4704] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 2839.450414][ T4704] kvm [4704]: Failed to find VMA for hva 0x20d8d000 [ 3316.305285][ T5008] kvm [5007]: Unsupported guest access at: eeef0000 [ 3316.305285][ T5008] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3317.285169][ T5008] kvm [5008]: Failed to find VMA for hva 0x20d8d000 [ 3672.511436][ T5241] kvm [5239]: Unsupported guest access at: eeef0000 [ 3672.511436][ T5241] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3799.124360][ T5327] kvm [5325]: Unsupported guest access at: eeef0000 [ 3799.124360][ T5327] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3800.029894][ T5327] kvm [5327]: Failed to find VMA for hva 0x20d8d000 [ 3953.229632][ T5425] FAULT_INJECTION: forcing a failure. [ 3953.229632][ T5425] name failslab, interval 1, probability 0, space 0, times 1 [ 3953.315023][ T5425] CPU: 0 UID: 0 PID: 5425 Comm: syz.0.614 Not tainted syzkaller #0 PREEMPT [ 3953.315738][ T5425] Hardware name: linux,dummy-virt (DT) [ 3953.316234][ T5425] Call trace: [ 3953.316652][ T5425] show_stack+0x2c/0x3c (C) [ 3953.318505][ T5425] __dump_stack+0x30/0x40 [ 3953.318774][ T5425] dump_stack_lvl+0xd8/0x12c [ 3953.318982][ T5425] dump_stack+0x1c/0x28 [ 3953.319200][ T5425] should_fail_ex+0x570/0x6e0 [ 3953.319445][ T5425] should_failslab+0xb8/0xec [ 3953.319703][ T5425] kmem_cache_alloc_node_noprof+0x88/0x5c0 [ 3953.320005][ T5425] alloc_vmap_area+0x1c8/0x16cc [ 3953.320259][ T5425] __get_vm_area_node+0x1ec/0x2f8 [ 3953.320490][ T5425] __vmalloc_node_range_noprof+0x260/0x10c0 [ 3953.320729][ T5425] __vmalloc_noprof+0xc8/0xe4 [ 3953.320958][ T5425] kvm_arch_alloc_vm+0x70/0x74 [ 3953.321219][ T5425] kvm_dev_ioctl+0xb4/0x13e0 [ 3953.321490][ T5425] __arm64_sys_ioctl+0x18c/0x244 [ 3953.321714][ T5425] invoke_syscall+0x90/0x238 [ 3953.321996][ T5425] el0_svc_common+0x180/0x2f4 [ 3953.322296][ T5425] do_el0_svc+0x58/0x74 [ 3953.322572][ T5425] el0_svc+0x5c/0x234 [ 3953.322850][ T5425] el0t_64_sync_handler+0x84/0x12c [ 3953.323144][ T5425] el0t_64_sync+0x198/0x19c [ 3953.480598][ T5425] syz.0.614: vmalloc error: size 5416, vm_struct allocation failed, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 3953.604146][ T5425] CPU: 0 UID: 0 PID: 5425 Comm: syz.0.614 Not tainted syzkaller #0 PREEMPT [ 3953.604491][ T5425] Hardware name: linux,dummy-virt (DT) [ 3953.604602][ T5425] Call trace: [ 3953.604681][ T5425] show_stack+0x2c/0x3c (C) [ 3953.605026][ T5425] __dump_stack+0x30/0x40 [ 3953.605260][ T5425] dump_stack_lvl+0xd8/0x12c [ 3953.605469][ T5425] dump_stack+0x1c/0x28 [ 3953.605654][ T5425] warn_alloc+0x144/0x2c4 [ 3953.605933][ T5425] __vmalloc_node_range_noprof+0x280/0x10c0 [ 3953.606197][ T5425] __vmalloc_noprof+0xc8/0xe4 [ 3953.606423][ T5425] kvm_arch_alloc_vm+0x70/0x74 [ 3953.606659][ T5425] kvm_dev_ioctl+0xb4/0x13e0 [ 3953.606907][ T5425] __arm64_sys_ioctl+0x18c/0x244 [ 3953.607145][ T5425] invoke_syscall+0x90/0x238 [ 3953.607483][ T5425] el0_svc_common+0x180/0x2f4 [ 3953.607793][ T5425] do_el0_svc+0x58/0x74 [ 3953.608072][ T5425] el0_svc+0x5c/0x234 [ 3953.608383][ T5425] el0t_64_sync_handler+0x84/0x12c [ 3953.608669][ T5425] el0t_64_sync+0x198/0x19c [ 3953.609344][ T5425] Mem-Info: [ 3953.610157][ T5425] active_anon:4225 inactive_anon:0 isolated_anon:0 [ 3953.610157][ T5425] active_file:19671 inactive_file:2927 isolated_file:0 [ 3953.610157][ T5425] unevictable:768 dirty:31 writeback:0 [ 3953.610157][ T5425] slab_reclaimable:6189 slab_unreclaimable:10183 [ 3953.610157][ T5425] mapped:13503 shmem:825 pagetables:579 [ 3953.610157][ T5425] sec_pagetables:2 bounce:0 [ 3953.610157][ T5425] kernel_misc_reclaimable:0 [ 3953.610157][ T5425] free:335762 free_pcp:5534 free_cma:8000 [ 3953.611285][ T5425] Node 0 active_anon:16900kB inactive_anon:0kB active_file:78684kB inactive_file:11708kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:54012kB dirty:124kB writeback:0kB shmem:3300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5720kB pagetables:2316kB sec_pagetables:8kB all_unreclaimable? no Balloon:0kB [ 3953.823616][ T5425] Node 0 DMA free:1343048kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16900kB inactive_anon:0kB active_file:78684kB inactive_file:11708kB unevictable:3072kB writepending:124kB zspages:0kB present:2097152kB managed:1690292kB mlocked:0kB bounce:0kB free_pcp:22136kB local_pcp:22132kB free_cma:32000kB [ 3953.955772][ T5425] lowmem_reserve[]: 0 0 0 0 0 [ 3953.986954][ T5425] Node 0 DMA: 82*4kB (UME) 2*8kB (ME) 1*16kB (E) 3*32kB (UME) 2*64kB (UE) 0*128kB 4*256kB (UMEC) 2*512kB (UE) 3*1024kB (UEC) 3*2048kB (MEC) 325*4096kB (MC) = 1343048kB [ 3954.348877][ T5425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3954.406461][ T5425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 3954.426303][ T5425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3954.462688][ T5425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 3954.496778][ T5425] 23419 total pagecache pages [ 3954.542928][ T5425] 0 pages in swap cache [ 3954.585514][ T5425] Free swap = 124996kB [ 3954.593299][ T5425] Total swap = 124996kB [ 3954.593977][ T5425] 524288 pages RAM [ 3954.594322][ T5425] 0 pages HighMem/MovableOnly [ 3954.594627][ T5425] 101715 pages reserved [ 3954.658149][ T5425] 8192 pages cma reserved [ 3954.672821][ T5425] 0 pages hwpoisoned [ 4231.684069][ T25] audit: type=1400 audit(4230.910:112): avc: denied { execute } for pid=5595 comm="syz.1.669" path=2F3332372F10FBFF67525673312B0104 dev="tmpfs" ino=1679 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 4526.904697][ T5800] kvm [5799]: Unsupported guest access at: eeef0000 [ 4526.904697][ T5800] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 4527.765588][ T5800] kvm [5800]: Failed to find VMA for hva 0x20d8d000 [ 4699.019535][ T5898] kvm [5898]: Failed to find VMA for hva 0x21016000 [ 4812.419002][ T5968] kvm [5967]: Unsupported guest access at: eeef0000 [ 4812.419002][ T5968] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 4922.695147][ T6044] kvm [6044]: Failed to find VMA for hva 0x21016000 [ 5199.379455][ T6211] FAULT_INJECTION: forcing a failure. [ 5199.379455][ T6211] name failslab, interval 1, probability 0, space 0, times 0 [ 5199.414792][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz.0.869 Not tainted syzkaller #0 PREEMPT [ 5199.415223][ T6211] Hardware name: linux,dummy-virt (DT) [ 5199.415343][ T6211] Call trace: [ 5199.415424][ T6211] show_stack+0x2c/0x3c (C) [ 5199.415822][ T6211] __dump_stack+0x30/0x40 [ 5199.416035][ T6211] dump_stack_lvl+0xd8/0x12c [ 5199.416254][ T6211] dump_stack+0x1c/0x28 [ 5199.416461][ T6211] should_fail_ex+0x570/0x6e0 [ 5199.416707][ T6211] should_failslab+0xb8/0xec [ 5199.416920][ T6211] __kmalloc_noprof+0xdc/0x668 [ 5199.417225][ T6211] tomoyo_realpath_from_path+0xdc/0x628 [ 5199.417545][ T6211] tomoyo_path_number_perm+0x13c/0x33c [ 5199.417823][ T6211] tomoyo_file_ioctl+0x2c/0x3c [ 5199.418027][ T6211] security_file_ioctl+0xe8/0x2f0 [ 5199.418263][ T6211] __arm64_sys_ioctl+0xd0/0x244 [ 5199.418505][ T6211] invoke_syscall+0x90/0x238 [ 5199.418799][ T6211] el0_svc_common+0x180/0x2f4 [ 5199.419081][ T6211] do_el0_svc+0x58/0x74 [ 5199.419371][ T6211] el0_svc+0x5c/0x234 [ 5199.419692][ T6211] el0t_64_sync_handler+0x84/0x12c [ 5199.419987][ T6211] el0t_64_sync+0x198/0x19c [ 5199.491352][ T6211] ERROR: Out of memory at tomoyo_realpath_from_path. [ 5233.180776][ T6225] FAULT_INJECTION: forcing a failure. [ 5233.180776][ T6225] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 5233.246569][ T6225] CPU: 0 UID: 0 PID: 6225 Comm: syz.1.874 Not tainted syzkaller #0 PREEMPT [ 5233.246956][ T6225] Hardware name: linux,dummy-virt (DT) [ 5233.247066][ T6225] Call trace: [ 5233.247163][ T6225] show_stack+0x2c/0x3c (C) [ 5233.247529][ T6225] __dump_stack+0x30/0x40 [ 5233.247782][ T6225] dump_stack_lvl+0xd8/0x12c [ 5233.247996][ T6225] dump_stack+0x1c/0x28 [ 5233.248213][ T6225] should_fail_ex+0x570/0x6e0 [ 5233.248446][ T6225] should_fail+0x14/0x24 [ 5233.248661][ T6225] should_fail_usercopy+0x20/0x30 [ 5233.248891][ T6225] _inline_copy_from_user+0x3c/0x18c [ 5233.249111][ T6225] kstrtouint_from_user+0x70/0xf8 [ 5233.249360][ T6225] proc_fail_nth_write+0x4c/0x20c [ 5233.249642][ T6225] vfs_write+0x2c0/0xb1c [ 5233.249897][ T6225] ksys_write+0x100/0x1f4 [ 5233.250161][ T6225] __arm64_sys_write+0x98/0xcc [ 5233.250421][ T6225] invoke_syscall+0x90/0x238 [ 5233.250706][ T6225] el0_svc_common+0x180/0x2f4 [ 5233.250983][ T6225] do_el0_svc+0x58/0x74 [ 5233.251278][ T6225] el0_svc+0x5c/0x234 [ 5233.251564][ T6225] el0t_64_sync_handler+0x84/0x12c [ 5233.251889][ T6225] el0t_64_sync+0x198/0x19c [ 5456.967483][ T6354] FAULT_INJECTION: forcing a failure. [ 5456.967483][ T6354] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 5456.968638][ T6354] CPU: 0 UID: 0 PID: 6354 Comm: syz.1.918 Not tainted syzkaller #0 PREEMPT [ 5456.968954][ T6354] Hardware name: linux,dummy-virt (DT) [ 5456.969060][ T6354] Call trace: [ 5456.969152][ T6354] show_stack+0x2c/0x3c (C) [ 5456.969520][ T6354] __dump_stack+0x30/0x40 [ 5456.969718][ T6354] dump_stack_lvl+0xd8/0x12c [ 5456.969915][ T6354] dump_stack+0x1c/0x28 [ 5456.970103][ T6354] should_fail_ex+0x570/0x6e0 [ 5456.970354][ T6354] should_fail_alloc_page+0xd4/0xd8 [ 5456.970580][ T6354] prepare_alloc_pages+0x20c/0x5e0 [ 5456.970871][ T6354] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 5456.971191][ T6354] alloc_pages_mpol+0x204/0x4c8 [ 5456.971500][ T6354] alloc_pages_noprof+0x104/0x2ec [ 5456.971819][ T6354] get_free_pages_noprof+0x1c/0xc4 [ 5456.972029][ T6354] selinux_genfs_get_sid+0x70/0x2c0 [ 5456.972311][ T6354] inode_doinit_with_dentry+0x754/0xb7c [ 5456.972624][ T6354] selinux_d_instantiate+0x30/0x48 [ 5456.972874][ T6354] security_d_instantiate+0xf8/0x1fc [ 5456.973112][ T6354] d_instantiate+0x68/0xb8 [ 5456.973390][ T6354] __debugfs_create_file+0x2ac/0x5dc [ 5456.973657][ T6354] debugfs_create_file_full+0x58/0x70 [ 5456.973926][ T6354] kvm_create_vm_debugfs+0x57c/0x7d0 [ 5456.974217][ T6354] kvm_dev_ioctl+0x974/0x13e0 [ 5456.974484][ T6354] __arm64_sys_ioctl+0x18c/0x244 [ 5456.974715][ T6354] invoke_syscall+0x90/0x238 [ 5456.974996][ T6354] el0_svc_common+0x180/0x2f4 [ 5456.975304][ T6354] do_el0_svc+0x58/0x74 [ 5456.975581][ T6354] el0_svc+0x5c/0x234 [ 5456.975897][ T6354] el0t_64_sync_handler+0x84/0x12c [ 5456.976215][ T6354] el0t_64_sync+0x198/0x19c [ 5567.409873][ T6432] FAULT_INJECTION: forcing a failure. [ 5567.409873][ T6432] name failslab, interval 1, probability 0, space 0, times 0 [ 5567.460627][ T6432] CPU: 0 UID: 0 PID: 6432 Comm: syz.0.942 Not tainted syzkaller #0 PREEMPT [ 5567.461023][ T6432] Hardware name: linux,dummy-virt (DT) [ 5567.461147][ T6432] Call trace: [ 5567.461235][ T6432] show_stack+0x2c/0x3c (C) [ 5567.461623][ T6432] __dump_stack+0x30/0x40 [ 5567.461833][ T6432] dump_stack_lvl+0xd8/0x12c [ 5567.462034][ T6432] dump_stack+0x1c/0x28 [ 5567.462242][ T6432] should_fail_ex+0x570/0x6e0 [ 5567.462492][ T6432] should_failslab+0xb8/0xec [ 5567.462710][ T6432] __kmalloc_cache_noprof+0x80/0x5b4 [ 5567.462997][ T6432] init_srcu_struct_fields+0x7c/0xe20 [ 5567.463296][ T6432] __init_srcu_struct+0x54/0x68 [ 5567.463580][ T6432] kvm_dev_ioctl+0x408/0x13e0 [ 5567.463877][ T6432] __arm64_sys_ioctl+0x18c/0x244 [ 5567.464106][ T6432] invoke_syscall+0x90/0x238 [ 5567.464419][ T6432] el0_svc_common+0x180/0x2f4 [ 5567.464699][ T6432] do_el0_svc+0x58/0x74 [ 5567.464969][ T6432] el0_svc+0x5c/0x234 [ 5567.465266][ T6432] el0t_64_sync_handler+0x84/0x12c [ 5567.465567][ T6432] el0t_64_sync+0x198/0x19c [ 5721.755594][ T6509] kvm [6509]: Failed to find VMA for hva 0x21016000 [ 5860.084338][ T6589] kvm [6589]: Failed to find VMA for hva 0x21016000 [ 5911.487553][ T6619] FAULT_INJECTION: forcing a failure. [ 5911.487553][ T6619] name failslab, interval 1, probability 0, space 0, times 0 [ 5911.506060][ T6619] CPU: 0 UID: 0 PID: 6619 Comm: syz.1.1003 Not tainted syzkaller #0 PREEMPT [ 5911.506481][ T6619] Hardware name: linux,dummy-virt (DT) [ 5911.506589][ T6619] Call trace: [ 5911.506669][ T6619] show_stack+0x2c/0x3c (C) [ 5911.507018][ T6619] __dump_stack+0x30/0x40 [ 5911.507245][ T6619] dump_stack_lvl+0xd8/0x12c [ 5911.507447][ T6619] dump_stack+0x1c/0x28 [ 5911.507640][ T6619] should_fail_ex+0x570/0x6e0 [ 5911.507906][ T6619] should_failslab+0xb8/0xec [ 5911.508139][ T6619] kmem_cache_alloc_lru_noprof+0x88/0x5ac [ 5911.508445][ T6619] __d_alloc+0x40/0x844 [ 5911.508689][ T6619] d_alloc_parallel+0x9c/0x1438 [ 5911.508944][ T6619] __lookup_slow+0xe0/0x388 [ 5911.509234][ T6619] lookup_noperm+0x134/0x280 [ 5911.509501][ T6619] simple_start_creating+0xc4/0x190 [ 5911.509783][ T6619] debugfs_start_creating+0x134/0x1b0 [ 5911.510055][ T6619] __debugfs_create_file+0x7c/0x5dc [ 5911.510341][ T6619] debugfs_create_file_full+0x58/0x70 [ 5911.510602][ T6619] kvm_create_vm_debugfs+0x57c/0x7d0 [ 5911.510869][ T6619] kvm_dev_ioctl+0x974/0x13e0 [ 5911.511119][ T6619] __arm64_sys_ioctl+0x18c/0x244 [ 5911.511380][ T6619] invoke_syscall+0x90/0x238 [ 5911.511714][ T6619] el0_svc_common+0x180/0x2f4 [ 5911.512007][ T6619] do_el0_svc+0x58/0x74 [ 5911.512318][ T6619] el0_svc+0x5c/0x234 [ 5911.512604][ T6619] el0t_64_sync_handler+0x84/0x12c [ 5911.512888][ T6619] el0t_64_sync+0x198/0x19c [ 5942.441325][ T6637] FAULT_INJECTION: forcing a failure. [ 5942.441325][ T6637] name failslab, interval 1, probability 0, space 0, times 0 [ 5942.493929][ T6637] CPU: 0 UID: 0 PID: 6637 Comm: syz.1.1010 Not tainted syzkaller #0 PREEMPT [ 5942.494336][ T6637] Hardware name: linux,dummy-virt (DT) [ 5942.494452][ T6637] Call trace: [ 5942.494539][ T6637] show_stack+0x2c/0x3c (C) [ 5942.494888][ T6637] __dump_stack+0x30/0x40 [ 5942.495086][ T6637] dump_stack_lvl+0xd8/0x12c [ 5942.495325][ T6637] dump_stack+0x1c/0x28 [ 5942.495519][ T6637] should_fail_ex+0x570/0x6e0 [ 5942.495773][ T6637] should_failslab+0xb8/0xec [ 5942.495999][ T6637] kmem_cache_alloc_noprof+0x84/0x5a8 [ 5942.496311][ T6637] security_inode_alloc+0x3c/0x354 [ 5942.496593][ T6637] inode_init_always_gfp+0xb48/0xfd4 [ 5942.496877][ T6637] alloc_inode+0x98/0x23c [ 5942.497161][ T6637] new_inode+0x2c/0x1c4 [ 5942.497448][ T6637] __debugfs_create_file+0x15c/0x5dc [ 5942.497713][ T6637] debugfs_create_file_full+0x58/0x70 [ 5942.497973][ T6637] kvm_create_vm_debugfs+0x57c/0x7d0 [ 5942.498261][ T6637] kvm_dev_ioctl+0x974/0x13e0 [ 5942.498514][ T6637] __arm64_sys_ioctl+0x18c/0x244 [ 5942.498732][ T6637] invoke_syscall+0x90/0x238 [ 5942.499011][ T6637] el0_svc_common+0x180/0x2f4 [ 5942.499315][ T6637] do_el0_svc+0x58/0x74 [ 5942.499587][ T6637] el0_svc+0x5c/0x234 [ 5942.499897][ T6637] el0t_64_sync_handler+0x84/0x12c [ 5942.500211][ T6637] el0t_64_sync+0x198/0x19c [ 5942.593346][ T6637] debugfs: out of free dentries, can not create file 'halt_poll_success_ns' [ 6040.584963][ T6702] FAULT_INJECTION: forcing a failure. [ 6040.584963][ T6702] name failslab, interval 1, probability 0, space 0, times 0 [ 6040.623924][ T6702] CPU: 0 UID: 0 PID: 6702 Comm: syz.1.1029 Not tainted syzkaller #0 PREEMPT [ 6040.624350][ T6702] Hardware name: linux,dummy-virt (DT) [ 6040.624465][ T6702] Call trace: [ 6040.624544][ T6702] show_stack+0x2c/0x3c (C) [ 6040.624889][ T6702] __dump_stack+0x30/0x40 [ 6040.625086][ T6702] dump_stack_lvl+0xd8/0x12c [ 6040.625315][ T6702] dump_stack+0x1c/0x28 [ 6040.625515][ T6702] should_fail_ex+0x570/0x6e0 [ 6040.625737][ T6702] should_failslab+0xb8/0xec [ 6040.625948][ T6702] __kmalloc_cache_noprof+0x80/0x5b4 [ 6040.626266][ T6702] kvm_create_vm_debugfs+0x43c/0x7d0 [ 6040.626541][ T6702] kvm_dev_ioctl+0x974/0x13e0 [ 6040.626794][ T6702] __arm64_sys_ioctl+0x18c/0x244 [ 6040.627022][ T6702] invoke_syscall+0x90/0x238 [ 6040.627337][ T6702] el0_svc_common+0x180/0x2f4 [ 6040.627624][ T6702] do_el0_svc+0x58/0x74 [ 6040.627940][ T6702] el0_svc+0x5c/0x234 [ 6040.628261][ T6702] el0t_64_sync_handler+0x84/0x12c [ 6040.628551][ T6702] el0t_64_sync+0x198/0x19c [ 6122.705787][ T6741] kvm [6741]: Failed to find VMA for hva 0x20be3000 [ 6266.511191][ T6836] kvm [6836]: Failed to find VMA for hva 0x20c01000 [ 6311.384449][ T25] audit: type=1400 audit(6310.620:113): avc: denied { ioctl } for pid=6863 comm="syz.1.1086" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=67679 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 6387.740990][ T6916] kvm [6915]: Unsupported guest access at: eeef0000 [ 6387.740990][ T6916] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 6388.466364][ T6916] kvm [6916]: Failed to find VMA for hva 0x20d8d000 [ 6784.499026][ T5471] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6786.354515][ T5471] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6788.105475][ T5471] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6789.800248][ T5471] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6810.001302][ T5471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6810.146323][ T5471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6810.238122][ T5471] bond0 (unregistering): Released all slaves [ 6812.235042][ T5471] hsr_slave_0: left promiscuous mode [ 6812.332687][ T5471] hsr_slave_1: left promiscuous mode [ 6812.889466][ T5471] veth1_macvtap: left promiscuous mode [ 6812.925133][ T5471] veth0_macvtap: left promiscuous mode [ 6812.934675][ T5471] veth1_vlan: left promiscuous mode [ 6812.946836][ T5471] veth0_vlan: left promiscuous mode [ 6820.048048][ T7206] kvm [7206]: Failed to find VMA for hva 0x20d8d000 [ 6884.225804][ T7181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6884.627786][ T7181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6914.886647][ T7181] hsr_slave_0: entered promiscuous mode [ 6914.941029][ T7181] hsr_slave_1: entered promiscuous mode [ 6937.184211][ T7181] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 6937.615231][ T7181] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 6937.958505][ T7181] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 6938.303966][ T7181] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 6962.088487][ T7181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7020.989583][ T7379] FAULT_INJECTION: forcing a failure. [ 7020.989583][ T7379] name failslab, interval 1, probability 0, space 0, times 0 [ 7021.045255][ T7379] CPU: 0 UID: 0 PID: 7379 Comm: syz.1.1211 Not tainted syzkaller #0 PREEMPT [ 7021.045657][ T7379] Hardware name: linux,dummy-virt (DT) [ 7021.045770][ T7379] Call trace: [ 7021.045849][ T7379] show_stack+0x2c/0x3c (C) [ 7021.046225][ T7379] __dump_stack+0x30/0x40 [ 7021.046445][ T7379] dump_stack_lvl+0xd8/0x12c [ 7021.046651][ T7379] dump_stack+0x1c/0x28 [ 7021.046842][ T7379] should_fail_ex+0x570/0x6e0 [ 7021.047063][ T7379] should_failslab+0xb8/0xec [ 7021.047303][ T7379] kmem_cache_alloc_noprof+0x84/0x5a8 [ 7021.047603][ T7379] security_inode_alloc+0x3c/0x354 [ 7021.047925][ T7379] inode_init_always_gfp+0xb48/0xfd4 [ 7021.048242][ T7379] alloc_inode+0x98/0x23c [ 7021.048536][ T7379] new_inode+0x2c/0x1c4 [ 7021.048815][ T7379] __debugfs_create_file+0x15c/0x5dc [ 7021.049082][ T7379] debugfs_create_file_full+0x58/0x70 [ 7021.049375][ T7379] kvm_create_vm_debugfs+0x57c/0x7d0 [ 7021.049646][ T7379] kvm_dev_ioctl+0x974/0x13e0 [ 7021.049898][ T7379] __arm64_sys_ioctl+0x18c/0x244 [ 7021.050131][ T7379] invoke_syscall+0x90/0x238 [ 7021.050427][ T7379] el0_svc_common+0x180/0x2f4 [ 7021.050707][ T7379] do_el0_svc+0x58/0x74 [ 7021.050975][ T7379] el0_svc+0x5c/0x234 [ 7021.051270][ T7379] el0t_64_sync_handler+0x84/0x12c [ 7021.051620][ T7379] el0t_64_sync+0x198/0x19c [ 7021.143265][ T7379] debugfs: out of free dentries, can not create file 'halt_wakeup' [ 7046.149738][ T7181] veth0_vlan: entered promiscuous mode [ 7046.698472][ T7181] veth1_vlan: entered promiscuous mode [ 7049.215851][ T7181] veth0_macvtap: entered promiscuous mode [ 7049.517492][ T7181] veth1_macvtap: entered promiscuous mode [ 7051.704132][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7051.723733][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7051.724672][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7051.725480][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7070.468614][ T7320] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7071.570974][ T7320] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7072.858305][ T7320] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7073.840362][ T7320] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7095.475028][ T7320] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7095.763258][ T7320] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7095.979655][ T7320] bond0 (unregistering): Released all slaves [ 7098.106253][ T7320] hsr_slave_0: left promiscuous mode [ 7098.219836][ T7320] hsr_slave_1: left promiscuous mode [ 7098.935249][ T7320] veth1_macvtap: left promiscuous mode [ 7098.973739][ T7320] veth0_macvtap: left promiscuous mode [ 7098.976932][ T7320] veth1_vlan: left promiscuous mode [ 7098.978478][ T7320] veth0_vlan: left promiscuous mode [ 7170.701192][ T7409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7171.108161][ T7409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7198.119031][ T7409] hsr_slave_0: entered promiscuous mode [ 7198.198189][ T7409] hsr_slave_1: entered promiscuous mode [ 7198.273863][ T7409] debugfs: 'hsr0' already exists in 'hsr' [ 7198.277067][ T7409] Cannot create hsr debugfs directory [ 7223.960858][ T7409] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7224.367081][ T7409] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7224.730521][ T7409] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7224.950461][ T7409] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7247.705119][ T7409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7343.564640][ T7409] veth0_vlan: entered promiscuous mode [ 7344.125211][ T7409] veth1_vlan: entered promiscuous mode [ 7347.057587][ T7409] veth0_macvtap: entered promiscuous mode [ 7347.489535][ T7409] veth1_macvtap: entered promiscuous mode [ 7350.449269][ T5471] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7350.450478][ T5471] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7350.461209][ T5471] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7350.478020][ T5471] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7361.281386][ T7636] FAULT_INJECTION: forcing a failure. [ 7361.281386][ T7636] name failslab, interval 1, probability 0, space 0, times 0 [ 7361.310309][ T7636] CPU: 0 UID: 0 PID: 7636 Comm: syz.1.1215 Not tainted syzkaller #0 PREEMPT [ 7361.310672][ T7636] Hardware name: linux,dummy-virt (DT) [ 7361.310783][ T7636] Call trace: [ 7361.310863][ T7636] show_stack+0x2c/0x3c (C) [ 7361.311236][ T7636] __dump_stack+0x30/0x40 [ 7361.311458][ T7636] dump_stack_lvl+0xd8/0x12c [ 7361.311698][ T7636] dump_stack+0x1c/0x28 [ 7361.311959][ T7636] should_fail_ex+0x570/0x6e0 [ 7361.312223][ T7636] should_failslab+0xb8/0xec [ 7361.312461][ T7636] kmem_cache_alloc_lru_noprof+0x88/0x5ac [ 7361.312794][ T7636] debugfs_alloc_inode+0x2c/0x3c [ 7361.313074][ T7636] alloc_inode+0x80/0x23c [ 7361.313490][ T7636] new_inode+0x2c/0x1c4 [ 7361.313780][ T7636] __debugfs_create_file+0x15c/0x5dc [ 7361.314146][ T7636] debugfs_create_file_full+0x58/0x70 [ 7361.314450][ T7636] kvm_create_vm_debugfs+0x57c/0x7d0 [ 7361.314829][ T7636] kvm_dev_ioctl+0x974/0x13e0 [ 7361.315169][ T7636] __arm64_sys_ioctl+0x18c/0x244 [ 7361.315506][ T7636] invoke_syscall+0x90/0x238 [ 7361.315862][ T7636] el0_svc_common+0x180/0x2f4 [ 7361.316262][ T7636] do_el0_svc+0x58/0x74 [ 7361.316587][ T7636] el0_svc+0x5c/0x234 [ 7361.316945][ T7636] el0t_64_sync_handler+0x84/0x12c [ 7361.317267][ T7636] el0t_64_sync+0x198/0x19c [ 7361.464656][ T7636] debugfs: out of free dentries, can not create file 'halt_wakeup' [ 7387.708496][ T7650] FAULT_INJECTION: forcing a failure. [ 7387.708496][ T7650] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 7387.733580][ T7650] CPU: 0 UID: 0 PID: 7650 Comm: syz.0.1248 Not tainted syzkaller #0 PREEMPT [ 7387.733967][ T7650] Hardware name: linux,dummy-virt (DT) [ 7387.734075][ T7650] Call trace: [ 7387.734178][ T7650] show_stack+0x2c/0x3c (C) [ 7387.734543][ T7650] __dump_stack+0x30/0x40 [ 7387.734745][ T7650] dump_stack_lvl+0xd8/0x12c [ 7387.734949][ T7650] dump_stack+0x1c/0x28 [ 7387.735171][ T7650] should_fail_ex+0x570/0x6e0 [ 7387.735419][ T7650] should_fail_alloc_page+0xd4/0xd8 [ 7387.735639][ T7650] prepare_alloc_pages+0x20c/0x5e0 [ 7387.735968][ T7650] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 7387.736303][ T7650] alloc_pages_mpol+0x204/0x4c8 [ 7387.736593][ T7650] alloc_pages_noprof+0x104/0x2ec [ 7387.736874][ T7650] get_free_pages_noprof+0x1c/0xc4 [ 7387.737072][ T7650] selinux_genfs_get_sid+0x70/0x2c0 [ 7387.737309][ T7650] inode_doinit_with_dentry+0x754/0xb7c [ 7387.737616][ T7650] selinux_d_instantiate+0x30/0x48 [ 7387.737858][ T7650] security_d_instantiate+0xf8/0x1fc [ 7387.738107][ T7650] d_instantiate+0x68/0xb8 [ 7387.738373][ T7650] __debugfs_create_file+0x2ac/0x5dc [ 7387.738639][ T7650] debugfs_create_file_full+0x58/0x70 [ 7387.738900][ T7650] kvm_create_vm_debugfs+0x57c/0x7d0 [ 7387.739183][ T7650] kvm_dev_ioctl+0x974/0x13e0 [ 7387.739454][ T7650] __arm64_sys_ioctl+0x18c/0x244 [ 7387.739706][ T7650] invoke_syscall+0x90/0x238 [ 7387.740006][ T7650] el0_svc_common+0x180/0x2f4 [ 7387.740323][ T7650] do_el0_svc+0x58/0x74 [ 7387.740599][ T7650] el0_svc+0x5c/0x234 [ 7387.740877][ T7650] el0t_64_sync_handler+0x84/0x12c [ 7387.741180][ T7650] el0t_64_sync+0x198/0x19c [ 7407.069494][ T7664] kvm [7662]: Unsupported guest access at: eeef0000 [ 7407.069494][ T7664] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 7407.975431][ T7664] kvm [7664]: Failed to find VMA for hva 0x20d8d000 [ 7892.626905][ T7983] kvm [7983]: Failed to find VMA for hva 0x21016000 [ 8031.606295][ T8078] FAULT_INJECTION: forcing a failure. [ 8031.606295][ T8078] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 8031.645358][ T8078] CPU: 0 UID: 0 PID: 8078 Comm: syz.1.1384 Not tainted syzkaller #0 PREEMPT [ 8031.645750][ T8078] Hardware name: linux,dummy-virt (DT) [ 8031.645858][ T8078] Call trace: [ 8031.645938][ T8078] show_stack+0x2c/0x3c (C) [ 8031.646318][ T8078] __dump_stack+0x30/0x40 [ 8031.646524][ T8078] dump_stack_lvl+0xd8/0x12c [ 8031.646729][ T8078] dump_stack+0x1c/0x28 [ 8031.646928][ T8078] should_fail_ex+0x570/0x6e0 [ 8031.647172][ T8078] should_fail_alloc_page+0xd4/0xd8 [ 8031.647413][ T8078] prepare_alloc_pages+0x20c/0x5e0 [ 8031.647744][ T8078] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 8031.648053][ T8078] alloc_pages_mpol+0x204/0x4c8 [ 8031.648370][ T8078] alloc_pages_noprof+0x104/0x2ec [ 8031.648655][ T8078] get_free_pages_noprof+0x1c/0xc4 [ 8031.648853][ T8078] selinux_genfs_get_sid+0x70/0x2c0 [ 8031.649058][ T8078] inode_doinit_with_dentry+0x754/0xb7c [ 8031.649378][ T8078] selinux_d_instantiate+0x30/0x48 [ 8031.649624][ T8078] security_d_instantiate+0xf8/0x1fc [ 8031.649861][ T8078] d_instantiate+0x68/0xb8 [ 8031.650121][ T8078] __debugfs_create_file+0x2ac/0x5dc [ 8031.650397][ T8078] debugfs_create_file_full+0x58/0x70 [ 8031.650664][ T8078] kvm_create_vm_debugfs+0x57c/0x7d0 [ 8031.650925][ T8078] kvm_dev_ioctl+0x974/0x13e0 [ 8031.651190][ T8078] __arm64_sys_ioctl+0x18c/0x244 [ 8031.651419][ T8078] invoke_syscall+0x90/0x238 [ 8031.651749][ T8078] el0_svc_common+0x180/0x2f4 [ 8031.652047][ T8078] do_el0_svc+0x58/0x74 [ 8031.652355][ T8078] el0_svc+0x5c/0x234 [ 8031.652644][ T8078] el0t_64_sync_handler+0x84/0x12c [ 8031.652931][ T8078] el0t_64_sync+0x198/0x19c [ 8058.457728][ T8095] FAULT_INJECTION: forcing a failure. [ 8058.457728][ T8095] name failslab, interval 1, probability 0, space 0, times 0 [ 8058.493390][ T8095] CPU: 0 UID: 0 PID: 8095 Comm: syz.0.1390 Not tainted syzkaller #0 PREEMPT [ 8058.493776][ T8095] Hardware name: linux,dummy-virt (DT) [ 8058.493883][ T8095] Call trace: [ 8058.493962][ T8095] show_stack+0x2c/0x3c (C) [ 8058.494355][ T8095] __dump_stack+0x30/0x40 [ 8058.494556][ T8095] dump_stack_lvl+0xd8/0x12c [ 8058.494750][ T8095] dump_stack+0x1c/0x28 [ 8058.494958][ T8095] should_fail_ex+0x570/0x6e0 [ 8058.495225][ T8095] should_failslab+0xb8/0xec [ 8058.495450][ T8095] __kmalloc_cache_noprof+0x80/0x5b4 [ 8058.495772][ T8095] kvm_create_vm_debugfs+0x43c/0x7d0 [ 8058.496045][ T8095] kvm_dev_ioctl+0x974/0x13e0 [ 8058.496335][ T8095] __arm64_sys_ioctl+0x18c/0x244 [ 8058.496558][ T8095] invoke_syscall+0x90/0x238 [ 8058.496842][ T8095] el0_svc_common+0x180/0x2f4 [ 8058.497130][ T8095] do_el0_svc+0x58/0x74 [ 8058.497412][ T8095] el0_svc+0x5c/0x234 [ 8058.497688][ T8095] el0t_64_sync_handler+0x84/0x12c [ 8058.497968][ T8095] el0t_64_sync+0x198/0x19c [ 8489.067485][ T8373] KVM: debugfs: duplicate directory 8373-5 [ 8787.605918][ T8580] debugfs: 'vgic-its-state@8080000' already exists in '8580-5' [ 9000.645938][ T8726] kvm [8726]: Failed to find VMA for hva 0x21016000 [ 9472.138043][ T9043] kvm [9043]: Failed to find VMA for hva 0x21016000 [ 9524.237856][ T9071] kvm [9071]: Failed to find VMA for hva 0x21016000 [ 9565.614884][ T9094] kvm [9094]: Failed to find VMA for hva 0x20c01000 [10915.538461][ T9992] Unable to handle kernel paging request at virtual address ffef800000000001 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [10915.618832][ T9992] KASAN: maybe wild-memory-access in range [0xff00000000000010-0xff0000000000001f] [10915.664808][ T9992] Mem abort info: [10915.683161][ T25] audit: type=1400 audit(10914.920:114): avc: denied { read } for pid=3126 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [10915.703664][ T9992] ESR = 0x0000000096000004 [10915.704523][ T9992] EC = 0x25: DABT (current EL), IL = 32 bits [10915.704963][ T9992] SET = 0, FnV = 0 [10915.705321][ T9992] EA = 0, S1PTW = 0 [10915.705648][ T9992] FSC = 0x04: level 0 translation fault [10915.706014][ T9992] Data abort info: [10915.706324][ T9992] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [10915.706678][ T9992] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [10915.707022][ T9992] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [10915.707551][ T9992] [ffef800000000001] address between user and kernel address ranges [10915.709341][ T9992] Internal error: Oops: 0000000096000004 [#1] SMP [10915.721853][ T9992] Modules linked in: [10915.723224][ T9992] CPU: 0 UID: 0 PID: 9992 Comm: syz.1.1986 Not tainted syzkaller #0 PREEMPT [10915.724893][ T9992] Hardware name: linux,dummy-virt (DT) [10915.726244][ T9992] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [10915.727924][ T9992] pc : vgic_its_save_tables_v0+0x3b0/0xe38 [10915.729342][ T9992] lr : vgic_its_save_tables_v0+0x308/0xe38 [10915.730665][ T9992] sp : ffff8000a08b7bf0 [10915.731567][ T9992] x29: ffff8000a08b7c70 x28: e8f000001da084f0 x27: 0000000000000000 [10915.733592][ T9992] x26: 00000000000000a3 x25: 4bf0000021c8b300 x24: 96f0000018f53540 [10915.735246][ T9992] x23: e8f000001da08438 x22: b9070000c0000600 x21: 61f0000018f535c0 [10915.736999][ T9992] x20: 68f0000018f53510 x19: efff800000000000 x18: 0000000000000000 [10915.738755][ T9992] x17: 00000000000000cb x16: ffff800080011d9c x15: 0000000020000300 [10915.740509][ T9992] x14: 0000000000000002 x13: fff000001216bb88 x12: 0ff0000000000001 [10915.742235][ T9992] x11: 0000000000000010 x10: 0000000000002000 x9 : 0000000000000000 [10915.744038][ T9992] x8 : 0001000000000000 x7 : ffff80008024c570 x6 : 0000000000000000 [10915.745675][ T9992] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080166870 [10915.747481][ T9992] x2 : a7f0000018f53600 x1 : 0000000000000000 x0 : 0000000000000000 [10915.749351][ T9992] Call trace: [10915.750227][ T9992] vgic_its_save_tables_v0+0x3b0/0xe38 (P) [10915.751584][ T9992] vgic_its_set_attr+0x65c/0x860 [10915.752743][ T9992] kvm_device_ioctl+0x354/0x418 [10915.753894][ T9992] __arm64_sys_ioctl+0x18c/0x244 [10915.755055][ T9992] invoke_syscall+0x90/0x238 [10915.756251][ T9992] el0_svc_common+0x180/0x2f4 [10915.757286][ T9992] do_el0_svc+0x58/0x74 [10915.758354][ T9992] el0_svc+0x5c/0x234 [10915.759390][ T9992] el0t_64_sync_handler+0x84/0x12c [10915.760604][ T9992] el0t_64_sync+0x198/0x19c [10915.762181][ T9992] Code: 9100412b b2481d69 d344fd2c d378fd69 (386c6a6c) [10915.764418][ T9992] ---[ end trace 0000000000000000 ]--- [10915.766187][ T9992] Kernel panic - not syncing: Oops: Fatal exception [10915.768395][ T9992] Kernel Offset: disabled [10915.769315][ T9992] CPU features: 0x000000,00034600,bef8cfa1,057ffe1f [10915.770703][ T9992] Memory Limit: none [10915.772578][ T9992] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:04:38 Registers: info registers vcpu 0 CPU#0 PC=ffff8000866728ac X00=0000000000000000 X01=ffff80008743f5f1 X02=0000000000000008 X03=0000000000000000 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff8000804404e0 X08=ffff8000866728a4 X09=0000000000000104 X10=0000000000ff0100 X11=ffff8000880cfa60 X12=0000000000000018 X13=0000000000000003 X14=00000000000aae60 X15=00000000000aae60 X16=00000000000000ae X17=00000000127ffda4 X18=aef000001e648090 X19=0000000000000008 X20=ffff800087963580 X21=96f000000dc01dc8 X22=0000000000000096 X23=0000000000000000 X24=18f000000d853088 X25=18f000000d851dc0 X26=ffff800087963580 X27=0000000000000018 X28=0000000000000028 X29=ffff80008c5c7d10 X30=ffff8000805ad8cc SP=ffff80008c5c7d00 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ffffdf6556c0:2a3f1a57d457a400 Z02=0000ffffdf6556a0:ffffff80ffffffd8 Z03=0000ffffdf655750:0000ffffdf655750 Z04=0000ffffdf655750:0000ffffa7538a48 Z05=0000ffffdf655720:0000ffffdf655750 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffdf655970:0000ffffdf655970 Z17=ffffff80ffffffd0:0000ffffdf655940 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000