last executing test programs: 8m53.07946359s ago: executing program 1 (id=208): eventfd2(0x0, 0x80000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2010, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x401c5820, 0x25) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x90100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000001c0)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r11 = syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r11, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0x70, &(0x7f0000000240)=0x80000001}) mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r5, 0x2000009, 0x213011, r3, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x23, 0x6, 0x8, 0x9, 0x89, 0x6, 0x5, 0x0, 0x6, 0xc9, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x5}) write$eventfd(r13, &(0x7f00000001c0)=0x9, 0x1d) mmap$KVM_VCPU(&(0x7f0000701000/0x2000)=nil, r5, 0x2, 0x80010, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 8m46.223852351s ago: executing program 0 (id=209): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r4 = ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r7, 0x4018aee2, &(0x7f0000000280)=@attr_pmu_init) ioctl$KVM_CREATE_VCPU(r4, 0xb701, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x6}) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0xb702, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0xffff7ffffffffffb) r14 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r15, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_vgic_v3_setup(r11, 0x2, 0x80) r16 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=[@irq_setup={0x46, 0x18, {0x4, 0x151}}, @eret={0xe6, 0x18, 0x9}, @smc={0x1e, 0x40, {0x400, [0xdd, 0x8000, 0xffffffffffff0000, 0x8, 0x7]}}, @code={0xa, 0x6c, {"000028d5c0049ed200e0b0f2010080d2a20080d2830180d2840080d2020000d40000c029007008d5007008d50048284e0000691e007008d5e07e8dd200a0b0f2810180d2820180d2e30180d2640180d2020000d400c0e21e"}}, @code={0xa, 0xb4, {"801091d20080b0f2810080d2420180d2c30180d2840180d2020000d4203797d20060b0f2610180d2420080d2430180d2c40080d2020000d4e08695d200e0b0f2c10180d2c20080d2830080d2240180d2020000d4007008d50090200e00e0c00d20408cd20060b0f2210080d2820180d2830080d2240180d2020000d40008201e808d96d200a0b0f2210080d2a20180d2830080d2240080d2020000d4000028d5"}}, @hvc={0x32, 0x40, {0x84000012, [0x401, 0x8, 0x5, 0x2, 0x1000]}}, @hvc={0x32, 0x40, {0x84000001, [0x400, 0x6f78, 0x3, 0x5, 0x6]}}, @smc={0x1e, 0x40, {0x84000003, [0x7, 0xfffffffffffffffc, 0x8001, 0x8, 0x6]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0xe3}}, @svc={0x122, 0x40, {0x2, [0x1, 0x3, 0x3, 0xffff, 0x8]}}, @msr={0x14, 0x20, {0x603000000013df05, 0xffff}}, @memwrite={0x6e, 0x30, @generic={0x40000, 0x5de, 0x3}}, @hvc={0x32, 0x40, {0x84000005, [0xc52, 0x9, 0x5, 0x7fff, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013f08a}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x48}}, @code={0xa, 0x54, {"008008d50000407c000028d5c0ee84d20040b0f2a10180d2220180d2a30080d2040080d2020000d400e0600d007008d5002cc09a0000802d00c0c00d0080a09b"}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1c8}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0x1, 0x9, 0x0, 0x1}}, @svc={0x122, 0x40, {0x84000012, [0x6, 0x2, 0x5, 0xf419, 0x8001]}}, @irq_setup={0x46, 0x18, {0x2, 0x22a}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x7f8, 0x9d2e, 0x5}}, @eret={0xe6, 0x18, 0x6}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xd00, 0xffff, 0x5}}, @code={0xa, 0x9c, {"0000c09300b4205e0000007280848bd200c0b8f2010080d2a20080d2a30080d2e40180d2020000d4000000280050204ec0a09dd200c0b8f2c10080d2420180d2830180d2440080d2020000d4c0ec9cd200e0b0f2410180d2620080d2430080d2e40080d2020000d400018cd20000b0f2e10080d2e20180d2030080d2a40180d2020000d4007008d5"}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x2, 0x7, 0xa, 0xa, 0x3}}, @smc={0x1e, 0x40, {0x84000004, [0x87b, 0x100000001, 0xff, 0x1, 0x8]}}, @uexit={0x0, 0x18, 0xfffffffffffffff9}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @hvc={0x32, 0x40, {0x0, [0x100000001, 0xfffffffffffffffd, 0x81, 0x3, 0x1]}}, @hvc={0x32, 0x40, {0x80000000, [0x1, 0x12, 0xffffffffffffffff, 0x6, 0x1f]}}], 0x6b0}, &(0x7f0000000100)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_MP_STATE(r16, 0x4004ae99, &(0x7f00000001c0)=0x4) ioctl$KVM_RUN(r15, 0xae80, 0x0) 8m42.411473956s ago: executing program 1 (id=210): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) openat$kvm(0x0, 0xfffffffffffffffe, 0x0, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, 0x0) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000001c0)=@arm64_fw={0x6030000000140002, &(0x7f0000000180)=0x7}) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x40000, 0x6a000, 0x2, 0x1, 0x8}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r7, 0x541b, 0x2000001c) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, 0x0) 8m33.385447497s ago: executing program 0 (id=211): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00004fc000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x3cd}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x4, 0x7, 0x6, 0xfffff124, 0x2}}, @msr={0x14, 0x20, {0x603000000013d807, 0x6}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c018}}, @uexit={0x0, 0x18, 0x2}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0xc, 0x2, 0x9, 0x4}}, @hvc={0x32, 0x40, {0x1, [0x3, 0x7, 0xfffffffffffffff9, 0x1, 0x4]}}, @hvc={0x32, 0x40, {0x1000, [0x1, 0x0, 0x9, 0x9, 0x99d2]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x2, 0x5, 0x3, 0x5, 0x2}}, @svc={0x122, 0x40, {0xc400000e, [0xfffffffffffffffb, 0x0, 0x5, 0xff, 0x3]}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1e8}}, @irq_setup={0x46, 0x18, {0x1, 0x284}}, @eret={0xe6, 0x18, 0x474}, @smc={0x1e, 0x40, {0x1000000, [0x9, 0x5, 0x2, 0x2, 0x1]}}, @svc={0x122, 0x40, {0xc4000014, [0x49c2, 0x2, 0x4b678000000, 0x80000001, 0x8000000000000001]}}, @smc={0x1e, 0x40, {0x84000009, [0x3, 0x7972b16c, 0xb7a8, 0x1, 0xffffffffffffffff]}}], 0x2f8}, &(0x7f0000000040)=[@featur2={0x1, 0x10}], 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x40000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x24200, 0x0) 8m33.143555113s ago: executing program 1 (id=212): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@hvc={0x32, 0x40, {0x8400000e, [0x2, 0x8fd, 0x1, 0x8, 0x8]}}], 0x40}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000140)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x6}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x7}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = eventfd2(0x5, 0x81801) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r11, 0x8}) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r11, 0x2}) (async) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x4, r11, 0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) r12 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x8, 0x5, &(0x7f0000000000)=0x5}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x22) 8m26.5081907s ago: executing program 0 (id=213): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, 0x0, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r3, 0x2, 0x100) close(r3) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) munmap(&(0x7f0000c61000/0x3000)=nil, 0x3000) close(r4) (async) close(r4) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 8m20.047313515s ago: executing program 1 (id=214): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) write$eventfd(r1, &(0x7f0000000000), 0xfffffdef) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x20000000) r3 = openat$kvm(0x0, &(0x7f0000000240), 0x2101, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = eventfd2(0x0, 0x0) close(r5) write$eventfd(r5, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xfffffffffffffff7) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x1}) r9 = eventfd2(0x5, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r5, 0x3, 0x2, r9}) openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x131) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x410801, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r13 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1000007, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r4, 0x1000000, 0x11, r12, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) 8m14.032191942s ago: executing program 0 (id=215): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x66) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async, rerun: 64) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (rerun: 64) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async) r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) (async) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r13, 0x7, 0x11, r12, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r13, 0x1, 0x12, r8, 0x0) r14 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async, rerun: 32) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r15, 0x8, 0x13, r8, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r7, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r16, 0x3, 0x11, r14, 0x0) (rerun: 64) 8m6.251250042s ago: executing program 1 (id=216): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r5, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f00005e1000/0x3000)=nil, r7, 0x2000009, 0x213011, r5, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r8, 0x2, 0x2013, r2, 0x200001fe0000) 8m3.139771362s ago: executing program 0 (id=217): write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000a, 0x53033, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) syz_kvm_vgic_v3_setup(r0, 0x4, 0x100) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x1000000, 0x100010, 0xffffffffffffffff, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8) (async) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000647000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000a, 0x53033, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async) syz_kvm_vgic_v3_setup(r0, 0x4, 0x100) (async) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x1000000, 0x100010, 0xffffffffffffffff, 0x0) (async) 7m55.99975886s ago: executing program 1 (id=218): r0 = openat$kvm(0x0, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil) write$eventfd(r6, &(0x7f00000001c0), 0xfdef) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r3, 0x1}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0xab0e9d50baa59e28, 0xffffffffffffffff, 0x1}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r3, 0x3}) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000340)={0x6, 0x0, [{0x4, 0x3, 0x0, 0x0, @msi={0x2, 0x7, 0xd8, 0x2f}}, {0x9, 0x3, 0x1, 0x0, @sint={0x2, 0x2}}, {0xbb3, 0x1, 0x0, 0x0, @sint={0x3, 0x52ae3ee3}}, {0x4, 0x1, 0x1, 0x0, @irqchip={0xe, 0xfffffffd}}, {0x2f, 0x5, 0x0, 0x0, @msi={0x9, 0x7, 0x1, 0x3a}}, {0x0, 0x5, 0x1, 0x0, @irqchip={0x8, 0x3}}]}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r3, 0xb}) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f0000000000)={0x6, 0x3}) r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x29) r10 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0x4b47, 0xfffffffffffffffe) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r12, 0x2, 0x12, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000cd6000/0x4000)=nil, r12, 0x2000009, 0x10010, r11, 0x0) r14 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) mmap$KVM_VCPU(&(0x7f0000e78000/0x3000)=nil, 0x930, 0x0, 0x4010, 0xffffffffffffffff, 0x0) 7m54.659562146s ago: executing program 0 (id=219): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60100, 0x0) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (rerun: 64) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur2={0x1, 0x20}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_vgic_v3_setup(r1, 0x2, 0x80) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7m9.40698405s ago: executing program 32 (id=218): r0 = openat$kvm(0x0, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil) write$eventfd(r6, &(0x7f00000001c0), 0xfdef) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r3, 0x1}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0xab0e9d50baa59e28, 0xffffffffffffffff, 0x1}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r3, 0x3}) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000340)={0x6, 0x0, [{0x4, 0x3, 0x0, 0x0, @msi={0x2, 0x7, 0xd8, 0x2f}}, {0x9, 0x3, 0x1, 0x0, @sint={0x2, 0x2}}, {0xbb3, 0x1, 0x0, 0x0, @sint={0x3, 0x52ae3ee3}}, {0x4, 0x1, 0x1, 0x0, @irqchip={0xe, 0xfffffffd}}, {0x2f, 0x5, 0x0, 0x0, @msi={0x9, 0x7, 0x1, 0x3a}}, {0x0, 0x5, 0x1, 0x0, @irqchip={0x8, 0x3}}]}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r3, 0xb}) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f0000000000)={0x6, 0x3}) r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x29) r10 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0x4b47, 0xfffffffffffffffe) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r12, 0x2, 0x12, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000cd6000/0x4000)=nil, r12, 0x2000009, 0x10010, r11, 0x0) r14 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) mmap$KVM_VCPU(&(0x7f0000e78000/0x3000)=nil, 0x930, 0x0, 0x4010, 0xffffffffffffffff, 0x0) 7m6.191416376s ago: executing program 33 (id=219): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60100, 0x0) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (rerun: 64) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur2={0x1, 0x20}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_vgic_v3_setup(r1, 0x2, 0x80) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1m3.280011707s ago: executing program 2 (id=220): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x32043, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x11, r1, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000050, [0x9, 0xb4, 0x100, 0x6, 0x88]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100026, &(0x7f0000000000)=0x776}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7}) syz_kvm_add_vcpu$arm64(r11, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x2d0}) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x62) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 49.581517496s ago: executing program 3 (id=221): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0x0, &(0x7f0000000000), 0x402000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000}) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0xc, 0xca}}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f00004d2000/0x3000)=nil, r11, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 14.945905693s ago: executing program 34 (id=220): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x32043, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x11, r1, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000050, [0x9, 0xb4, 0x100, 0x6, 0x88]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100026, &(0x7f0000000000)=0x776}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7}) syz_kvm_add_vcpu$arm64(r11, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x2d0}) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0x62) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 0s ago: executing program 35 (id=221): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0x0, &(0x7f0000000000), 0x402000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0xd000}) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0xc, 0xca}}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f00004d2000/0x3000)=nil, r11, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) kernel console output (not intermixed with test programs): [ 394.472180][ T25] audit: type=1400 audit(393.670:60): avc: denied { read } for pid=3170 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 413.392073][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.239661][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:62670' (ED25519) to the list of known hosts. [ 633.062739][ T25] audit: type=1400 audit(632.260:61): avc: denied { name_bind } for pid=3329 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 633.969312][ T25] audit: type=1400 audit(633.180:62): avc: denied { execute } for pid=3330 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 633.992290][ T25] audit: type=1400 audit(633.200:63): avc: denied { execute_no_trans } for pid=3330 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 665.554135][ T25] audit: type=1400 audit(664.760:64): avc: denied { mounton } for pid=3330 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 665.606529][ T25] audit: type=1400 audit(664.810:65): avc: denied { mount } for pid=3330 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 665.691990][ T3330] cgroup: Unknown subsys name 'net' [ 665.763265][ T25] audit: type=1400 audit(664.970:66): avc: denied { unmount } for pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 666.265569][ T3330] cgroup: Unknown subsys name 'cpuset' [ 666.412471][ T3330] cgroup: Unknown subsys name 'rlimit' [ 667.419852][ T25] audit: type=1400 audit(666.630:67): avc: denied { setattr } for pid=3330 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 667.439603][ T25] audit: type=1400 audit(666.640:68): avc: denied { mounton } for pid=3330 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 667.468620][ T25] audit: type=1400 audit(666.680:69): avc: denied { mount } for pid=3330 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 668.523922][ T3334] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 668.547256][ T25] audit: type=1400 audit(667.750:70): avc: denied { relabelto } for pid=3334 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 668.573253][ T25] audit: type=1400 audit(667.770:71): avc: denied { write } for pid=3334 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 668.768805][ T25] audit: type=1400 audit(667.970:72): avc: denied { read } for pid=3330 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 668.783985][ T25] audit: type=1400 audit(667.990:73): avc: denied { open } for pid=3330 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 668.835474][ T3330] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 726.669944][ T25] audit: type=1400 audit(725.880:74): avc: denied { execmem } for pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 730.516032][ T25] audit: type=1400 audit(729.720:75): avc: denied { read } for pid=3338 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 730.540963][ T25] audit: type=1400 audit(729.750:76): avc: denied { read } for pid=3337 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 730.571450][ T25] audit: type=1400 audit(729.760:77): avc: denied { open } for pid=3338 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 730.638168][ T25] audit: type=1400 audit(729.830:78): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 730.860753][ T25] audit: type=1400 audit(730.070:80): avc: denied { module_request } for pid=3338 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 730.910363][ T25] audit: type=1400 audit(730.060:79): avc: denied { module_request } for pid=3337 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 731.952360][ T25] audit: type=1400 audit(731.150:81): avc: denied { sys_module } for pid=3338 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 755.256614][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.397205][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.538139][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.633827][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.322835][ T3337] hsr_slave_0: entered promiscuous mode [ 771.402142][ T3337] hsr_slave_1: entered promiscuous mode [ 773.363628][ T3338] hsr_slave_0: entered promiscuous mode [ 773.429950][ T3338] hsr_slave_1: entered promiscuous mode [ 773.469909][ T3338] debugfs: 'hsr0' already exists in 'hsr' [ 773.485958][ T3338] Cannot create hsr debugfs directory [ 780.337178][ T25] audit: type=1400 audit(779.520:82): avc: denied { create } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 780.416135][ T25] audit: type=1400 audit(779.610:83): avc: denied { write } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 780.465987][ T25] audit: type=1400 audit(779.650:84): avc: denied { read } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 780.678327][ T3337] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 780.891341][ T3337] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 781.053548][ T3337] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 781.311608][ T3337] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 782.953055][ T3338] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 783.112282][ T3338] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 783.427330][ T3338] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 783.657105][ T3338] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 795.843251][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 798.680995][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 854.540735][ T3337] veth0_vlan: entered promiscuous mode [ 855.100306][ T3337] veth1_vlan: entered promiscuous mode [ 857.273255][ T3337] veth0_macvtap: entered promiscuous mode [ 857.877401][ T3337] veth1_macvtap: entered promiscuous mode [ 857.987238][ T3338] veth0_vlan: entered promiscuous mode [ 858.810983][ T3338] veth1_vlan: entered promiscuous mode [ 860.502748][ T3349] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.529592][ T3349] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.538039][ T3349] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.543388][ T3349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 861.898600][ T3338] veth0_macvtap: entered promiscuous mode [ 862.473058][ T3338] veth1_macvtap: entered promiscuous mode [ 863.454015][ T25] audit: type=1400 audit(862.660:85): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 863.711720][ T25] audit: type=1400 audit(862.860:86): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.qzGu9G/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 863.884245][ T25] audit: type=1400 audit(863.090:87): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 864.178520][ T25] audit: type=1400 audit(863.380:88): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.qzGu9G/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 864.293333][ T25] audit: type=1400 audit(863.500:89): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/syzkaller.qzGu9G/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 865.198562][ T25] audit: type=1400 audit(864.360:90): avc: denied { unmount } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 865.349897][ T3349] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.353611][ T3349] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.467656][ T3349] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.529389][ T3349] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.562775][ T25] audit: type=1400 audit(864.770:91): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 865.747674][ T25] audit: type=1400 audit(864.900:92): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="gadgetfs" ino=3765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 866.019091][ T25] audit: type=1400 audit(865.230:93): avc: denied { mount } for pid=3337 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 866.077236][ T25] audit: type=1400 audit(865.280:94): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 867.723449][ T3337] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 868.878464][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 868.907233][ T25] audit: type=1400 audit(868.070:96): avc: denied { read write } for pid=3337 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 868.966936][ T25] audit: type=1400 audit(868.160:97): avc: denied { open } for pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 868.987656][ T25] audit: type=1400 audit(868.190:98): avc: denied { ioctl } for pid=3337 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 878.619905][ T25] audit: type=1400 audit(877.790:99): avc: denied { read } for pid=3488 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 878.645981][ T25] audit: type=1400 audit(877.840:100): avc: denied { open } for pid=3488 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 878.981560][ T25] audit: type=1400 audit(878.190:101): avc: denied { ioctl } for pid=3488 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 880.288281][ T25] audit: type=1400 audit(879.490:102): avc: denied { append } for pid=3488 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 885.286267][ T25] audit: type=1400 audit(884.480:103): avc: denied { write } for pid=3490 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 908.587371][ T25] audit: type=1400 audit(907.790:104): avc: denied { execute } for pid=3506 comm="syz.1.6" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4065 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 938.650817][ T25] audit: type=1400 audit(937.860:105): avc: denied { setattr } for pid=3523 comm="syz.0.10" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1087.373978][ T25] audit: type=1400 audit(1086.580:106): avc: denied { map } for pid=3609 comm="syz.0.35" path="pipe:[2771]" dev="pipefs" ino=2771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1158.012556][ T25] audit: type=1400 audit(1157.140:107): avc: denied { execute } for pid=3651 comm="syz.1.48" path=2F32322FFF67521CD66F8F1F447D3570707CD24B7EEBB207 dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1181.412622][ T3666] kvm [3666]: Failed to find VMA for hva 0x20c01000 [ 1259.463750][ T25] audit: type=1400 audit(1258.590:108): avc: denied { create } for pid=3703 comm="syz.1.64" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1259.628006][ T25] audit: type=1400 audit(1258.830:109): avc: denied { map } for pid=3703 comm="syz.1.64" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1259.680490][ T25] audit: type=1400 audit(1258.870:110): avc: denied { read } for pid=3703 comm="syz.1.64" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1542.611777][ T3848] kvm [3848]: Failed to find VMA for hva 0x20d8d000 [ 1906.986673][ T25] audit: type=1400 audit(1906.190:111): avc: denied { ioctl } for pid=4073 comm="syz.1.178" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2236.913632][ T4209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2237.747754][ T4209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2237.960741][ T4211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2238.770138][ T4211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2261.821373][ T4209] hsr_slave_0: entered promiscuous mode [ 2261.891055][ T4209] hsr_slave_1: entered promiscuous mode [ 2261.937299][ T4209] debugfs: 'hsr0' already exists in 'hsr' [ 2261.944107][ T4209] Cannot create hsr debugfs directory [ 2264.209932][ T4211] hsr_slave_0: entered promiscuous mode [ 2264.289175][ T4211] hsr_slave_1: entered promiscuous mode [ 2264.349004][ T4211] debugfs: 'hsr0' already exists in 'hsr' [ 2264.352062][ T4211] Cannot create hsr debugfs directory [ 2282.673021][ T4209] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2283.511135][ T4209] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2284.147366][ T4209] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2284.833602][ T4209] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2291.334217][ T4211] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2291.846838][ T4211] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2292.364064][ T4211] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2293.012712][ T4211] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2321.963688][ T4209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2329.292602][ T4239] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2331.054136][ T4239] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2332.991379][ T4239] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2334.208331][ T4211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2335.103880][ T4239] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2365.191739][ T4239] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2365.689702][ T4239] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2366.062505][ T4239] bond0 (unregistering): Released all slaves [ 2371.073337][ T4239] hsr_slave_0: left promiscuous mode [ 2371.229782][ T4239] hsr_slave_1: left promiscuous mode [ 2372.372131][ T4239] veth1_macvtap: left promiscuous mode [ 2372.374220][ T4239] veth0_macvtap: left promiscuous mode [ 2372.408112][ T4239] veth1_vlan: left promiscuous mode [ 2372.457264][ T4239] veth0_vlan: left promiscuous mode [ 2503.043505][ T4209] veth0_vlan: entered promiscuous mode [ 2504.288955][ T4209] veth1_vlan: entered promiscuous mode [ 2508.075545][ T4209] veth0_macvtap: entered promiscuous mode [ 2508.642745][ T4209] veth1_macvtap: entered promiscuous mode [ 2513.776284][ T3428] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2514.085968][ T4239] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2514.103600][ T4239] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2514.198134][ T4289] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2515.248159][ T4211] veth0_vlan: entered promiscuous mode [ 2518.099099][ T4211] veth1_vlan: entered promiscuous mode [ 2523.189433][ T25] audit: type=1400 audit(2522.390:112): avc: denied { unmount } for pid=4209 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 2525.090034][ T4211] veth0_macvtap: entered promiscuous mode [ 2526.080567][ T4211] veth1_macvtap: entered promiscuous mode [ 2531.127263][ T4239] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2531.269133][ T4239] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2531.408304][ T4239] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2531.442397][ T4239] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2537.900884][ T25] audit: type=1400 audit(2537.040:113): avc: denied { map } for pid=4401 comm="syz.2.220" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2693.332416][ T4427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2693.860197][ T4427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2707.862726][ T4435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2708.534185][ T4435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2734.959162][ T4427] hsr_slave_0: entered promiscuous mode [ 2735.019672][ T4427] hsr_slave_1: entered promiscuous mode [ 2735.096594][ T4427] debugfs: 'hsr0' already exists in 'hsr' [ 2735.116304][ T4427] Cannot create hsr debugfs directory [ 2744.303789][ T4435] hsr_slave_0: entered promiscuous mode [ 2744.363371][ T4435] hsr_slave_1: entered promiscuous mode [ 2744.403336][ T4435] debugfs: 'hsr0' already exists in 'hsr' [ 2744.456342][ T4435] Cannot create hsr debugfs directory [ 2760.507026][ T4427] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2761.785819][ T4427] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2762.696087][ T4427] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2763.660649][ T4427] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2773.012515][ T4435] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2773.672803][ T4435] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2774.322063][ T4435] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2774.400038][ T27] INFO: task syz.1.218:4200 blocked for more than 430 seconds. [ 2774.439650][ T27] Not tainted syzkaller #0 [ 2774.442586][ T27] Blocked by coredump. [ 2774.445410][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2774.445825][ T27] task:syz.1.218 state:D stack:0 pid:4200 tgid:4200 ppid:3338 task_flags:0x40044c flags:0x00000019 [ 2774.447013][ T27] Call trace: [ 2774.447331][ T27] __switch_to+0x584/0xb00 (T) [ 2774.449240][ T27] __schedule+0x200c/0x3428 [ 2774.449603][ T27] schedule+0xac/0x27c [ 2774.449914][ T27] schedule_timeout+0x68/0x1ec [ 2774.450277][ T27] do_wait_for_common+0x28c/0x440 [ 2774.450578][ T27] wait_for_completion+0x44/0x5c [ 2774.450900][ T27] __synchronize_srcu+0x2a4/0x320 [ 2774.451248][ T27] synchronize_srcu+0x3d0/0x4f8 [ 2774.451572][ T27] mmu_notifier_unregister+0x320/0x428 [ 2774.451937][ T27] kvm_put_kvm+0x698/0xbe0 [ 2774.452185][ T27] kvm_vcpu_release+0x70/0x9c [ 2774.452483][ T27] __fput+0x4ac/0x978 [ 2774.452739][ T27] ____fput+0x20/0x58 [ 2774.453029][ T27] task_work_run+0x1b8/0x250 [ 2774.453310][ T27] do_exit+0x7f8/0x2378 [ 2774.453615][ T27] do_group_exit+0x1d4/0x2ac [ 2774.453947][ T27] get_signal+0x1440/0x154c [ 2774.697383][ T27] arch_do_signal_or_restart+0x23c/0x4bac [ 2774.707096][ T27] exit_to_user_mode_loop+0x88/0x188 [ 2774.707706][ T27] el0_svc+0x17c/0x238 [ 2774.708260][ T27] el0t_64_sync_handler+0x84/0x12c [ 2774.708750][ T27] el0t_64_sync+0x198/0x19c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2774.773900][ T27] [ 2774.773900][ T27] Showing all locks held in the system: [ 2774.803262][ T27] 2 locks held by kworker/0:0/9: [ 2774.804008][ T27] 1 lock held by kworker/u4:1/21: [ 2774.843268][ T27] 1 lock held by khungtaskd/27: [ 2774.846973][ T27] #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 2774.848500][ T27] 2 locks held by kworker/u4:5/51: [ 2774.848810][ T27] 1 lock held by syslogd/3129: [ 2774.849007][ T27] 2 locks held by getty/3199: [ 2774.849185][ T27] #0: 5af000001231a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 2774.850127][ T27] #1: 9eff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234 [ 2774.851060][ T27] 1 lock held by sshd-session/3329: [ 2774.851237][ T27] 2 locks held by syz-executor/3330: [ 2774.851406][ T27] 3 locks held by kworker/u4:4/3382: [ 2774.851569][ T27] 3 locks held by kworker/u4:7/3428: [ 2774.851729][ T27] 3 locks held by kworker/u4:2/3670: [ 2774.851913][ T27] 2 locks held by kworker/u4:3/3981: [ 2774.852069][ T27] #0: 9af000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10 [ 2774.853010][ T27] #1: ffff80008f007c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10 [ 2774.853814][ T27] 3 locks held by kworker/u4:0/4179: [ 2774.854029][ T27] #0: e3f000001228b148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10 [ 2775.095918][ T27] #1: ffff8000a8f77c88 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10 [ 2775.123345][ T27] #2: ffff800087db21c0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 2775.186405][ T27] 2 locks held by syz.0.219/4202: [ 2775.186801][ T27] 3 locks held by kworker/u4:8/4239: [ 2775.187168][ T27] 3 locks held by kworker/u4:12/4330: [ 2775.187500][ T27] 2 locks held by syz-executor/4435: [ 2775.188005][ T27] [ 2775.188281][ T27] ============================================= [ 2775.188281][ T27] [ 2775.189203][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 2775.198668][ T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 2775.199951][ T27] Hardware name: linux,dummy-virt (DT) [ 2775.200793][ T27] Call trace: [ 2775.201551][ T27] show_stack+0x2c/0x3c (C) [ 2775.202475][ T27] __dump_stack+0x30/0x40 [ 2775.203302][ T27] dump_stack_lvl+0x30/0x12c [ 2775.204074][ T27] dump_stack+0x1c/0x28 [ 2775.204909][ T27] vpanic+0x1d4/0x4e4 [ 2775.205670][ T27] vpanic+0x0/0x4e4 [ 2775.206466][ T27] hung_task_panic+0x0/0x2c [ 2775.207333][ T27] kthread+0x794/0x99c [ 2775.208117][ T27] ret_from_fork+0x10/0x20 [ 2775.209870][ T27] Kernel Offset: disabled [ 2775.210534][ T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 2775.211494][ T27] Memory Limit: none [ 2775.213656][ T27] Rebooting in 86400 seconds..