last executing test programs: 55.611557544s ago: executing program 0 (id=1012): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) ioctl$KVM_CREATE_VM(r5, 0xc0045878, 0x20000000) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r1, 0x100000f, 0x80010, r4, 0x0) 49.861938602s ago: executing program 1 (id=1013): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x909483, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x5, 0xa}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140000, &(0x7f0000000080)=0x7fffffffffffffff}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) ioctl$KVM_IOEVENTFD(r4, 0xc0189436, &(0x7f0000000080)={0x0, 0x0, 0x1, 0xffffffffffffffff, 0x5}) 49.16971517s ago: executing program 0 (id=1014): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x8080000, 0x80a0000, 0xfffffffd, 0x1, 0xb}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x0) 41.990197716s ago: executing program 1 (id=1015): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x40) r4 = eventfd2(0x3ff, 0x80001) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f00000001c0)={0x4, 0x1}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000002c0)={r4, 0x0, 0x0, r4}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000080)=ANY=[]) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40480, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0700000000000000280000000000000000000000df7216685a0a044d330000000001000000000000001700000000000000"], 0x28}, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000240), 0x580, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x0, 0x40, &(0x7f0000000140)=0xde1}) ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000300)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000280)=0x91}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x801054db, 0x0) r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000200)="fb014401ac2cc4a2c0a6000000faff00bfff02000000ffffff00000d00e6ffea000000002000", 0x0, 0xffffffffffffff98) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000340)={0x1, 0x66f8db21dba83926}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0) 41.671712666s ago: executing program 0 (id=1016): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x109000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r12 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r11, 0x100000a, 0x12, r12, 0x100000) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r11, 0x1, 0x11, r12, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r7, 0x100000f, 0x12, r13, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x930, 0x280000f, 0x11, r14, 0x0) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) syz_kvm_vgic_v3_setup(r1, 0x2, 0xa0) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r16, 0xae03, 0xb2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) 26.728434294s ago: executing program 0 (id=1017): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x11, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd03f6e3ac3bc4a24232f9aa0ce02f0000000001ffeb9610fbff77521ce3f18e000000000000000000d1000000000000000030c10f62f5529df70000000100", 0x0, 0x48) 23.03638939s ago: executing program 1 (id=1018): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2041, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r3, 0x1, 0x4000812, r4, 0x100000) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r3, 0x1, 0x11, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) 20.43550414s ago: executing program 0 (id=1019): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xc0189436, 0x100000000000000) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_GET_REG_LIST(r6, 0x4020aeae, &(0x7f00000003c0)=ANY=[@ANYBLOB="05000000000000000000000000000082"]) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000dcc3601bfc14d285b29f000000000100000000000000ff03000000000000030000000000000040000000000000006da791ced86ca2bf9c33cb"], 0x80}], 0x1, 0x0, 0x0, 0xfffffdb2) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r2, 0xc0189436, 0x100000000000000) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0) (async) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0) (async) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async) ioctl$KVM_GET_REG_LIST(r6, 0x4020aeae, &(0x7f00000003c0)=ANY=[@ANYBLOB="05000000000000000000000000000082"]) (async) syz_kvm_setup_cpu$arm64(r1, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000000000000dcc3601bfc14d285b29f000000000100000000000000ff03000000000000030000000000000040000000000000006da791ced86ca2bf9c33cb"], 0x80}], 0x1, 0x0, 0x0, 0xfffffdb2) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) 15.18989985s ago: executing program 1 (id=1020): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) syz_kvm_setup_cpu$arm64(r4, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x100001c, 0x1}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11.328473638s ago: executing program 0 (id=1021): r0 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r1 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000000400000000000000010000002"]) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r11, 0x4004ae8b, &(0x7f0000000100)={0x8, "e5ccd16738eaa59c"}) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000080)={0x5}) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x8906}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x800454d7, 0x0) 7.012446263s ago: executing program 1 (id=1022): openat$kvm(0x0, &(0x7f0000000080), 0x10000, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x2, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r1, 0x1, 0x140) munmap(&(0x7f0000d40000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x14000}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000005, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=1023): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) (async) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc1300000030d11b"], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x2002, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) (async) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="82000000000000002800000000000000010072a5a498ed4a9739d500000000000001"], 0x28}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r8, 0x2, 0x120) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x7}) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) r12 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000180)={0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="14000000000000002000000000000000f1c4130000003060008000000000000014000000000000002000000000000000f2c4130000003060008000000000000014000000000000002000000000000000e0dc130000003060c7"], 0x140}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_SREGS(r0, 0x4000ae84, &(0x7f0000000400)={{0xdddd1000, 0x1000, 0xc, 0x9, 0x8, 0x56, 0xf7, 0x3, 0x10, 0x3, 0x9, 0x4}, {0x5000, 0x2000, 0xa, 0x7, 0xd, 0x7, 0x4c, 0x1a, 0x74, 0x0, 0x7c, 0xff}, {0x87e6c85548ab779a, 0x2, 0x10, 0xa, 0x8, 0x7, 0x80, 0x7, 0x3, 0xa, 0x8, 0x9}, {0xdddd1000, 0xeeef0000, 0xb, 0xf, 0x4, 0x4, 0x2, 0x5, 0x7, 0xa, 0x3, 0x5}, {0x4, 0x2000, 0xb, 0xc, 0x3, 0x0, 0x2, 0x6, 0x5, 0x1, 0xd, 0x7f}, {0x1000, 0xeeee8000, 0x10, 0x28, 0x7, 0xa, 0x9, 0x1, 0x8, 0x9, 0xfe, 0x7f}, {0xd000, 0x1, 0x1e, 0x1, 0x6, 0x3, 0x3, 0x7, 0xf7, 0x0, 0x4, 0x8}, {0x4000, 0x5000, 0x3, 0x80, 0x8, 0xe, 0x0, 0x55, 0xd6, 0x3, 0x10, 0x81}, {0x2, 0x2}, {0x10000, 0x8}, 0xa0000000, 0x0, 0xd000, 0x20, 0x8, 0x1000, 0x0, [0x41, 0xb, 0x4, 0x10]}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async, rerun: 64) ioctl$KVM_RUN(r12, 0xae80, 0x0) (rerun: 64) kernel console output (not intermixed with test programs): [ 403.522959][ T3129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.476833][ T3129] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:30075' (ED25519) to the list of known hosts. [ 612.277675][ T25] audit: type=1400 audit(611.340:63): avc: denied { name_bind } for pid=3295 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 613.238777][ T25] audit: type=1400 audit(612.300:64): avc: denied { execute } for pid=3296 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 613.285179][ T25] audit: type=1400 audit(612.350:65): avc: denied { execute_no_trans } for pid=3296 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 632.631394][ T25] audit: type=1400 audit(631.690:66): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 632.665491][ T25] audit: type=1400 audit(631.730:67): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.760742][ T3296] cgroup: Unknown subsys name 'net' [ 632.813069][ T25] audit: type=1400 audit(631.880:68): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 633.250218][ T3296] cgroup: Unknown subsys name 'cpuset' [ 633.372020][ T3296] cgroup: Unknown subsys name 'rlimit' [ 635.001367][ T25] audit: type=1400 audit(634.060:69): avc: denied { setattr } for pid=3296 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 635.051641][ T25] audit: type=1400 audit(634.080:70): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 635.061663][ T25] audit: type=1400 audit(634.110:71): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 637.424249][ T3299] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 637.451345][ T25] audit: type=1400 audit(636.510:72): avc: denied { relabelto } for pid=3299 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.487816][ T25] audit: type=1400 audit(636.550:73): avc: denied { write } for pid=3299 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 637.791403][ T25] audit: type=1400 audit(636.850:74): avc: denied { read } for pid=3296 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.824565][ T25] audit: type=1400 audit(636.890:75): avc: denied { open } for pid=3296 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 637.878486][ T3296] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 685.033337][ T25] audit: type=1400 audit(684.100:76): avc: denied { execmem } for pid=3300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 688.611770][ T25] audit: type=1400 audit(687.670:77): avc: denied { read } for pid=3302 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 688.644669][ T25] audit: type=1400 audit(687.710:78): avc: denied { open } for pid=3302 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 688.734208][ T25] audit: type=1400 audit(687.780:79): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 689.071627][ T25] audit: type=1400 audit(688.090:80): avc: denied { module_request } for pid=3302 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 690.256778][ T25] audit: type=1400 audit(689.320:81): avc: denied { sys_module } for pid=3302 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 723.507918][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.703619][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.052933][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 725.223875][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 736.652292][ T3302] hsr_slave_0: entered promiscuous mode [ 736.697164][ T3302] hsr_slave_1: entered promiscuous mode [ 738.521877][ T3303] hsr_slave_0: entered promiscuous mode [ 738.554809][ T3303] hsr_slave_1: entered promiscuous mode [ 738.581378][ T3303] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 738.586237][ T3303] Cannot create hsr debugfs directory [ 743.711736][ T25] audit: type=1400 audit(742.770:82): avc: denied { create } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 743.757070][ T25] audit: type=1400 audit(742.790:83): avc: denied { write } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 743.820850][ T25] audit: type=1400 audit(742.840:84): avc: denied { read } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 743.917719][ T3302] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 744.425140][ T3302] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 744.696641][ T3302] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 745.056951][ T3302] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 746.522984][ T3303] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 746.717561][ T3303] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 746.893799][ T3303] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 747.061395][ T3303] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 762.023656][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.425513][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 822.975024][ T3302] veth0_vlan: entered promiscuous mode [ 823.765144][ T3302] veth1_vlan: entered promiscuous mode [ 826.251538][ T3303] veth0_vlan: entered promiscuous mode [ 826.953822][ T3302] veth0_macvtap: entered promiscuous mode [ 827.577720][ T3302] veth1_macvtap: entered promiscuous mode [ 827.746115][ T3303] veth1_vlan: entered promiscuous mode [ 831.026924][ T3302] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.042763][ T3302] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.051902][ T3302] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.062375][ T3302] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.488919][ T3303] veth0_macvtap: entered promiscuous mode [ 832.346399][ T3303] veth1_macvtap: entered promiscuous mode [ 834.844279][ T25] audit: type=1400 audit(833.900:85): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 835.154022][ T25] audit: type=1400 audit(834.220:86): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/syzkaller.50faV8/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 835.492568][ T25] audit: type=1400 audit(834.470:87): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 835.758829][ T3303] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.794666][ T3303] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.805897][ T3303] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.835318][ T3303] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 836.058081][ T25] audit: type=1400 audit(835.040:88): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/syzkaller.50faV8/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 836.260628][ T25] audit: type=1400 audit(835.310:89): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/syzkaller.50faV8/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 837.314135][ T25] audit: type=1400 audit(836.370:90): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 837.603829][ T25] audit: type=1400 audit(836.640:91): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 837.731925][ T25] audit: type=1400 audit(836.730:92): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="gadgetfs" ino=3291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 838.203823][ T25] audit: type=1400 audit(837.260:93): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 838.352907][ T25] audit: type=1400 audit(837.400:94): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 839.383950][ T3302] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 840.720845][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 840.751667][ T25] audit: type=1400 audit(839.780:96): avc: denied { read write } for pid=3302 comm="syz-executor" name="loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 840.757303][ T25] audit: type=1400 audit(839.800:97): avc: denied { open } for pid=3302 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 840.835391][ T25] audit: type=1400 audit(839.800:98): avc: denied { ioctl } for pid=3302 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 843.948681][ T25] audit: type=1400 audit(843.010:99): avc: denied { write } for pid=3447 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 843.974558][ T25] audit: type=1400 audit(843.030:100): avc: denied { read } for pid=3448 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 844.002992][ T25] audit: type=1400 audit(843.030:101): avc: denied { open } for pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 844.252090][ T25] audit: type=1400 audit(843.310:102): avc: denied { ioctl } for pid=3448 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 853.482987][ T25] audit: type=1400 audit(852.500:103): avc: denied { append } for pid=3457 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 887.562618][ T25] audit: type=1400 audit(886.600:104): avc: denied { execute } for pid=3474 comm="syz.1.8" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3997 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1084.941299][ T25] audit: type=1400 audit(1084.000:105): avc: denied { ioctl } for pid=3609 comm="syz.0.43" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1089.455334][ T3613] debugfs: File 'vgic-its-state@8080000' in directory '3613-4' already present! [ 1092.642976][ T3613] kvm [3613]: Failed to find VMA for hva 0x20c01000 [ 1199.448755][ T25] audit: type=1400 audit(1198.490:106): avc: denied { map } for pid=3678 comm="syz.1.63" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1199.466174][ T25] audit: type=1400 audit(1198.520:107): avc: denied { execute } for pid=3678 comm="syz.1.63" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1302.447492][ T3753] kvm [3753]: Failed to find VMA for hva 0x20c01000 [ 1424.958282][ T3832] KVM: debugfs: duplicate directory 3832-5 [ 1427.160849][ T3832] KVM: debugfs: duplicate directory 3832-5 [ 1537.152795][ T25] audit: type=1400 audit(1536.210:108): avc: denied { setattr } for pid=3918 comm="syz.1.128" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1815.101804][ T4104] kvm [4104]: Failed to find VMA for hva 0x20c01000 [ 2054.765646][ T4282] KVM: debugfs: duplicate directory 4282-5 [ 2266.133987][ T4421] kvm [4421]: Failed to find VMA for hva 0x20fcc000 [ 2380.998890][ T4503] kvm [4503]: Failed to find VMA for hva 0x20c01000 [ 2673.223041][ T4689] kvm [4689]: Failed to find VMA for hva 0x20000000 [ 2709.864406][ T4712] kvm [4712]: Failed to find VMA for hva 0x20c01000 [ 2743.565544][ T4738] kvm [4738]: Failed to find VMA for hva 0x21016000 [ 3189.067545][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 3189.067545][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.138192][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.138192][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.205462][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.205462][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.255368][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.255368][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.304048][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.304048][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.334533][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.334533][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.393183][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.393183][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.452251][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.452251][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.535498][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.535498][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3189.618917][ T5048] kvm [5047]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3189.618917][ T5048] { Op0( 0), Op1( 7), CRn(15), CRm(12), Op2( 7), func_read }, [ 3643.892952][ T5367] kvm [5367]: Failed to find VMA for hva 0x20c01000 [ 3738.188262][ T5438] kvm [5438]: Failed to find VMA for hva 0x2101a000 [ 3738.242840][ T5439] kvm [5439]: Failed to find VMA for hva 0x2101a000 [ 3820.746697][ T5503] debugfs: File 'vgic-its-state@8080000' in directory '5503-4' already present! [ 3868.022608][ T5527] kvm [5527]: Failed to find VMA for hva 0x2101a000 [ 3890.894954][ T5539] print_sys_reg_msg: 165 callbacks suppressed [ 3890.931442][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001d3] [ 3890.931442][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3890.955608][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3890.955608][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3890.992512][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3890.992512][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.035351][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.035351][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.086577][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.086577][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.127601][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.127601][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.194842][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.194842][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.224565][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.224565][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.274733][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.274733][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 3891.335307][ T5539] kvm [5538]: Unsupported guest CP15 access at: 00000100 [000001db] [ 3891.335307][ T5539] { Op0( 0), Op1( 7), CRn(15), CRm(13), Op2( 7), func_read }, [ 4095.076245][ T5683] KVM: debugfs: duplicate directory 5683-14 [ 4278.056048][ T25] audit: type=1400 audit(4277.100:109): avc: denied { map } for pid=5802 comm="syz.1.652" path="/" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 4384.546691][ T5885] KVM: debugfs: duplicate directory 5885-5 [ 4466.268571][ T5946] kvm [5946]: Failed to find VMA for hva 0x20e8a000 [ 4772.018726][ T6156] kvm [6156]: Failed to find VMA for hva 0x20c01000 [ 4801.288323][ T6173] kvm [6173]: Failed to find VMA for hva 0x208a1000 [ 5081.202938][ T6366] KVM: debugfs: duplicate directory 6366-4 [ 5113.365271][ T6388] debugfs: File 'vgic-its-state@8080000' in directory '6385-7' already present! [ 5249.815422][ T6480] debugfs: File 'vgic-its-state@8080000' in directory '6478-7' already present! [ 5790.756892][ T6849] kvm [6849]: Failed to find VMA for hva 0x20c01000 [ 5790.776633][ T6851] kvm [6851]: Failed to find VMA for hva 0x20c01000 [ 6201.436710][ T7131] kvm [7131]: Failed to find VMA for hva 0x21016000 [ 6222.387841][ T7149] ================================================================== [ 6222.388687][ T7149] BUG: KASAN: invalid-access in _raw_spin_lock_irqsave+0x5c/0x7c [ 6222.390626][ T7149] Read of size 1 at addr 00000000000013c8 by task syz.1.1023/7149 [ 6222.390996][ T7149] [ 6222.392104][ T7149] CPU: 0 UID: 0 PID: 7149 Comm: syz.1.1023 Not tainted 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 6222.392649][ T7149] Hardware name: linux,dummy-virt (DT) [ 6222.393121][ T7149] Call trace: [ 6222.393536][ T7149] show_stack+0x2c/0x3c (C) [ 6222.394120][ T7149] __dump_stack+0x30/0x40 [ 6222.394420][ T7149] dump_stack_lvl+0xd8/0x12c [ 6222.394720][ T7149] print_report+0x5c/0xa0 [ 6222.394956][ T7149] kasan_report+0xb0/0x110 [ 6222.395204][ T7149] __kasan_check_byte+0x3c/0x54 [ 6222.395480][ T7149] lock_acquire+0xb0/0x2e0 [ 6222.395746][ T7149] _raw_spin_lock_irqsave+0x5c/0x7c [ 6222.395967][ T7149] kvm_vgic_set_owner+0x18c/0x294 [ 6222.396210][ T7149] kvm_timer_enable+0x1c4/0x794 [ 6222.396455][ T7149] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 6222.396677][ T7149] kvm_vcpu_ioctl+0xae8/0xc24 [ 6222.396901][ T7149] __arm64_sys_ioctl+0x18c/0x244 [ 6222.397212][ T7149] invoke_syscall+0x90/0x2b4 [ 6222.397510][ T7149] el0_svc_common+0x180/0x2f4 [ 6222.397764][ T7149] do_el0_svc+0x58/0x74 [ 6222.398008][ T7149] el0_svc+0x58/0x134 [ 6222.398216][ T7149] el0t_64_sync_handler+0x78/0x108 [ 6222.398473][ T7149] el0t_64_sync+0x198/0x19c [ 6222.399012][ T7149] ================================================================== [ 6222.401257][ T7149] Disabling lock debugging due to kernel taint [ 6222.402451][ T7149] Unable to handle kernel paging request at virtual address ffef80000000013b [ 6222.402919][ T7149] KASAN: maybe wild-memory-access in range [0xff000000000013b0-0xff000000000013bf] [ 6222.403257][ T7149] Mem abort info: [ 6222.403507][ T7149] ESR = 0x0000000096000004 [ 6222.403817][ T7149] EC = 0x25: DABT (current EL), IL = 32 bits [ 6222.404111][ T7149] SET = 0, FnV = 0 [ 6222.404391][ T7149] EA = 0, S1PTW = 0 [ 6222.404645][ T7149] FSC = 0x04: level 0 translation fault [ 6222.404946][ T7149] Data abort info: [ 6222.405224][ T7149] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 6222.405518][ T7149] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 6222.405801][ T7149] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 6222.406214][ T7149] [ffef80000000013b] address between user and kernel address ranges [ 6222.407078][ T7149] Internal error: Oops: 0000000096000004 [#1] SMP [ 6222.441616][ T7149] Modules linked in: [ 6222.443711][ T7149] CPU: 0 UID: 0 PID: 7149 Comm: syz.1.1023 Tainted: G B 6.15.0-rc4-syzkaller-g1b85d923ba8c #0 PREEMPT [ 6222.445747][ T7149] Tainted: [B]=BAD_PAGE [ 6222.446661][ T7149] Hardware name: linux,dummy-virt (DT) [ 6222.447846][ T7149] pstate: 614020c9 (nZCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 6222.449391][ T7149] pc : do_raw_spin_lock+0x4c/0x2b4 [ 6222.450534][ T7149] lr : _raw_spin_lock_irqsave+0x64/0x7c [ 6222.451691][ T7149] sp : ffff8000a8ec7930 [ 6222.452662][ T7149] x29: ffff8000a8ec7940 x28: cdf0000012ffd7c0 x27: cdf0000012ffec30 [ 6222.454711][ T7149] x26: 0000000000000001 x25: cdf0000012ffee10 x24: 0000000000000010 [ 6222.456492][ T7149] x23: 56ff8000a8edc000 x22: cdf0000012ffd7c0 x21: ffff800080208ab8 [ 6222.458329][ T7149] x20: 00000000000013b0 x19: efff800000000000 x18: 000000000c7b0c3c [ 6222.460126][ T7149] x17: 0000000000000054 x16: 00000000000000fe x15: 0000000000000000 [ 6222.461860][ T7149] x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000000002 [ 6222.463548][ T7149] x11: 0000000000000001 x10: 0ff000000000013b x9 : 0000000000000000 [ 6222.465490][ T7149] x8 : 00000000000013b4 x7 : ffff8000870d1e20 x6 : ffff800086599264 [ 6222.467479][ T7149] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802afe9c [ 6222.469220][ T7149] x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000013b0 [ 6222.471171][ T7149] Call trace: [ 6222.472089][ T7149] do_raw_spin_lock+0x4c/0x2b4 (P) [ 6222.473240][ T7149] _raw_spin_lock_irqsave+0x64/0x7c [ 6222.474443][ T7149] kvm_vgic_set_owner+0x18c/0x294 [ 6222.475639][ T7149] kvm_timer_enable+0x1c4/0x794 [ 6222.476641][ T7149] kvm_arch_vcpu_run_pid_change+0x1f0/0x484 [ 6222.477789][ T7149] kvm_vcpu_ioctl+0xae8/0xc24 [ 6222.478812][ T7149] __arm64_sys_ioctl+0x18c/0x244 [ 6222.479790][ T7149] invoke_syscall+0x90/0x2b4 [ 6222.480909][ T7149] el0_svc_common+0x180/0x2f4 [ 6222.482031][ T7149] do_el0_svc+0x58/0x74 [ 6222.483050][ T7149] el0_svc+0x58/0x134 [ 6222.484033][ T7149] el0t_64_sync_handler+0x78/0x108 [ 6222.485154][ T7149] el0t_64_sync+0x198/0x19c [ 6222.486570][ T7149] Code: d344fd4a aa0003f4 f90007e9 d378fd09 (386a6a6a) [ 6222.488478][ T7149] ---[ end trace 0000000000000000 ]--- [ 6222.490334][ T7149] Kernel panic - not syncing: Oops: Fatal exception [ 6222.492802][ T7149] Kernel Offset: disabled [ 6222.493747][ T7149] CPU features: 0x0000,00000340,02fbcdf1,057ffe1f [ 6222.495017][ T7149] Memory Limit: none [ 6222.496638][ T7149] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:47:18 Registers: info registers vcpu 0 CPU#0 PC=ffff8000865a6ed4 X00=0000000000000001 X01=0000000000000001 X02=0000000000000001 X03=ffff800080453bc8 X04=0000000000000001 X05=0000000000000000 X06=ffff800081e7b000 X07=ffff8000870d1e20 X08=00000000000000c0 X09=ffffffffffffffff X10=0000000000000000 X11=0000000000000066 X12=0ffff80008794088 X13=0000000000000007 X14=0000000000000000 X15=0000000000000000 X16=00000000000000fe X17=0000000000000054 X18=000000000c7b0c3c X19=efff800000000000 X20=00000000000000c0 X21=ffff800087940878 X22=ffff80008c3b9000 X23=ffff80008c3b9000 X24=ffff800087951e78 X25=0000000000000044 X26=00000000000000ff X27=ffff800087951e78 X28=ffff8000a8ec72c0 X29=ffff8000a8ec70d0 X30=ffff8000865a6ec0 SP=ffff8000a8ec70d0 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=0000ff0000ff0000:ffff00000000706d Z02=c0fc00fcc000c0fc:0000c0fcc0fc0000 Z03=0000000000000000:0000000000000000 Z04=3303330333033303:3303330333033303 Z05=bcfcc0bc00bcbc00:bcfcc0bc00bcbc00 Z06=0000000000000073:0000aaaae8c3f3e0 Z07=0000000000000074:0000aaaae8c3c620 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffce16eb20:0000ffffce16eb20 Z17=ffffff80ffffffd0:0000ffffce16eaf0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000