last executing test programs: 45.364480149s ago: executing program 0 (id=1120): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x6030000000138065}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x288}}, @code={0xa, 0xe4, {"e0bc83d20080b0f2410180d2420080d2e30080d2a40080d2020000d460178ed20060b0f2010180d2420080d2630180d2440080d2020000d4007008d5801f85d20060b0f2c10180d2620180d2230180d2440180d2020000d4402985d200c0b8f2e10080d2a20080d2030080d2040080d2020000d4a0199dd20020b8f2210180d2420080d2c30180d2240180d2020000d4201199d20060b0f2210080d2820180d2830080d2840080d2020000d4000028d5007008d540089dd20020b0f2e10080d2420080d2030080d2e40080d2020000d4"}}, @uexit={0x0, 0x18, 0x7ff}], 0x144}, &(0x7f00000001c0)=[@featur2], 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(r2) (async) r3 = eventfd2(0x0, 0x80800) (async, rerun: 64) r4 = eventfd2(0x7, 0x800) (rerun: 64) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r3, 0x7, 0x0, r4}) syz_kvm_vgic_v3_setup(r2, 0x3, 0x3a0) write$eventfd(r3, &(0x7f0000000280)=0xc4a, 0x8) eventfd2(0x40, 0x180800) (async, rerun: 32) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000002c0)={0xffffffffffffffff, 0xffff, 0x1, r4}) (async, rerun: 32) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async) write$eventfd(r4, &(0x7f0000000300)=0x80000001, 0x8) (async, rerun: 32) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (rerun: 32) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000340)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x8}) (async) ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f0000000380)={0x6, [0x6895, 0xb, 0x4a9, 0x2, 0x7, 0x2]}) (async) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000b00)=ANY=[@ANYBLOB="09000000000000000b000000000000000900000000000000090000000000000009000000000000000700000000000000ffff0000000000008100000000000000010000001c000000090000000000000073299183576ef44e3215a9e399aa0bf9bd4ed13fbfcf0b97328c14f7d9cf66a614e5e124e752c4b472f0bc79569d1990845cc2e0dde2ec9f94452b3e2e69df92d9144fc4a66cb8245fd7e46bcee32e85cc15420cdbeb7baad7dd439e3aa67ee90747ca3cd7cbc2c02bf0df6d8d62de5d3a3c1ed245f5c02cf6609db6e254471c19a6509bd5c1cc0426bc57c1a5c2eeb0f867827c7e84ec9d4965695081d7ad536410de1e4b07ee086bb49f919e87e7fdd4d81fa9a2c0efeb6205c03a328b843fcd421627999561"]) (async) close(r6) (async, rerun: 64) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000440)={r3, 0x7, 0x0, r4}) (async, rerun: 64) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000480)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000500)=@attr_other={0x0, 0x50c6, 0x5, &(0x7f00000004c0)=0x3}) (async) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000540)={0xf000, 0x8080000, 0xfffffc01, 0x0, 0x80000001}) (async) r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000980)={0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1e00000000000000400000000000000080000000001600008100000000000000010000000000000001000000000000000400000000000000ff0700000000000046000000000000001800000000000000000000007003000000000000000000001800000000000000080000000000000000000000000000001800000000000000050000000000000000000000000000001800000000000000010000000000000032000000000000004000000000000000010000c4000000000000000000000000a0ce000000000000fffffeffffffffff03000000000000000400000000000000000000000000000018000000000000000700000000000000140000000000000020000000000000008e0000000000000039000000000000000a000000000000008400000000000000000008d5007008d5000028d5010000000020b0f2410180d2c20180d2030080d2a40080d2020000d4000008d500a8302e00f4006f000840f8c02b82d20000b8f2810080d2a20080d2c30080d2c40180d2020000d440589bd200e0b0f2810180d2020180d2a30080d2440180d2020000d4c0035fd6140000000000000020000000000000009c801300000030600001000000000000be00000000000000180000000000000018c013000000306032000000000000004000000000000000000000310000000001000000000000000400000000000000020000000000000001000000000000000b00000000000000000000000000000018000000000000000400000000000000be0000000000000018000000000000005d801300000030601e0000000000000040000000000000000008000000000000eecb000000000000060000000000000003000000000000000200000000000000030000000000000032000000000000004000000000000000000000060000000006000000000000000300000000000000060000000000000002000000000000000100000000000000000000000000000018000000000000003200000000000000aa0000000000000028000000000000000a0103000000100000000200000002000000040000000000460000000000000018000000000000000300000091020000be0000000000000018000000000000006c2a6430167dca41aa0000000000000028000000000000000b0103000000050000000900000001000000040000000000"], 0x35c}, &(0x7f00000009c0)=[@featur1={0x1, 0x25}], 0x1) ioctl$KVM_ARM_PREFERRED_TARGET(r8, 0x8020aeaf, &(0x7f0000000a00)) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000a40)={0x0, 0x41}) (async, rerun: 64) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000ac0)=@attr_other={0x0, 0x2, 0x10001, &(0x7f0000000a80)=0x1}) 43.303904866s ago: executing program 1 (id=1121): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0xffff, 0x0}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x226241, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000180000000000000000000000000000001400000000000000200000000000000058df1300000030601f4a000000000000aa00000000000000280000000000000004010100000002000000070000000b0000000000000000000a000000000000006c0000000000000000c0600d007008d5006d9ed20060b8f2010180d2a20180d28301a0c1c32de6a04a0c6bd4000028d50004005f0084007f007c009b008c007f0000200b80a881d200c0b0f2a10180d2c20180d2e30180d2240080d2020000d4c0035fd6aa0000000000000028000000000000000101020000000c00000002000000030000000200000000004600000000000000180000000000000003000000a20200008200000000000000280000000000000002000000000000000200000000000000ab030000000000000a00000000000000840000000000000060f18ed200e0b8f2010180d2c20180d2430080d2840080d2020000d41f0000ab80c19fd20080b0f2c10180d2620080d2630180d2c40080d2020000d4007008d520959fd20060b8f2410180d2c20180d2430180d2c40080d2020000d4008008d5007008d5007008d5001c200e0000639ec0035fd646000000000000001800000000000000040000004c0300001e000000000000004000000000000000200000c50000000009000000000000004c1f0000000000000800000000000000060000000000000003000000000000008200000000000000280000000000000000000000000000000400000000000000ee01000000000000140000000000000020000000000000007e80130000003060ffffffffffffff7f14000000000000002000000000000000e2dc13000000306004000000000000001e0000000000000040000000000000000000000200000000010000000000000009000000000000000600000000000000000000000000000003000000000000004600000000000000180000000000000000000000550100006e0000000000000030000000000000000030000000000000a50c000000000000090000000000000069b3a71cd5a48be31e000000000000004000000000000000010000c40000000008000000000000000900000000000000040000000000000003000000000000000400000000000000aa0000000000000028000000000000000800030000000a000000ee0a0000040000000100000000004600000000000000180000000000000000000000fd00000000000000000000001800000000000000020000000000000000000000000000001800000000000000ffffffffffffff7f000000000000000018000000000000000600000000000000"], 0x3c8}, &(0x7f0000000500), 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r6, 0x1000007, 0x2012, r8, 0x0) 39.792445778s ago: executing program 0 (id=1122): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x4003831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x3000007, 0x2012, r2, 0x80100) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x2000007, 0x2012, r2, 0x0) 33.417627715s ago: executing program 1 (id=1123): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r5, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x1f0000000000) syz_kvm_assert_syzos_uexit$arm64(r5, 0xfffffffffffffffe) 32.071611296s ago: executing program 0 (id=1124): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"201003d5"}}], 0x18}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000080)={0x5, 0x19}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000000)=@arm64_sve={0x6080000000150220, 0x0}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f00000001c0)={0x1, 0x20}) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r3, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x28542, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0x80111500, 0x20000000) write$eventfd(r10, &(0x7f0000000000), 0xfffffdef) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x2, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x5, &(0x7f0000000140)=0x3}) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) syz_kvm_assert_syzos_uexit$arm64(r8, 0xaaaa) ioctl$KVM_RUN(r3, 0xae80, 0x0) 23.853898559s ago: executing program 1 (id=1125): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0, 0x40}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000a24000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0xc}], 0x1) (fail_nth: 1) 20.270951561s ago: executing program 0 (id=1126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xa00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0xf}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_init) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.510116065s ago: executing program 1 (id=1127): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) 12.132366773s ago: executing program 0 (id=1128): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r1, 0x200000e, 0x4000030, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x8000000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r5, 0xc018aec0, &(0x7f00000000c0)={0x1}) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) r6 = mmap$KVM_VCPU(&(0x7f00006b5000/0x2000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, 0x0, 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100014, 0xfffffffffffffffe}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000100)=0x6}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r10, 0x300000f, 0x32, 0xffffffffffffffff, 0x0) 11.141450346s ago: executing program 1 (id=1129): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) munmap(&(0x7f0000d9e000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000d9e000/0x1000)=nil, 0x1000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013e682}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x48000000, 0xfffffffffffffeff, 0x2, 0x84]}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013e719}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1c1}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x259}}, @code={0xa, 0x6c, {"00c8a12e000028d500a4202e008008d5000008d5606f87d20080b8f2a10180d2a20180d2430080d2240180d2020000d40090802f0080601f000008d520a299d200a0b8f2610080d2420180d2e30080d2c40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x1, 0x3}}, @msr={0x14, 0x20, {0x603000000013c024, 0x325}}, @msr={0x14, 0x20, {0x603000000013c641, 0x7}}, @uexit={0x0, 0x18, 0x40}, @irq_setup={0x46, 0x18, {0x2, 0x14b}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x6030000000139828, 0x6}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x2ed}}], 0x244}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0x45}], 0x1) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013e682}}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x48000000, 0xfffffffffffffeff, 0x2, 0x84]}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013e719}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1c1}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x259}}, @code={0xa, 0x6c, {"00c8a12e000028d500a4202e008008d5000008d5606f87d20080b8f2a10180d2a20180d2430080d2240180d2020000d40090802f0080601f000008d520a299d200a0b8f2610080d2420180d2e30080d2c40180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x1, 0x3}}, @msr={0x14, 0x20, {0x603000000013c024, 0x325}}, @msr={0x14, 0x20, {0x603000000013c641, 0x7}}, @uexit={0x0, 0x18, 0x40}, @irq_setup={0x46, 0x18, {0x2, 0x14b}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x6030000000139828, 0x6}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x2ed}}], 0x244}], 0x1, 0x0, &(0x7f0000000040)=[@featur1={0x1, 0x45}], 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x3, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x4, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x80}], 0x1, 0x0, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000140)="35ba658a487c56a9b3c733e04dbc9a2602665880657dc5795938a05f27678beaaa1190a991836e6df402212c0e24869be420ac2b073ae31514997c7e6357f8fa9585dfbbca1ff9a6", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x101071, 0x0) (async) r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x101071, 0x0) ioctl$KVM_CREATE_VM(r8, 0x40305839, 0xf0ff1f00000000) (async) ioctl$KVM_CREATE_VM(r8, 0x40305839, 0xf0ff1f00000000) ioctl$KVM_RUN(r3, 0xae80, 0x0) eventfd2(0x8001, 0x0) (async) r9 = eventfd2(0x8001, 0x0) write$eventfd(r9, &(0x7f0000000000)=0xfffffffffffffffb, 0x8) write$eventfd(r9, &(0x7f0000000000)=0x89ef, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.224369196s ago: executing program 0 (id=1130): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000000000000000000000100000000000000010000000000000001", @ANYRESOCT=r0], 0x28}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) r7 = eventfd2(0x0, 0x0) close(r7) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) write$eventfd(r7, &(0x7f0000000100), 0x8) (async) mmap$KVM_VCPU(&(0x7f0000004000/0x4000)=nil, r8, 0x467af21e7c8bde0a, 0x4000010, r4, 0x0) (async) r9 = mmap$KVM_VCPU(&(0x7f0000f75000/0x1000)=nil, r8, 0x280000f, 0x11, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000240)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x200000d, 0x8010, 0xffffffffffffffff, 0x0) (async) r10 = eventfd2(0xfffffffe, 0x0) close(r10) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async) write$eventfd(r10, &(0x7f0000000000), 0xfffffe1e) r11 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000200)=@attr_other={0x0, 0x9, 0x3, &(0x7f00000001c0)=0x9}) 0s ago: executing program 1 (id=1131): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000180)={0x8, 0x7ff}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r4 = eventfd2(0xc0, 0x80000) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000100)={0x6, 0x8000000, 0x8, r4}) write$eventfd(r4, &(0x7f0000000000)=0x8, 0x8) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xcb) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) kernel console output (not intermixed with test programs): [ 396.666787][ T3129] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:54072' (ED25519) to the list of known hosts. [ 564.462524][ T25] audit: type=1400 audit(563.670:59): avc: denied { name_bind } for pid=3285 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 565.366557][ T25] audit: type=1400 audit(564.570:60): avc: denied { execute } for pid=3286 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 565.391582][ T25] audit: type=1400 audit(564.590:61): avc: denied { execute_no_trans } for pid=3286 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 588.577780][ T25] audit: type=1400 audit(587.790:62): avc: denied { mounton } for pid=3286 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 588.610735][ T25] audit: type=1400 audit(587.820:63): avc: denied { mount } for pid=3286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 588.701213][ T3286] cgroup: Unknown subsys name 'net' [ 588.749417][ T25] audit: type=1400 audit(587.960:64): avc: denied { unmount } for pid=3286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 589.191625][ T3286] cgroup: Unknown subsys name 'cpuset' [ 589.289027][ T3286] cgroup: Unknown subsys name 'rlimit' [ 590.270221][ T25] audit: type=1400 audit(589.480:65): avc: denied { setattr } for pid=3286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 590.298882][ T25] audit: type=1400 audit(589.510:66): avc: denied { create } for pid=3286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 590.315212][ T25] audit: type=1400 audit(589.520:67): avc: denied { write } for pid=3286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 590.339155][ T25] audit: type=1400 audit(589.550:68): avc: denied { module_request } for pid=3286 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 590.841278][ T25] audit: type=1400 audit(590.050:69): avc: denied { read } for pid=3286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 590.899064][ T25] audit: type=1400 audit(590.100:70): avc: denied { mounton } for pid=3286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 590.917246][ T25] audit: type=1400 audit(590.120:71): avc: denied { mount } for pid=3286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 592.081313][ T3290] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 592.320091][ T3286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 636.928630][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 636.938796][ T25] audit: type=1400 audit(636.140:76): avc: denied { execmem } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 713.635686][ T25] audit: type=1400 audit(712.840:77): avc: denied { read } for pid=3298 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 713.677960][ T25] audit: type=1400 audit(712.890:78): avc: denied { open } for pid=3298 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 713.739039][ T25] audit: type=1400 audit(712.930:79): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 715.042418][ T25] audit: type=1400 audit(714.250:80): avc: denied { sys_module } for pid=3298 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 738.221213][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.347574][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.608128][ T3299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 739.738367][ T3299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 750.301522][ T3298] hsr_slave_0: entered promiscuous mode [ 750.360759][ T3298] hsr_slave_1: entered promiscuous mode [ 752.396343][ T3299] hsr_slave_0: entered promiscuous mode [ 752.429358][ T3299] hsr_slave_1: entered promiscuous mode [ 752.455021][ T3299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 752.459748][ T3299] Cannot create hsr debugfs directory [ 761.291273][ T3298] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 761.729180][ T3298] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 761.948823][ T3298] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 762.265239][ T3298] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 763.438632][ T3299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 763.551945][ T3299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 763.679625][ T3299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 763.741848][ T3299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 776.656836][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 777.800912][ T3299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 831.768910][ T3298] veth0_vlan: entered promiscuous mode [ 832.309415][ T3298] veth1_vlan: entered promiscuous mode [ 833.486935][ T3299] veth0_vlan: entered promiscuous mode [ 834.282107][ T3299] veth1_vlan: entered promiscuous mode [ 834.369396][ T3298] veth0_macvtap: entered promiscuous mode [ 834.800987][ T3298] veth1_macvtap: entered promiscuous mode [ 836.626169][ T3299] veth0_macvtap: entered promiscuous mode [ 836.861327][ T3298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.925453][ T3298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.939383][ T3298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.964585][ T3298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 837.289803][ T3299] veth1_macvtap: entered promiscuous mode [ 839.437148][ T25] audit: type=1400 audit(838.630:81): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 839.710967][ T25] audit: type=1400 audit(838.920:82): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.T5kFNA/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 839.862195][ T25] audit: type=1400 audit(839.070:83): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 839.932344][ T3299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 839.946271][ T3299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 839.957569][ T3299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 839.976025][ T3299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.361146][ T25] audit: type=1400 audit(839.570:84): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.T5kFNA/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 840.521666][ T25] audit: type=1400 audit(839.730:85): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/syzkaller.T5kFNA/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 841.086106][ T25] audit: type=1400 audit(840.290:86): avc: denied { unmount } for pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 841.255244][ T25] audit: type=1400 audit(840.450:87): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 841.392394][ T25] audit: type=1400 audit(840.600:88): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=3275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 841.717458][ T25] audit: type=1400 audit(840.920:89): avc: denied { mount } for pid=3298 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 841.959275][ T25] audit: type=1400 audit(841.170:90): avc: denied { mounton } for pid=3298 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 842.861600][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 852.355543][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 852.361391][ T25] audit: type=1400 audit(851.560:95): avc: denied { read } for pid=3443 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 852.439166][ T25] audit: type=1400 audit(851.620:96): avc: denied { open } for pid=3443 comm="syz.1.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 852.925760][ T25] audit: type=1400 audit(852.130:97): avc: denied { ioctl } for pid=3443 comm="syz.1.3" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 857.311180][ T25] audit: type=1400 audit(856.520:98): avc: denied { write } for pid=3448 comm="syz.1.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 857.727348][ T25] audit: type=1400 audit(856.930:99): avc: denied { map } for pid=3448 comm="syz.1.5" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 857.754660][ T25] audit: type=1400 audit(856.960:100): avc: denied { execute } for pid=3448 comm="syz.1.5" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 899.526528][ T25] audit: type=1400 audit(898.730:101): avc: denied { execute } for pid=3481 comm="syz.1.21" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3433 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 962.416138][ T25] audit: type=1400 audit(961.610:102): avc: denied { setattr } for pid=3530 comm="syz.1.46" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1018.984825][ T25] audit: type=1400 audit(1018.180:103): avc: denied { append } for pid=3574 comm="syz.1.68" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1450.774266][ T25] audit: type=1400 audit(1449.900:104): avc: denied { map } for pid=3876 comm="syz.1.192" path="pipe:[2414]" dev="pipefs" ino=2414 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1498.334518][ T25] audit: type=1400 audit(1497.520:105): avc: denied { ioctl } for pid=3907 comm="syz.1.204" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2473.988481][ T4575] kvm [4575]: Failed to find VMA for hva 0x21016000 [ 2951.792674][ T4888] kvm [4888]: Failed to find VMA for hva 0x20fcc000 [ 3365.909021][ T25] audit: type=1400 audit(3365.100:106): avc: denied { execute } for pid=5138 comm="syz.0.657" path=2F3332392FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=1674 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 3811.356566][ T5422] kvm [5422]: Failed to find VMA for hva 0x21016000 [ 3849.731042][ T5445] kvm [5445]: Failed to find VMA for hva 0x21016000 [ 3849.896857][ T5445] kvm [5445]: Failed to find VMA for hva 0x21016000 [ 3955.601225][ T5509] KVM: debugfs: duplicate directory 5509-5 [ 4307.677918][ T5709] FAULT_INJECTION: forcing a failure. [ 4307.677918][ T5709] name failslab, interval 1, probability 0, space 0, times 1 [ 4307.743509][ T5709] CPU: 0 UID: 0 PID: 5709 Comm: syz.0.877 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4307.744167][ T5709] Hardware name: linux,dummy-virt (DT) [ 4307.744640][ T5709] Call trace: [ 4307.745064][ T5709] show_stack+0x2c/0x3c (C) [ 4307.746947][ T5709] __dump_stack+0x30/0x40 [ 4307.747254][ T5709] dump_stack_lvl+0xd8/0x12c [ 4307.747480][ T5709] dump_stack+0x1c/0x28 [ 4307.747681][ T5709] should_fail_ex+0x570/0x6e0 [ 4307.747978][ T5709] should_failslab+0xb8/0xec [ 4307.748270][ T5709] kmem_cache_alloc_noprof+0x80/0x3f0 [ 4307.748532][ T5709] vm_area_dup+0x34/0x788 [ 4307.748815][ T5709] __split_vma+0x1c4/0xaac [ 4307.749109][ T5709] vms_gather_munmap_vmas+0x2d4/0x148c [ 4307.749369][ T5709] mmap_region+0x448/0x1be0 [ 4307.749623][ T5709] do_mmap+0xa1c/0xf10 [ 4307.749835][ T5709] vm_mmap_pgoff+0x274/0x3cc [ 4307.750081][ T5709] ksys_mmap_pgoff+0x3a4/0x448 [ 4307.750303][ T5709] __arm64_sys_mmap+0x13c/0x198 [ 4307.750578][ T5709] invoke_syscall+0x90/0x2b4 [ 4307.750883][ T5709] el0_svc_common+0x180/0x2f4 [ 4307.751180][ T5709] do_el0_svc+0x58/0x74 [ 4307.751449][ T5709] el0_svc+0x58/0x134 [ 4307.751739][ T5709] el0t_64_sync_handler+0x78/0x108 [ 4307.752048][ T5709] el0t_64_sync+0x198/0x19c [ 4322.927506][ T5720] FAULT_INJECTION: forcing a failure. [ 4322.927506][ T5720] name failslab, interval 1, probability 0, space 0, times 0 [ 4322.975971][ T5720] CPU: 0 UID: 0 PID: 5720 Comm: syz.0.881 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4322.976332][ T5720] Hardware name: linux,dummy-virt (DT) [ 4322.976450][ T5720] Call trace: [ 4322.976532][ T5720] show_stack+0x2c/0x3c (C) [ 4322.976933][ T5720] __dump_stack+0x30/0x40 [ 4322.977165][ T5720] dump_stack_lvl+0xd8/0x12c [ 4322.977371][ T5720] dump_stack+0x1c/0x28 [ 4322.977560][ T5720] should_fail_ex+0x570/0x6e0 [ 4322.977827][ T5720] should_failslab+0xb8/0xec [ 4322.978140][ T5720] kmem_cache_alloc_noprof+0x80/0x3f0 [ 4322.978417][ T5720] getname_flags+0xe4/0x460 [ 4322.978646][ T5720] do_sys_openat2+0x68/0x158 [ 4322.978844][ T5720] __arm64_sys_openat+0x154/0x1b8 [ 4322.979072][ T5720] invoke_syscall+0x90/0x2b4 [ 4322.979355][ T5720] el0_svc_common+0x180/0x2f4 [ 4322.979624][ T5720] do_el0_svc+0x58/0x74 [ 4322.979905][ T5720] el0_svc+0x58/0x134 [ 4322.980203][ T5720] el0t_64_sync_handler+0x78/0x108 [ 4322.980489][ T5720] el0t_64_sync+0x198/0x19c [ 4349.199618][ T5739] FAULT_INJECTION: forcing a failure. [ 4349.199618][ T5739] name failslab, interval 1, probability 0, space 0, times 0 [ 4349.210427][ T5739] CPU: 0 UID: 0 PID: 5739 Comm: syz.0.887 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4349.210779][ T5739] Hardware name: linux,dummy-virt (DT) [ 4349.210916][ T5739] Call trace: [ 4349.211010][ T5739] show_stack+0x2c/0x3c (C) [ 4349.211357][ T5739] __dump_stack+0x30/0x40 [ 4349.211564][ T5739] dump_stack_lvl+0xd8/0x12c [ 4349.211761][ T5739] dump_stack+0x1c/0x28 [ 4349.211983][ T5739] should_fail_ex+0x570/0x6e0 [ 4349.212263][ T5739] should_failslab+0xb8/0xec [ 4349.212543][ T5739] __kmalloc_noprof+0xdc/0x4b8 [ 4349.212850][ T5739] tomoyo_realpath_from_path+0xdc/0x628 [ 4349.213137][ T5739] tomoyo_path_number_perm+0x13c/0x33c [ 4349.213359][ T5739] tomoyo_file_ioctl+0x2c/0x3c [ 4349.213599][ T5739] security_file_ioctl+0xe8/0x2f0 [ 4349.213852][ T5739] __arm64_sys_ioctl+0xd0/0x244 [ 4349.214171][ T5739] invoke_syscall+0x90/0x2b4 [ 4349.214446][ T5739] el0_svc_common+0x180/0x2f4 [ 4349.214719][ T5739] do_el0_svc+0x58/0x74 [ 4349.215010][ T5739] el0_svc+0x58/0x134 [ 4349.215298][ T5739] el0t_64_sync_handler+0x78/0x108 [ 4349.215579][ T5739] el0t_64_sync+0x198/0x19c [ 4349.345412][ T5739] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4405.151427][ T5775] FAULT_INJECTION: forcing a failure. [ 4405.151427][ T5775] name failslab, interval 1, probability 0, space 0, times 0 [ 4405.171812][ T5775] CPU: 0 UID: 0 PID: 5775 Comm: syz.1.898 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4405.172185][ T5775] Hardware name: linux,dummy-virt (DT) [ 4405.172302][ T5775] Call trace: [ 4405.172385][ T5775] show_stack+0x2c/0x3c (C) [ 4405.172754][ T5775] __dump_stack+0x30/0x40 [ 4405.173001][ T5775] dump_stack_lvl+0xd8/0x12c [ 4405.173218][ T5775] dump_stack+0x1c/0x28 [ 4405.173412][ T5775] should_fail_ex+0x570/0x6e0 [ 4405.173682][ T5775] should_failslab+0xb8/0xec [ 4405.173975][ T5775] __kmalloc_noprof+0xdc/0x4b8 [ 4405.174252][ T5775] tomoyo_encode+0x27c/0x4ec [ 4405.174496][ T5775] tomoyo_realpath_from_path+0x5bc/0x628 [ 4405.174743][ T5775] tomoyo_path_number_perm+0x13c/0x33c [ 4405.174977][ T5775] tomoyo_file_ioctl+0x2c/0x3c [ 4405.175236][ T5775] security_file_ioctl+0xe8/0x2f0 [ 4405.175497][ T5775] __arm64_sys_ioctl+0xd0/0x244 [ 4405.175784][ T5775] invoke_syscall+0x90/0x2b4 [ 4405.176077][ T5775] el0_svc_common+0x180/0x2f4 [ 4405.176361][ T5775] do_el0_svc+0x58/0x74 [ 4405.176625][ T5775] el0_svc+0x58/0x134 [ 4405.176946][ T5775] el0t_64_sync_handler+0x78/0x108 [ 4405.177251][ T5775] el0t_64_sync+0x198/0x19c [ 4405.337257][ T5775] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4420.140423][ T5784] FAULT_INJECTION: forcing a failure. [ 4420.140423][ T5784] name failslab, interval 1, probability 0, space 0, times 0 [ 4420.176567][ T5784] CPU: 0 UID: 0 PID: 5784 Comm: syz.1.902 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4420.176974][ T5784] Hardware name: linux,dummy-virt (DT) [ 4420.177100][ T5784] Call trace: [ 4420.177185][ T5784] show_stack+0x2c/0x3c (C) [ 4420.177531][ T5784] __dump_stack+0x30/0x40 [ 4420.177729][ T5784] dump_stack_lvl+0xd8/0x12c [ 4420.177942][ T5784] dump_stack+0x1c/0x28 [ 4420.178141][ T5784] should_fail_ex+0x570/0x6e0 [ 4420.178413][ T5784] should_failslab+0xb8/0xec [ 4420.178684][ T5784] __kmalloc_noprof+0xdc/0x4b8 [ 4420.178965][ T5784] tomoyo_encode+0x27c/0x4ec [ 4420.179205][ T5784] tomoyo_realpath_from_path+0x5bc/0x628 [ 4420.179447][ T5784] tomoyo_path_number_perm+0x13c/0x33c [ 4420.179662][ T5784] tomoyo_file_ioctl+0x2c/0x3c [ 4420.179914][ T5784] security_file_ioctl+0xe8/0x2f0 [ 4420.180193][ T5784] __arm64_sys_ioctl+0xd0/0x244 [ 4420.180487][ T5784] invoke_syscall+0x90/0x2b4 [ 4420.180797][ T5784] el0_svc_common+0x180/0x2f4 [ 4420.181099][ T5784] do_el0_svc+0x58/0x74 [ 4420.181365][ T5784] el0_svc+0x58/0x134 [ 4420.181640][ T5784] el0t_64_sync_handler+0x78/0x108 [ 4420.181938][ T5784] el0t_64_sync+0x198/0x19c [ 4420.270030][ T5784] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4433.818466][ T5792] FAULT_INJECTION: forcing a failure. [ 4433.818466][ T5792] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 4433.845298][ T5792] CPU: 0 UID: 0 PID: 5792 Comm: syz.0.905 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4433.845649][ T5792] Hardware name: linux,dummy-virt (DT) [ 4433.845762][ T5792] Call trace: [ 4433.845844][ T5792] show_stack+0x2c/0x3c (C) [ 4433.846220][ T5792] __dump_stack+0x30/0x40 [ 4433.846424][ T5792] dump_stack_lvl+0xd8/0x12c [ 4433.846621][ T5792] dump_stack+0x1c/0x28 [ 4433.846819][ T5792] should_fail_ex+0x570/0x6e0 [ 4433.847119][ T5792] should_fail+0x14/0x24 [ 4433.847382][ T5792] should_fail_usercopy+0x20/0x30 [ 4433.847664][ T5792] simple_read_from_buffer+0xd0/0x298 [ 4433.847936][ T5792] proc_fail_nth_read+0x114/0x178 [ 4433.848178][ T5792] vfs_read+0x220/0x958 [ 4433.848424][ T5792] ksys_read+0x100/0x1f4 [ 4433.848659][ T5792] __arm64_sys_read+0x98/0xcc [ 4433.848929][ T5792] invoke_syscall+0x90/0x2b4 [ 4433.849213][ T5792] el0_svc_common+0x180/0x2f4 [ 4433.849480][ T5792] do_el0_svc+0x58/0x74 [ 4433.849742][ T5792] el0_svc+0x58/0x134 [ 4433.850054][ T5792] el0t_64_sync_handler+0x78/0x108 [ 4433.850340][ T5792] el0t_64_sync+0x198/0x19c [ 4443.906095][ T5798] KVM: debugfs: duplicate directory 5798-4 [ 4581.287533][ T5878] FAULT_INJECTION: forcing a failure. [ 4581.287533][ T5878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 4581.302321][ T5878] CPU: 0 UID: 0 PID: 5878 Comm: syz.0.938 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4581.302691][ T5878] Hardware name: linux,dummy-virt (DT) [ 4581.302808][ T5878] Call trace: [ 4581.302925][ T5878] show_stack+0x2c/0x3c (C) [ 4581.303293][ T5878] __dump_stack+0x30/0x40 [ 4581.303498][ T5878] dump_stack_lvl+0xd8/0x12c [ 4581.303696][ T5878] dump_stack+0x1c/0x28 [ 4581.303904][ T5878] should_fail_ex+0x570/0x6e0 [ 4581.304195][ T5878] should_fail+0x14/0x24 [ 4581.304461][ T5878] should_fail_usercopy+0x20/0x30 [ 4581.304768][ T5878] simple_read_from_buffer+0xd0/0x298 [ 4581.305050][ T5878] proc_fail_nth_read+0x114/0x178 [ 4581.305284][ T5878] vfs_read+0x220/0x958 [ 4581.305492][ T5878] ksys_read+0x100/0x1f4 [ 4581.305697][ T5878] __arm64_sys_read+0x98/0xcc [ 4581.305923][ T5878] invoke_syscall+0x90/0x2b4 [ 4581.306215][ T5878] el0_svc_common+0x180/0x2f4 [ 4581.306485][ T5878] do_el0_svc+0x58/0x74 [ 4581.306747][ T5878] el0_svc+0x58/0x134 [ 4581.307052][ T5878] el0t_64_sync_handler+0x78/0x108 [ 4581.307331][ T5878] el0t_64_sync+0x198/0x19c [ 4599.659786][ T5887] FAULT_INJECTION: forcing a failure. [ 4599.659786][ T5887] name failslab, interval 1, probability 0, space 0, times 0 [ 4599.674730][ T5887] CPU: 0 UID: 0 PID: 5887 Comm: syz.1.942 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4599.675101][ T5887] Hardware name: linux,dummy-virt (DT) [ 4599.675217][ T5887] Call trace: [ 4599.675301][ T5887] show_stack+0x2c/0x3c (C) [ 4599.675644][ T5887] __dump_stack+0x30/0x40 [ 4599.675845][ T5887] dump_stack_lvl+0xd8/0x12c [ 4599.676071][ T5887] dump_stack+0x1c/0x28 [ 4599.676266][ T5887] should_fail_ex+0x570/0x6e0 [ 4599.676542][ T5887] should_failslab+0xb8/0xec [ 4599.676858][ T5887] kmem_cache_alloc_noprof+0x80/0x3f0 [ 4599.677160][ T5887] mas_alloc_nodes+0x33c/0x9a8 [ 4599.677424][ T5887] mas_preallocate+0x4f0/0x844 [ 4599.677669][ T5887] __split_vma+0x318/0xaac [ 4599.677936][ T5887] vms_gather_munmap_vmas+0x4e4/0x148c [ 4599.678188][ T5887] mmap_region+0x448/0x1be0 [ 4599.678437][ T5887] do_mmap+0xa1c/0xf10 [ 4599.678644][ T5887] vm_mmap_pgoff+0x274/0x3cc [ 4599.678858][ T5887] ksys_mmap_pgoff+0x3a4/0x448 [ 4599.679098][ T5887] __arm64_sys_mmap+0x13c/0x198 [ 4599.679383][ T5887] invoke_syscall+0x90/0x2b4 [ 4599.679659][ T5887] el0_svc_common+0x180/0x2f4 [ 4599.679952][ T5887] do_el0_svc+0x58/0x74 [ 4599.680229][ T5887] el0_svc+0x58/0x134 [ 4599.680502][ T5887] el0t_64_sync_handler+0x78/0x108 [ 4599.680819][ T5887] el0t_64_sync+0x198/0x19c [ 4692.021985][ T5941] FAULT_INJECTION: forcing a failure. [ 4692.021985][ T5941] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 4692.056661][ T5941] CPU: 0 UID: 0 PID: 5941 Comm: syz.1.960 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 4692.057074][ T5941] Hardware name: linux,dummy-virt (DT) [ 4692.057192][ T5941] Call trace: [ 4692.057275][ T5941] show_stack+0x2c/0x3c (C) [ 4692.057618][ T5941] __dump_stack+0x30/0x40 [ 4692.057822][ T5941] dump_stack_lvl+0xd8/0x12c [ 4692.058050][ T5941] dump_stack+0x1c/0x28 [ 4692.058256][ T5941] should_fail_ex+0x570/0x6e0 [ 4692.058536][ T5941] should_fail+0x14/0x24 [ 4692.058800][ T5941] should_fail_usercopy+0x20/0x30 [ 4692.059108][ T5941] simple_read_from_buffer+0xd0/0x298 [ 4692.059362][ T5941] proc_fail_nth_read+0x114/0x178 [ 4692.059592][ T5941] vfs_read+0x220/0x958 [ 4692.059797][ T5941] ksys_read+0x100/0x1f4 [ 4692.060030][ T5941] __arm64_sys_read+0x98/0xcc [ 4692.060246][ T5941] invoke_syscall+0x90/0x2b4 [ 4692.060517][ T5941] el0_svc_common+0x180/0x2f4 [ 4692.060814][ T5941] do_el0_svc+0x58/0x74 [ 4692.061117][ T5941] el0_svc+0x58/0x134 [ 4692.061400][ T5941] el0t_64_sync_handler+0x78/0x108 [ 4692.061683][ T5941] el0t_64_sync+0x198/0x19c [ 5113.578404][ T6194] FAULT_INJECTION: forcing a failure. [ 5113.578404][ T6194] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 5113.598977][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: syz.1.1048 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 5113.599332][ T6194] Hardware name: linux,dummy-virt (DT) [ 5113.599446][ T6194] Call trace: [ 5113.599529][ T6194] show_stack+0x2c/0x3c (C) [ 5113.599905][ T6194] __dump_stack+0x30/0x40 [ 5113.600113][ T6194] dump_stack_lvl+0xd8/0x12c [ 5113.600313][ T6194] dump_stack+0x1c/0x28 [ 5113.600505][ T6194] should_fail_ex+0x570/0x6e0 [ 5113.600856][ T6194] should_fail+0x14/0x24 [ 5113.601143][ T6194] should_fail_usercopy+0x20/0x30 [ 5113.601427][ T6194] simple_read_from_buffer+0xd0/0x298 [ 5113.601684][ T6194] proc_fail_nth_read+0x114/0x178 [ 5113.601950][ T6194] vfs_read+0x220/0x958 [ 5113.602168][ T6194] ksys_read+0x100/0x1f4 [ 5113.602382][ T6194] __arm64_sys_read+0x98/0xcc [ 5113.602601][ T6194] invoke_syscall+0x90/0x2b4 [ 5113.602925][ T6194] el0_svc_common+0x180/0x2f4 [ 5113.603206][ T6194] do_el0_svc+0x58/0x74 [ 5113.603470][ T6194] el0_svc+0x58/0x134 [ 5113.603759][ T6194] el0t_64_sync_handler+0x78/0x108 [ 5113.604060][ T6194] el0t_64_sync+0x198/0x19c [ 5152.797949][ T6214] kvm [6214]: Failed to find VMA for hva 0x20c01000 [ 5152.942799][ T6214] kvm [6214]: Failed to find VMA for hva 0x20c01000 [ 5154.290134][ T6214] kvm [6214]: Failed to find VMA for hva 0x20c01000 [ 5449.270909][ T6383] KVM: debugfs: duplicate directory 6383-5 [ 5526.448207][ T6437] FAULT_INJECTION: forcing a failure. [ 5526.448207][ T6437] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 5526.487849][ T6437] CPU: 0 UID: 0 PID: 6437 Comm: syz.1.1125 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 5526.488241][ T6437] Hardware name: linux,dummy-virt (DT) [ 5526.488359][ T6437] Call trace: [ 5526.488446][ T6437] show_stack+0x2c/0x3c (C) [ 5526.488833][ T6437] __dump_stack+0x30/0x40 [ 5526.489076][ T6437] dump_stack_lvl+0xd8/0x12c [ 5526.489281][ T6437] dump_stack+0x1c/0x28 [ 5526.489474][ T6437] should_fail_ex+0x570/0x6e0 [ 5526.489748][ T6437] should_fail_alloc_page+0xd4/0xd8 [ 5526.490059][ T6437] prepare_alloc_pages+0x20c/0x5e0 [ 5526.490346][ T6437] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 5526.490629][ T6437] alloc_pages_mpol+0x204/0x4c8 [ 5526.490900][ T6437] alloc_pages_noprof+0x104/0x2ec [ 5526.491177][ T6437] __pte_alloc+0x48/0x21c [ 5526.491414][ T6437] handle_mm_fault+0x374c/0x5778 [ 5526.491677][ T6437] do_page_fault+0x424/0x15c8 [ 5526.491959][ T6437] do_translation_fault+0xbc/0xfc [ 5526.492236][ T6437] do_mem_abort+0x50/0x110 [ 5526.492480][ T6437] el0_da+0x64/0x144 [ 5526.492791][ T6437] el0t_64_sync_handler+0x84/0x108 [ 5526.493128][ T6437] el0t_64_sync+0x198/0x19c [ 5526.627933][ T6437] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 5549.915757][ T6453] ================================================================== [ 5549.916621][ T6453] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [ 5549.917329][ T6453] Read of size 1 at addr 00000000000013c8 by task syz.0.1130/6453 [ 5549.917717][ T6453] [ 5549.918052][ T6453] CPU: 0 UID: 0 PID: 6453 Comm: syz.0.1130 Not tainted 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 5549.918303][ T6453] Hardware name: linux,dummy-virt (DT) [ 5549.918407][ T6453] Call trace: [ 5549.918529][ T6453] show_stack+0x2c/0x3c (C) [ 5549.918881][ T6453] __dump_stack+0x30/0x40 [ 5549.919098][ T6453] dump_stack_lvl+0xd8/0x12c [ 5549.919290][ T6453] print_report+0x5c/0xa0 [ 5549.919537][ T6453] kasan_report+0xb0/0x110 [ 5549.919786][ T6453] __kasan_check_byte+0x3c/0x54 [ 5549.920050][ T6453] lock_acquire+0xb0/0x2e0 [ 5549.920324][ T6453] _raw_spin_lock_irqsave+0x5c/0x7c [ 5549.920608][ T6453] kvm_vgic_set_owner+0x18c/0x294 [ 5549.920901][ T6453] kvm_timer_enable+0x1c4/0x794 [ 5549.921130][ T6453] kvm_arch_vcpu_run_pid_change+0x1f0/0x458 [ 5549.921359][ T6453] kvm_vcpu_ioctl+0xae8/0xc24 [ 5549.921593][ T6453] __arm64_sys_ioctl+0x18c/0x244 [ 5549.921885][ T6453] invoke_syscall+0x90/0x2b4 [ 5549.922172][ T6453] el0_svc_common+0x180/0x2f4 [ 5549.922441][ T6453] do_el0_svc+0x58/0x74 [ 5549.922700][ T6453] el0_svc+0x58/0x134 [ 5549.922987][ T6453] el0t_64_sync_handler+0x78/0x108 [ 5549.923277][ T6453] el0t_64_sync+0x198/0x19c [ 5549.923621][ T6453] ================================================================== [ 5549.926160][ T6453] Disabling lock debugging due to kernel taint [ 5549.927406][ T6453] Unable to handle kernel paging request at virtual address ffef80000000013b [ 5549.927898][ T6453] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [ 5549.928257][ T6453] Mem abort info: [ 5549.928487][ T6453] ESR = 0x0000000096000004 [ 5549.928837][ T6453] EC = 0x25: DABT (current EL), IL = 32 bits [ 5549.929174][ T6453] SET = 0, FnV = 0 [ 5549.929437][ T6453] EA = 0, S1PTW = 0 [ 5549.929698][ T6453] FSC = 0x04: level 0 translation fault [ 5549.930016][ T6453] Data abort info: [ 5549.930287][ T6453] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 5549.930554][ T6453] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 5549.930844][ T6453] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 5549.931299][ T6453] [ffef80000000013b] address between user and kernel address ranges [ 5549.932177][ T6453] Internal error: Oops: 0000000096000004 [#1] SMP [ 5549.961247][ T6453] Modules linked in: [ 5549.963336][ T6453] CPU: 0 UID: 0 PID: 6453 Comm: syz.0.1130 Tainted: G B 6.15.0-rc4-syzkaller-g21bfd0ea00d0 #0 PREEMPT [ 5549.965247][ T6453] Tainted: [B]=BAD_PAGE [ 5549.966071][ T6453] Hardware name: linux,dummy-virt (DT) [ 5549.967294][ T6453] pstate: 604020c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 5549.968753][ T6453] pc : do_raw_spin_lock+0x4c/0x2b4 [ 5549.969830][ T6453] lr : _raw_spin_lock_irqsave+0x64/0x7c [ 5549.971010][ T6453] sp : ffff80008eac7930 [ 5549.971910][ T6453] x29: ffff80008eac7940 x28: c8f000001d6aba80 x27: c8f000001d6acef0 [ 5549.973976][ T6453] x26: 0000000000000001 x25: c8f000001d6ad0d0 x24: 0000000000000010 [ 5549.975482][ T6453] x23: fbff80008eab6000 x22: c8f000001d6aba80 x21: ffff8000802008a0 [ 5549.977236][ T6453] x20: 00000000000013b0 x19: efff800000000000 x18: 00000000000000ff [ 5549.979011][ T6453] x17: 000000000b4ab75c x16: 00000000000000fe x15: 0000000000000000 [ 5549.980607][ T6453] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [ 5549.982335][ T6453] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [ 5549.984233][ T6453] x8 : 00000000000013b4 x7 : ffff8000870babc1 x6 : ffff8000865866a8 [ 5549.985911][ T6453] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802a7adc [ 5549.987572][ T6453] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [ 5549.989190][ T6453] Call trace: [ 5549.990080][ T6453] do_raw_spin_lock+0x4c/0x2b4 (P) [ 5549.991146][ T6453] _raw_spin_lock_irqsave+0x64/0x7c [ 5549.992265][ T6453] kvm_vgic_set_owner+0x18c/0x294 [ 5549.993385][ T6453] kvm_timer_enable+0x1c4/0x794 [ 5549.994280][ T6453] kvm_arch_vcpu_run_pid_change+0x1f0/0x458 [ 5549.995410][ T6453] kvm_vcpu_ioctl+0xae8/0xc24 [ 5549.996436][ T6453] __arm64_sys_ioctl+0x18c/0x244 [ 5549.997550][ T6453] invoke_syscall+0x90/0x2b4 [ 5549.998687][ T6453] el0_svc_common+0x180/0x2f4 [ 5549.999753][ T6453] do_el0_svc+0x58/0x74 [ 5550.000791][ T6453] el0_svc+0x58/0x134 [ 5550.001801][ T6453] el0t_64_sync_handler+0x78/0x108 [ 5550.002929][ T6453] el0t_64_sync+0x198/0x19c [ 5550.004449][ T6453] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [ 5550.006394][ T6453] ---[ end trace 0000000000000000 ]--- [ 5550.008163][ T6453] Kernel panic - not syncing: Oops: Fatal exception [ 5550.010535][ T6453] Kernel Offset: disabled [ 5550.011540][ T6453] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f [ 5550.012811][ T6453] Memory Limit: none [ 5550.014403][ T6453] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:39:58 Registers: info registers vcpu 0 CPU#0 PC=ffff800082090f30 X00=0000000000000003 X01=0000000000000002 X02=000000000000007b X03=ffff800082090d24 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e7b720 X07=ffff8000870babc1 X08=37ff80008c42b000 X09=0000000000000050 X10=0000000000000050 X11=00000000000000fe X12=00000000000000d8 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=000000000b4ab75c X18=00000000000000ff X19=efff800000000000 X20=d8f000000e049080 X21=37ff80008c42b018 X22=0000000000000002 X23=d8f000000e04917a X24=00000000000000d8 X25=0000000000000000 X26=37ff80008c42b000 X27=00000000000000d8 X28=00000000000000d8 X29=ffff80008eac7090 X30=ffff800082090f24 SP=ffff80008eac7080 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0e00000000000000:0e00000000000000 Z01=0000000e00000000:0000000000000000 Z02=000000000000000e:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000000e:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc80ec9b0:0000ffffc80ec9b0 Z17=ffffff80ffffffd0:0000ffffc80ec980 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000