last executing test programs: 20m6.909177597s ago: executing program 0 (id=42): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r6, 0x100000a, 0x80010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r6, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r4, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c61000/0x3000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="3200000040000000400000000000000007000084000000000e06000000000000fbffffffffffffff040000000000000008000000000000000100000000000000"], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x2000}) 20m0.488769452s ago: executing program 0 (id=44): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async) r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r0, 0x2, 0x100) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) 19m56.066854635s ago: executing program 0 (id=46): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="4600000000000000180000000000000001000800"], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0xfffffffffffffd24) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r12, 0x8040ae9f, &(0x7f0000000100)) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) 19m41.113072308s ago: executing program 0 (id=49): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x5, &(0x7f0000000180)=0x4}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, 0x0) 19m31.830856159s ago: executing program 0 (id=51): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000240)={0x200002f}) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async, rerun: 64) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (async, rerun: 32) ioctl$KVM_RUN(r8, 0xae80, 0x0) (rerun: 32) 19m19.165665577s ago: executing program 0 (id=53): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000240)={0xdf, 0x0, 0x2000}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xc, 0x0, 0x80, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(r14, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x2, 0x0, 0x0}) r15 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_ARM_MTE(r15, 0x4068aea3, &(0x7f0000000140)) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 18m32.618937907s ago: executing program 32 (id=53): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000240)={0xdf, 0x0, 0x2000}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xc, 0x0, 0x80, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(r14, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x2, 0x0, 0x0}) r15 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_ARM_MTE(r15, 0x4068aea3, &(0x7f0000000140)) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 49.913837288s ago: executing program 1 (id=220): syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002000000ff"]) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r5 = eventfd2(0x8801, 0x800) r6 = eventfd2(0x402, 0x80000) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r6, 0x5, 0x2, r6}) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r5, 0x5, 0x2, r6}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x626a02, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, 0x6}}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x110c230000}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0, 0x32, 0xffffffffffffffff, 0x0) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x28) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) 48.249642737s ago: executing program 2 (id=221): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 32) syz_kvm_vgic_v3_setup(r3, 0x41, 0x100) (async, rerun: 32) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x0, {0x603000000013c290, 0x7}}, @uexit={0x0, 0x0, 0x43}, @uexit={0x0, 0x0, 0xc398}, @its_send_cmd={0xaa, 0x0, {0xd, 0x0, 0x3, 0xe, 0x0, 0x5, 0x3}}, @msr={0x14, 0x0, {0x603000000013deaa, 0x4}}, @irq_setup={0x46, 0x0, {0x3, 0x78}}, @hvc={0x32, 0x0, {0xfeede2a244e47031, [0xfffffffffffffff7, 0x8000000000000001, 0x3, 0x6c8, 0xfffffffffffffff9]}}, @memwrite={0x6e, 0x0, @generic={0x0, 0x285, 0x6, 0x8}}, @memwrite={0x6e, 0x0, @vgic_gicd={0x8000000, 0x0, 0x61, 0xa}}, @uexit={0x0, 0x0, 0x5}, @its_setup={0x82, 0x0, {0x1, 0x1, 0x27b}}, @its_setup={0x82, 0x0, {0x1, 0x1, 0x280}}, @msr={0x14, 0x0, {0x603000000013c024, 0x8c0}}], 0x41}, 0x0, 0x0) (async, rerun: 32) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async, rerun: 32) ioctl$KVM_RUN(r8, 0xae80, 0x0) (rerun: 32) 40.556460238s ago: executing program 2 (id=222): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x505841, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140003, &(0x7f0000000000)=0x7}) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) close(0x3) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 38.410692096s ago: executing program 1 (id=223): mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_VM(r2, 0xae01, 0xc) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3f) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f00000000c0)={0xe4, 0x0, 0x2}) 32.626905044s ago: executing program 2 (id=224): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0xe5af000000000000}) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x86000000, [0x2, 0x1, 0x2, 0x3, 0x3]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000240)={0xb6, 0x0, 0xe5af000000000000}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x86000000, [0x2, 0x1, 0x2, 0x3, 0x3]}}], 0x40}, 0x0, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) 31.596612629s ago: executing program 1 (id=225): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000280)=@arm64_sve={0x60800000001502ba, 0x0}) ioctl$KVM_CREATE_VM(r4, 0x400454c8, 0x1) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x4) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100022, &(0x7f0000000000)=0xcb}) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x4006}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000100)=@arm64_fp={0x604000000010008c, &(0x7f0000000000)=0xa147000}) ioctl$KVM_RUN(r14, 0xae80, 0x0) 22.449561478s ago: executing program 2 (id=226): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3}) 20.66049346s ago: executing program 1 (id=227): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0xc48dde8a0f17f193, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r0, 0x0, 0x24132, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r1, 0x0, 0x8010, 0xffffffffffffffff, 0x0) 15.818617992s ago: executing program 2 (id=228): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0xfdfdffff) 12.7873751s ago: executing program 1 (id=229): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[], 0x30}], 0x1, 0x0, 0x0, 0x0) close(r0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000340)={0xeeef0000, 0x0, 0x1}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_vgic_v3_setup(r3, 0x4000000000000001, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x7, 0x1, 0x0}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_send_cmd={0xaa, 0x0, {0xc, 0x0, 0x0, 0x10, 0x0, 0x81, 0x1}}]}, 0x0, 0xfffffdb6) syz_kvm_vgic_v3_setup(r7, 0x1, 0x240) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0xb, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f00000002c0)=0x4}) ioctl$KVM_CAP_PTP_KVM(r7, 0x4068aea3, &(0x7f0000000240)) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2c) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r15, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x603000000010003e, &(0x7f0000000100)=0x10}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000000)={0x0, 0x2000, 0x1}) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) 7.513858157s ago: executing program 2 (id=230): munmap(&(0x7f0000c5c000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x0, 0x1000016, 0x12, r2, 0x0) mmap$KVM_VCPU(&(0x7f000085b000/0x2000)=nil, 0x0, 0x300000a, 0x2010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000c56000/0x2000)=nil, 0x2000) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x18) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000080)={0x8000000, 0xdddd0000, 0x6, 0x1, 0xb6d2}) ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000be6000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) 0s ago: executing program 1 (id=231): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bff000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}, @msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x40}, &(0x7f00000000c0), 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000280)=@arm64_fw={0x6030000000140000, &(0x7f0000000080)=0x100000001}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r7, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) openat$kvm(0x0, &(0x7f0000000200), 0x181000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r7, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 387.322059][ T3152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.045680][ T3152] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:23391' (ED25519) to the list of known hosts. [ 608.390201][ T25] audit: type=1400 audit(607.600:61): avc: denied { name_bind } for pid=3310 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 610.168223][ T25] audit: type=1400 audit(609.370:62): avc: denied { execute } for pid=3311 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 610.185731][ T25] audit: type=1400 audit(609.380:63): avc: denied { execute_no_trans } for pid=3311 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 629.242363][ T25] audit: type=1400 audit(628.460:64): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 629.276442][ T25] audit: type=1400 audit(628.490:65): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.363330][ T3311] cgroup: Unknown subsys name 'net' [ 629.415056][ T25] audit: type=1400 audit(628.630:66): avc: denied { unmount } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.817790][ T3311] cgroup: Unknown subsys name 'cpuset' [ 629.920396][ T3311] cgroup: Unknown subsys name 'rlimit' [ 630.848103][ T25] audit: type=1400 audit(630.060:67): avc: denied { setattr } for pid=3311 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 630.875612][ T25] audit: type=1400 audit(630.090:68): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 630.894619][ T25] audit: type=1400 audit(630.110:69): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.095927][ T3314] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 632.116565][ T25] audit: type=1400 audit(631.330:70): avc: denied { relabelto } for pid=3314 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.144357][ T25] audit: type=1400 audit(631.360:71): avc: denied { write } for pid=3314 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 632.331997][ T25] audit: type=1400 audit(631.550:72): avc: denied { read } for pid=3311 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.355683][ T25] audit: type=1400 audit(631.560:73): avc: denied { open } for pid=3311 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.402579][ T3311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 683.892285][ T25] audit: type=1400 audit(683.100:74): avc: denied { execmem } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 688.610166][ T25] audit: type=1400 audit(687.810:75): avc: denied { read } for pid=3317 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 688.632070][ T25] audit: type=1400 audit(687.840:76): avc: denied { open } for pid=3317 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 688.701243][ T25] audit: type=1400 audit(687.910:77): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 688.955916][ T25] audit: type=1400 audit(688.170:78): avc: denied { module_request } for pid=3318 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 690.082827][ T25] audit: type=1400 audit(689.300:79): avc: denied { sys_module } for pid=3318 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 718.463101][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 718.650565][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.233367][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.353965][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 731.948169][ T3317] hsr_slave_0: entered promiscuous mode [ 731.984218][ T3317] hsr_slave_1: entered promiscuous mode [ 733.384449][ T3318] hsr_slave_0: entered promiscuous mode [ 733.419926][ T3318] hsr_slave_1: entered promiscuous mode [ 733.451612][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 733.459181][ T3318] Cannot create hsr debugfs directory [ 738.728425][ T25] audit: type=1400 audit(737.940:80): avc: denied { create } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.778829][ T25] audit: type=1400 audit(737.980:81): avc: denied { write } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.846326][ T25] audit: type=1400 audit(738.060:82): avc: denied { read } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.953488][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 739.300753][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 739.526567][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 739.710358][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 741.688258][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 741.992330][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 742.181741][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 742.332293][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 754.773022][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 757.792137][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 813.850906][ T3317] veth0_vlan: entered promiscuous mode [ 814.333503][ T3317] veth1_vlan: entered promiscuous mode [ 816.360888][ T3317] veth0_macvtap: entered promiscuous mode [ 816.692754][ T3318] veth0_vlan: entered promiscuous mode [ 817.162812][ T3317] veth1_macvtap: entered promiscuous mode [ 817.851028][ T3318] veth1_vlan: entered promiscuous mode [ 820.492470][ T3400] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.528725][ T3400] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.629113][ T3400] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 820.630488][ T3400] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.070123][ T3318] veth0_macvtap: entered promiscuous mode [ 822.830407][ T3318] veth1_macvtap: entered promiscuous mode [ 823.660891][ T25] audit: type=1400 audit(822.860:83): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 823.948434][ T25] audit: type=1400 audit(823.160:84): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/syzkaller.PYwRqz/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 824.165885][ T25] audit: type=1400 audit(823.380:85): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 824.633593][ T25] audit: type=1400 audit(823.850:86): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/syzkaller.PYwRqz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 824.874607][ T25] audit: type=1400 audit(823.990:87): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/syzkaller.PYwRqz/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3775 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 825.863640][ T51] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.871698][ T51] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.939815][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.948399][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.982662][ T25] audit: type=1400 audit(825.200:88): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 826.281781][ T25] audit: type=1400 audit(825.500:89): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 826.432533][ T25] audit: type=1400 audit(825.650:90): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="gadgetfs" ino=3786 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 826.909936][ T25] audit: type=1400 audit(826.110:91): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 827.134197][ T25] audit: type=1400 audit(826.350:92): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 829.173140][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 829.854674][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 829.869340][ T25] audit: type=1400 audit(829.070:94): avc: denied { read write } for pid=3317 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 829.918964][ T25] audit: type=1400 audit(829.110:95): avc: denied { open } for pid=3317 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 829.954364][ T25] audit: type=1400 audit(829.170:96): avc: denied { ioctl } for pid=3317 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 843.158736][ T25] audit: type=1400 audit(842.370:97): avc: denied { read } for pid=3472 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 843.234269][ T25] audit: type=1400 audit(842.440:98): avc: denied { open } for pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 846.679779][ T25] audit: type=1400 audit(845.890:99): avc: denied { write } for pid=3475 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 846.793480][ T25] audit: type=1400 audit(845.990:100): avc: denied { ioctl } for pid=3475 comm="syz.0.3" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 849.842877][ T25] audit: type=1400 audit(849.060:101): avc: denied { execute } for pid=3475 comm="syz.0.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3915 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 870.485565][ T3488] FAULT_INJECTION: forcing a failure. [ 870.485565][ T3488] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 870.520107][ T3488] CPU: 0 UID: 0 PID: 3488 Comm: syz.1.6 Not tainted syzkaller #0 PREEMPT [ 870.520844][ T3488] Hardware name: linux,dummy-virt (DT) [ 870.521352][ T3488] Call trace: [ 870.521793][ T3488] show_stack+0x2c/0x3c (C) [ 870.523728][ T3488] __dump_stack+0x30/0x40 [ 870.524028][ T3488] dump_stack_lvl+0xd8/0x12c [ 870.524282][ T3488] dump_stack+0x1c/0x28 [ 870.524493][ T3488] should_fail_ex+0x570/0x6e0 [ 870.524769][ T3488] should_fail_alloc_page+0xd4/0xd8 [ 870.525060][ T3488] prepare_alloc_pages+0x20c/0x5e0 [ 870.525365][ T3488] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 870.525673][ T3488] alloc_pages_mpol+0x204/0x4c8 [ 870.525945][ T3488] alloc_pages_noprof+0x104/0x2ec [ 870.526228][ T3488] get_free_pages_noprof+0x1c/0xc4 [ 870.526518][ T3488] __kvm_mmu_topup_memory_cache+0x328/0x6d8 [ 870.526748][ T3488] kvm_mmu_topup_memory_cache+0x2c/0x3c [ 870.526970][ T3488] kvm_handle_guest_abort+0x1164/0x2e18 [ 870.527291][ T3488] handle_exit+0x21c/0x3dc [ 870.527517][ T3488] kvm_arch_vcpu_ioctl_run+0x11f8/0x2610 [ 870.527775][ T3488] kvm_vcpu_ioctl+0x7dc/0xc2c [ 870.528048][ T3488] __arm64_sys_ioctl+0x18c/0x244 [ 870.528383][ T3488] invoke_syscall+0x90/0x2b4 [ 870.528691][ T3488] el0_svc_common+0x180/0x2f4 [ 870.528986][ T3488] do_el0_svc+0x58/0x74 [ 870.529304][ T3488] el0_svc+0x58/0x164 [ 870.529538][ T3488] el0t_64_sync_handler+0x84/0x12c [ 870.529800][ T3488] el0t_64_sync+0x198/0x19c [ 876.299383][ T25] audit: type=1400 audit(875.510:102): avc: denied { append } for pid=3491 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 895.201870][ T3503] FAULT_INJECTION: forcing a failure. [ 895.201870][ T3503] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 895.251634][ T3503] CPU: 0 UID: 0 PID: 3503 Comm: syz.1.12 Not tainted syzkaller #0 PREEMPT [ 895.252024][ T3503] Hardware name: linux,dummy-virt (DT) [ 895.252151][ T3503] Call trace: [ 895.252250][ T3503] show_stack+0x2c/0x3c (C) [ 895.252624][ T3503] __dump_stack+0x30/0x40 [ 895.252844][ T3503] dump_stack_lvl+0xd8/0x12c [ 895.253067][ T3503] dump_stack+0x1c/0x28 [ 895.253296][ T3503] should_fail_ex+0x570/0x6e0 [ 895.253577][ T3503] should_fail_alloc_page+0xd4/0xd8 [ 895.253903][ T3503] prepare_alloc_pages+0x20c/0x5e0 [ 895.254217][ T3503] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 895.254514][ T3503] alloc_pages_mpol+0x204/0x4c8 [ 895.254783][ T3503] alloc_pages_noprof+0x104/0x2ec [ 895.255043][ T3503] get_free_pages_noprof+0x1c/0xc4 [ 895.255358][ T3503] __kvm_mmu_topup_memory_cache+0x328/0x6d8 [ 895.255597][ T3503] kvm_mmu_topup_memory_cache+0x2c/0x3c [ 895.255818][ T3503] kvm_handle_guest_abort+0x1164/0x2e18 [ 895.256123][ T3503] handle_exit+0x21c/0x3dc [ 895.256367][ T3503] kvm_arch_vcpu_ioctl_run+0x11f8/0x2610 [ 895.256675][ T3503] kvm_vcpu_ioctl+0x7dc/0xc2c [ 895.256982][ T3503] __arm64_sys_ioctl+0x18c/0x244 [ 895.257336][ T3503] invoke_syscall+0x90/0x2b4 [ 895.257667][ T3503] el0_svc_common+0x180/0x2f4 [ 895.257977][ T3503] do_el0_svc+0x58/0x74 [ 895.258299][ T3503] el0_svc+0x58/0x164 [ 895.258532][ T3503] el0t_64_sync_handler+0x84/0x12c [ 895.258765][ T3503] el0t_64_sync+0x198/0x19c [ 906.283032][ T25] audit: type=1400 audit(905.470:103): avc: denied { map } for pid=3507 comm="syz.1.14" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 906.338558][ T25] audit: type=1400 audit(905.500:104): avc: denied { execute } for pid=3507 comm="syz.1.14" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 926.843502][ T3522] FAULT_INJECTION: forcing a failure. [ 926.843502][ T3522] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 926.892449][ T3522] CPU: 0 UID: 0 PID: 3522 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT [ 926.892832][ T3522] Hardware name: linux,dummy-virt (DT) [ 926.892955][ T3522] Call trace: [ 926.893034][ T3522] show_stack+0x2c/0x3c (C) [ 926.893412][ T3522] __dump_stack+0x30/0x40 [ 926.893618][ T3522] dump_stack_lvl+0xd8/0x12c [ 926.893849][ T3522] dump_stack+0x1c/0x28 [ 926.894042][ T3522] should_fail_ex+0x570/0x6e0 [ 926.894333][ T3522] should_fail_alloc_page+0xd4/0xd8 [ 926.894610][ T3522] prepare_alloc_pages+0x20c/0x5e0 [ 926.894875][ T3522] __alloc_frozen_pages_noprof+0xd8/0x2d0 [ 926.895155][ T3522] alloc_pages_mpol+0x204/0x4c8 [ 926.895421][ T3522] alloc_pages_noprof+0x104/0x2ec [ 926.895664][ T3522] get_free_pages_noprof+0x1c/0xc4 [ 926.895927][ T3522] __kvm_mmu_topup_memory_cache+0x328/0x6d8 [ 926.896160][ T3522] kvm_mmu_topup_memory_cache+0x2c/0x3c [ 926.896380][ T3522] kvm_handle_guest_abort+0x1164/0x2e18 [ 926.896702][ T3522] handle_exit+0x21c/0x3dc [ 926.896931][ T3522] kvm_arch_vcpu_ioctl_run+0x11f8/0x2610 [ 926.897194][ T3522] kvm_vcpu_ioctl+0x7dc/0xc2c [ 926.897474][ T3522] __arm64_sys_ioctl+0x18c/0x244 [ 926.897788][ T3522] invoke_syscall+0x90/0x2b4 [ 926.898094][ T3522] el0_svc_common+0x180/0x2f4 [ 926.898392][ T3522] do_el0_svc+0x58/0x74 [ 926.898668][ T3522] el0_svc+0x58/0x164 [ 926.898879][ T3522] el0t_64_sync_handler+0x84/0x12c [ 926.899112][ T3522] el0t_64_sync+0x198/0x19c [ 983.249068][ T25] audit: type=1400 audit(982.360:105): avc: denied { setattr } for pid=3558 comm="syz.0.30" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1155.435413][ T3643] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1156.666710][ T3643] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.734137][ T3643] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1158.814336][ T3643] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.008820][ T3643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1178.315255][ T3643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1178.519857][ T3643] bond0 (unregistering): Released all slaves [ 1180.970305][ T3643] hsr_slave_0: left promiscuous mode [ 1181.062522][ T3643] hsr_slave_1: left promiscuous mode [ 1181.649216][ T3643] veth1_macvtap: left promiscuous mode [ 1181.658920][ T3643] veth0_macvtap: left promiscuous mode [ 1181.672716][ T3643] veth1_vlan: left promiscuous mode [ 1181.709659][ T3643] veth0_vlan: left promiscuous mode [ 1252.962642][ T3636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1253.235386][ T3636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1284.322275][ T3636] hsr_slave_0: entered promiscuous mode [ 1284.411922][ T3636] hsr_slave_1: entered promiscuous mode [ 1301.176259][ T3636] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1301.551091][ T3636] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1301.845772][ T3636] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1302.403970][ T3636] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1333.719163][ T3636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1444.120930][ T3636] veth0_vlan: entered promiscuous mode [ 1445.409760][ T3636] veth1_vlan: entered promiscuous mode [ 1448.830202][ T3636] veth0_macvtap: entered promiscuous mode [ 1449.469822][ T3636] veth1_macvtap: entered promiscuous mode [ 1453.234427][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1453.250701][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1453.273931][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1453.299539][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1582.050202][ T25] audit: type=1400 audit(1581.260:106): avc: denied { ioctl } for pid=3952 comm="syz.2.109" path="net:[4026532763]" dev="nsfs" ino=4026532763 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2013.572798][ T4207] kvm [4207]: Failed to find VMA for hva 0x21016000 [ 2089.769651][ T4250] FAULT_INJECTION: forcing a failure. [ 2089.769651][ T4250] name failslab, interval 1, probability 0, space 0, times 1 [ 2089.808418][ T4250] CPU: 0 UID: 0 PID: 4250 Comm: syz.1.201 Not tainted syzkaller #0 PREEMPT [ 2089.808800][ T4250] Hardware name: linux,dummy-virt (DT) [ 2089.808910][ T4250] Call trace: [ 2089.808987][ T4250] show_stack+0x2c/0x3c (C) [ 2089.809370][ T4250] __dump_stack+0x30/0x40 [ 2089.809579][ T4250] dump_stack_lvl+0xd8/0x12c [ 2089.809808][ T4250] dump_stack+0x1c/0x28 [ 2089.810004][ T4250] should_fail_ex+0x570/0x6e0 [ 2089.810291][ T4250] should_failslab+0xb8/0xec [ 2089.810570][ T4250] __kmalloc_noprof+0xdc/0x4b8 [ 2089.810826][ T4250] tomoyo_realpath_from_path+0xdc/0x628 [ 2089.811106][ T4250] tomoyo_path_number_perm+0x13c/0x33c [ 2089.811363][ T4250] tomoyo_file_ioctl+0x2c/0x3c [ 2089.811638][ T4250] security_file_ioctl+0xe8/0x2f0 [ 2089.811911][ T4250] __arm64_sys_ioctl+0xd0/0x244 [ 2089.812219][ T4250] invoke_syscall+0x90/0x2b4 [ 2089.812527][ T4250] el0_svc_common+0x180/0x2f4 [ 2089.812820][ T4250] do_el0_svc+0x58/0x74 [ 2089.813103][ T4250] el0_svc+0x58/0x164 [ 2089.813333][ T4250] el0t_64_sync_handler+0x84/0x12c [ 2089.813560][ T4250] el0t_64_sync+0x198/0x19c [ 2089.961323][ T4250] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2110.892551][ T4259] kvm [4259]: Failed to find VMA for hva 0x20dc5000 [ 2123.083851][ T4269] FAULT_INJECTION: forcing a failure. [ 2123.083851][ T4269] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 2123.129886][ T4269] CPU: 0 UID: 0 PID: 4269 Comm: syz.1.207 Not tainted syzkaller #0 PREEMPT [ 2123.130294][ T4269] Hardware name: linux,dummy-virt (DT) [ 2123.130407][ T4269] Call trace: [ 2123.130484][ T4269] show_stack+0x2c/0x3c (C) [ 2123.130835][ T4269] __dump_stack+0x30/0x40 [ 2123.131035][ T4269] dump_stack_lvl+0xd8/0x12c [ 2123.131253][ T4269] dump_stack+0x1c/0x28 [ 2123.131446][ T4269] should_fail_ex+0x570/0x6e0 [ 2123.131701][ T4269] should_fail+0x14/0x24 [ 2123.131946][ T4269] should_fail_usercopy+0x20/0x30 [ 2123.132236][ T4269] _inline_copy_from_user+0x3c/0x18c [ 2123.132499][ T4269] kstrtouint_from_user+0x70/0xf8 [ 2123.132763][ T4269] proc_fail_nth_write+0x4c/0x20c [ 2123.133011][ T4269] vfs_write+0x2c0/0xb1c [ 2123.133239][ T4269] ksys_write+0x100/0x1f4 [ 2123.133444][ T4269] __arm64_sys_write+0x98/0xcc [ 2123.133672][ T4269] invoke_syscall+0x90/0x2b4 [ 2123.133972][ T4269] el0_svc_common+0x180/0x2f4 [ 2123.134281][ T4269] do_el0_svc+0x58/0x74 [ 2123.134560][ T4269] el0_svc+0x58/0x164 [ 2123.134779][ T4269] el0t_64_sync_handler+0x84/0x12c [ 2123.134998][ T4269] el0t_64_sync+0x198/0x19c [ 2236.191336][ T4338] debugfs: 'vgic-its-state@8080000' already exists in '4338-7' [ 2241.971784][ T4341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c848 [ 2242.009793][ T4341] flags: 0x1ffdb8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6e) [ 2242.011944][ T4341] raw: 01ffdb8000000000 ffffc1ffc06bdf48 ffffc1ffc0714608 0000000000000000 [ 2242.012515][ T4341] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2242.012961][ T4341] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 2242.014227][ T4341] ------------[ cut here ]------------ [ 2242.014392][ T4341] kernel BUG at ./include/linux/mm.h:1036! [ 2242.016112][ T4341] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 2242.024461][ T4341] Modules linked in: [ 2242.025933][ T4341] CPU: 0 UID: 0 PID: 4341 Comm: syz.2.230 Not tainted syzkaller #0 PREEMPT [ 2242.027206][ T4341] Hardware name: linux,dummy-virt (DT) [ 2242.028255][ T4341] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2242.029534][ T4341] pc : kvm_s2_put_page+0x374/0x3a0 [ 2242.030647][ T4341] lr : kvm_s2_put_page+0x374/0x3a0 [ 2242.031622][ T4341] sp : ffff80008e6e7570 [ 2242.032360][ T4341] x29: ffff80008e6e7570 x28: 35f000001c518000 x27: 35f000001c518000 [ 2242.034007][ T4341] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 2242.035356][ T4341] x23: ffffc1ffc0721208 x22: 0000000000000000 x21: ffffc1ffc0721234 [ 2242.036714][ T4341] x20: 0000000000000000 x19: ffffc1ffc0721200 x18: 0000000000000000 [ 2242.038126][ T4341] x17: 00000000000000fe x16: 00000000000000ff x15: 0000000000000000 [ 2242.039483][ T4341] x14: 0000000000000002 x13: fff0000011dd0008 x12: 0000000000000001 [ 2242.040830][ T4341] x11: 0000000000080000 x10: 00000000000411c9 x9 : b66746af0e5ce500 [ 2242.042369][ T4341] x8 : b66746af0e5ce500 x7 : ffff80008048ab28 x6 : 0000000000000000 [ 2242.043713][ T4341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008075829c [ 2242.045031][ T4341] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 2242.046548][ T4341] Call trace: [ 2242.047282][ T4341] kvm_s2_put_page+0x374/0x3a0 (P) [ 2242.048280][ T4341] stage2_free_walker+0x1b0/0x264 [ 2242.049250][ T4341] __kvm_pgtable_walk+0x7d8/0xa68 [ 2242.050206][ T4341] kvm_pgtable_walk+0x294/0x468 [ 2242.051131][ T4341] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 2242.052186][ T4341] kvm_free_stage2_pgd+0x198/0x28c [ 2242.053216][ T4341] kvm_uninit_stage2_mmu+0x20/0x38 [ 2242.054189][ T4341] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 2242.055218][ T4341] kvm_mmu_notifier_release+0x48/0xa8 [ 2242.056219][ T4341] mmu_notifier_unregister+0x128/0x42c [ 2242.057280][ T4341] kvm_put_kvm+0x6a0/0xfa8 [ 2242.058119][ T4341] kvm_vcpu_release+0x70/0x9c [ 2242.059103][ T4341] __fput+0x4ac/0x980 [ 2242.059898][ T4341] ____fput+0x20/0x58 [ 2242.060730][ T4341] task_work_run+0x1bc/0x254 [ 2242.061629][ T4341] get_signal+0x13ec/0x1554 [ 2242.062489][ T4341] do_signal+0x23c/0x4dd0 [ 2242.063438][ T4341] do_notify_resume+0xb0/0x270 [ 2242.064366][ T4341] el0_svc+0xb8/0x164 [ 2242.065234][ T4341] el0t_64_sync_handler+0x84/0x12c [ 2242.066168][ T4341] el0t_64_sync+0x198/0x19c [ 2242.067524][ T4341] Code: f00375a1 912d8c21 aa1303e0 97f9c9f2 (d4210000) [ 2242.069365][ T4341] ---[ end trace 0000000000000000 ]--- [ 2242.070971][ T4341] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 2242.072992][ T4341] Kernel Offset: disabled [ 2242.073735][ T4341] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 2242.074858][ T4341] Memory Limit: none [ 2242.076549][ T4341] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:09:00 Registers: info registers vcpu 0 CPU#0 PC=ffff80008048e9f4 X00=0000000000000000 X01=00000000fffffffe X02=0000000000000001 X03=ffff80008048f884 X04=0000000000000000 X05=0000000000000000 X06=ffff80008048ab28 X07=ffff800080015834 X08=000000000004307d X09=d2ff8000a8802000 X10=000000000004307c X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f69a20 X16=0000000000000000 X17=00000000000000fe X18=0000000000000000 X19=0000000000000000 X20=00000000000000ff X21=00000000000003c0 X22=efff800000000000 X23=ffff800087942d78 X24=ffff800087942e20 X25=00000000fffffffe X26=0df0000011dd0010 X27=00000000000003c0 X28=ffff800087724000 X29=ffff80008e6e7040 X30=ffff80008048e9e4 SP=ffff80008e6e7010 PSTATE=804023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:ffffffff00000000 Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffffcd9ff90:0000fffffcd9ff90 Z17=ffffff80ffffffd0:0000fffffcd9ff60 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000