last executing test programs: 52.707092627s ago: executing program 1 (id=72): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10e00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x5000}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) 50.493316604s ago: executing program 0 (id=73): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r6 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r5, 0xa, 0x11, r6, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x80000000, 0x6}) 47.654560814s ago: executing program 1 (id=74): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0xf1, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x52) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, &(0x7f0000000080)=0xbced}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x11, r12, 0x0) 43.609540883s ago: executing program 0 (id=75): munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x18000}) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x34) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000080)={0x101ff, 0x0, &(0x7f0000e43000/0x4000)=nil}) r2 = eventfd2(0x3, 0x800) r3 = eventfd2(0x4, 0x80001) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f00000000c0)={r2, 0x8, 0x3, r3}) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000280)={0x0, &(0x7f0000000140)=[@code={0xa, 0x9c, {"00000094000008d5000008d50000204e00c0631e40429ed20040b0f2810180d2e20180d2e30080d2840180d2020000d4c04995d20020b0f2210080d2c20080d2c30080d2640180d2020000d4001892d20040b0f2e10180d2420080d2030080d2c40080d2020000d4e07c9ed20040b0f2010080d2620080d2430180d2840080d2020000d40000802c"}}, @hvc={0x32, 0x40, {0x4, [0x2, 0x9, 0x400, 0xffffffffffff38e2, 0xc1a6000000000000]}}, @eret={0xe6, 0x18, 0x80}, @mrs={0xbe, 0x18, {0x603000000013e649}}, @eret={0xe6, 0x18, 0xe}], 0x124}, &(0x7f00000002c0)=[@featur1={0x1, 0xaa}], 0x1) ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000300)={0xa, 0x5dd}) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f000095f000/0x400000)=nil) syz_kvm_setup_cpu$arm64(r0, r4, &(0x7f00009b5000/0x400000)=nil, &(0x7f0000000600)=[{0x0, &(0x7f0000000340)=[@its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x0, 0x2, 0x3, 0xffffffff}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0xa, 0x8, 0x5, 0x3}}, @code={0xa, 0x9c, {"00358bd20040b8f2c10180d2020080d2630180d2840080d2020000d4000cc09a000040290000003c0038202e007c202e805982d20080b0f2410080d2e20180d2e30180d2c40080d2020000d4c02898d200a0b8f2810180d2220080d2e30080d2a40080d2020000d440b39ed200a0b8f2a10180d2c20180d2630180d2e40080d2020000d4007008d5"}}, @irq_setup={0x46, 0x18, {0x3, 0x212}}, @hvc={0x32, 0x40, {0xf6000107, [0x6e2, 0x6, 0x2, 0x7, 0xd]}}, @irq_setup={0x46, 0x18, {0x0, 0x2e3}}, @code={0xa, 0x6c, {"5f2003d5007008d5000028d5007008d5000cc01a40808fd20060b0f2810080d2c20080d2630180d2840180d2020000d4000008d5408d8fd200a0b8f2010080d2020080d2c30080d2c40180d2020000d40078601e0014007f"}}, @svc={0x122, 0x40, {0x80008000, [0x4ab, 0x1, 0x4c, 0x0, 0x81]}}, @mrs={0xbe, 0x18, {0x603000000013e687}}, @code={0xa, 0x54, {"000cc03c60cc88d20040b0f2a10080d2420080d2430080d2c40080d2020000d4007008d5007008d5007008d500c0221e007c209b007008d5007008d51f0000f2"}}, @uexit={0x0, 0x18, 0xd}], 0x28c}], 0x1, 0x0, &(0x7f0000000640)=[@featur2={0x1, 0x1a}], 0x1) ioctl$KVM_CAP_DIRTY_LOG_RING(r5, 0x4068aea3, &(0x7f0000000680)={0xc0, 0x0, 0x8000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000700)={0x2000, 0x12f000, 0x1}) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000740)={0x2, 0xffffffffffffffff, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000780)={0x8000000, 0x5000, 0x1}) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000800)=@other={0xe62e, &(0x7f00000007c0)=0x3}) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xc) ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000840)={0x2, 0x1}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x109281, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000008c0)={0x7, 0xffffffffffffffff, 0x1}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000bfe000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000900), 0x52000, 0x0) mmap$KVM_VCPU(&(0x7f0000aaa000/0x4000)=nil, 0x0, 0x1000006, 0x810, r6, 0x0) 38.747056847s ago: executing program 1 (id=76): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x8030aeb4, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}}) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x1ff, 0xdddc1000, 0x0, r6, 0x4}) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async, rerun: 32) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x3, 0x11, r7, 0x0) (async, rerun: 32) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r7, 0x0) (async) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0xeeef0000, 0x4000, 0xc3f8, 0x1, 0x9}) 37.134932314s ago: executing program 0 (id=77): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x248800, 0x0) 30.319332423s ago: executing program 0 (id=78): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r7, 0x2}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r7, 0x6}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x2, 0x1, 0xf000, 0x1000, &(0x7f0000c02000/0x1000)=nil}) (async) r8 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000000000/0x400000)=nil) (async) r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) r11 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000000)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000100)=0xfffffffffffffffe}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r12, 0x401c5820, 0x8000000000000001) 29.755062848s ago: executing program 1 (id=79): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2a) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, 0x0}) 21.299369985s ago: executing program 1 (id=80): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x6000000, [0x0, 0x9, 0x10e3, 0x6d4d, 0x81]}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11.38033781s ago: executing program 1 (id=81): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013e08d, &(0x7f00000000c0)=0x6db}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r10 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@msr={0x14, 0x20, {0x603000000013c017, 0x9}}, @svc={0x122, 0x40, {0x80000002, [0xe, 0xa, 0x8, 0x8, 0xc]}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x2c7}}, @irq_setup={0x46, 0x18, {0x2, 0x228}}, @msr={0x14, 0x20, {0x603000000013800d, 0x101}}, @hvc={0x32, 0x40, {0x40000000, [0x9, 0x2, 0xff, 0x80, 0x1]}}, @eret={0xe6, 0x18}, @memwrite={0x6e, 0x30, @generic={0x0, 0xa01, 0x4, 0x2}}, @svc={0x122, 0x40, {0x8400000e, [0x57b8, 0x7f, 0x5, 0x7, 0x1000]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0x0, 0x6, 0xe, 0x2}}, @hvc={0x32, 0x40, {0xc5000021, [0x9, 0xfffffffffffffffb, 0x7, 0x9, 0x3]}}, @code={0xa, 0x6c, {"0018601e0094006f007008d5000008d5003c004e009c202ee05681d20020b0f2010180d2620080d2830080d2440080d2020000d4007008d5000cc038e02882d20000b0f2210180d2a20180d2e30180d2040080d2020000d4"}}, @eret={0xe6, 0x18}, @uexit={0x0, 0x18, 0x13b035}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0x10, 0xb, 0xa6, 0x1}}, @smc={0x1e, 0x40, {0xc4000012, [0xf3e, 0x7, 0xffffffffffffffff, 0x1d0, 0x5]}}, @msr={0x14, 0x20, {0x603000000013c800, 0x401}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x3ac}}, @smc={0x1e, 0x40, {0xc4000013, [0x1ff, 0x5, 0x7, 0x370f, 0x3ff]}}, @uexit={0x0, 0x18, 0x4}, @svc={0x122, 0x40, {0x8600000e, [0x80, 0x5, 0x0, 0x8, 0x5]}}, @irq_setup={0x46, 0x18, {0x1, 0x1ad}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0xc, 0x5, 0x4, 0x4}}, @uexit={0x0, 0x18}, @code={0xa, 0x9c, {"000f9fd200c0b8f2e10080d2620080d2c30180d2a40180d2020000d4a0c282d20080b0f2e10080d2c20080d2430080d2240080d2020000d4007008d50000200a60d798d20000b0f2a10080d2a20080d2c30080d2a40080d2020000d40000001f0014c05a0004007c601a8fd20040b0f2610180d2620180d2830080d2840080d2020000d4007008d5"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x9, 0x8, 0x5, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0xe4}}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x2, 0x2b7}}, @code={0xa, 0xb4, {"408485d200c0b8f2e10180d2020180d2e30180d2040180d2020000d40084207e0000c038000028d5806a88d200c0b0f2a10080d2e20180d2a30180d2c40180d2020000d4408f89d20080b0f2610080d2820080d2230080d2040080d2020000d420b383d20020b8f2410080d2a20080d2030180d2640080d2020000d4008008d5007008d5c02680d20040b0f2410080d2620180d2c30080d2c40080d2020000d4"}}], 0x5fc}, &(0x7f0000000040)=[@featur1={0x1, 0x1}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000200)=@arm64_fw={0x6030000000140000, &(0x7f0000000240)=0x10001}) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x603000000013c00a, &(0x7f0000000140)=0x20000000009}) 10.137978713s ago: executing program 0 (id=82): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@code={0xa, 0x20, {"002080d2a0bbbbf21f0042f9"}}], 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000100)={0x9, [0x9, 0x5, 0x6, 0x7, 0x2, 0x7, 0x80000000, 0xb6e, 0x2]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@code={0xa, 0x20, {"002080d2a0bbbbf21f0042f9"}}], 0x20}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000100)={0x9, [0x9, 0x5, 0x6, 0x7, 0x2, 0x7, 0x80000000, 0xb6e, 0x2]}) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) 0s ago: executing program 0 (id=83): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) (async, rerun: 64) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x4, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x7}) (async) r7 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r7, 0x4}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x8}) (async) ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000000)={0x6000}) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_IRQ_LINE(r9, 0x4008ae61, &(0x7f0000000000)={0x1, 0xe59b8351}) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) r12 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur1={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r12, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 390.667389][ T3150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.660053][ T3150] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:25327' (ED25519) to the list of known hosts. [ 607.346443][ T25] audit: type=1400 audit(606.570:61): avc: denied { name_bind } for pid=3308 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 608.271917][ T25] audit: type=1400 audit(607.500:62): avc: denied { execute } for pid=3309 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 608.298845][ T25] audit: type=1400 audit(607.530:63): avc: denied { execute_no_trans } for pid=3309 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 630.692117][ T25] audit: type=1400 audit(629.920:64): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 630.729988][ T25] audit: type=1400 audit(629.960:65): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.816018][ T3309] cgroup: Unknown subsys name 'net' [ 630.869098][ T25] audit: type=1400 audit(630.100:66): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 631.267525][ T3309] cgroup: Unknown subsys name 'cpuset' [ 631.370824][ T3309] cgroup: Unknown subsys name 'rlimit' [ 631.756101][ T25] audit: type=1400 audit(630.980:67): avc: denied { setattr } for pid=3309 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 631.775359][ T25] audit: type=1400 audit(631.000:68): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 631.801530][ T25] audit: type=1400 audit(631.030:69): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.987512][ T3312] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 633.007874][ T25] audit: type=1400 audit(632.230:70): avc: denied { relabelto } for pid=3312 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.027708][ T25] audit: type=1400 audit(632.250:71): avc: denied { write } for pid=3312 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 633.210992][ T25] audit: type=1400 audit(632.440:72): avc: denied { read } for pid=3309 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.237584][ T25] audit: type=1400 audit(632.460:73): avc: denied { open } for pid=3309 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.284595][ T3309] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 683.928312][ T25] audit: type=1400 audit(683.160:74): avc: denied { execmem } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 689.006070][ T25] audit: type=1400 audit(688.220:75): avc: denied { read } for pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 689.024222][ T25] audit: type=1400 audit(688.250:76): avc: denied { open } for pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 689.107613][ T25] audit: type=1400 audit(688.340:77): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 689.379001][ T25] audit: type=1400 audit(688.610:78): avc: denied { module_request } for pid=3315 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 690.519509][ T25] audit: type=1400 audit(689.740:79): avc: denied { sys_module } for pid=3315 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 719.858820][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.096669][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.156623][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.371180][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 732.418571][ T3315] hsr_slave_0: entered promiscuous mode [ 732.447047][ T3315] hsr_slave_1: entered promiscuous mode [ 733.492031][ T3316] hsr_slave_0: entered promiscuous mode [ 733.536234][ T3316] hsr_slave_1: entered promiscuous mode [ 733.574661][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 733.577519][ T3316] Cannot create hsr debugfs directory [ 738.740031][ T25] audit: type=1400 audit(737.970:80): avc: denied { create } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.785542][ T25] audit: type=1400 audit(738.010:81): avc: denied { write } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 738.836305][ T25] audit: type=1400 audit(738.060:82): avc: denied { read } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 739.066861][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 739.509398][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 739.741410][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 740.099780][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 741.427723][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 741.614634][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 741.770006][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 742.004720][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 754.830448][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 756.691017][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 816.199049][ T3315] veth0_vlan: entered promiscuous mode [ 816.814652][ T3315] veth1_vlan: entered promiscuous mode [ 820.325886][ T3316] veth0_vlan: entered promiscuous mode [ 821.416024][ T3315] veth0_macvtap: entered promiscuous mode [ 821.698842][ T3316] veth1_vlan: entered promiscuous mode [ 822.450469][ T3315] veth1_macvtap: entered promiscuous mode [ 825.584997][ T3316] veth0_macvtap: entered promiscuous mode [ 826.227903][ T3316] veth1_macvtap: entered promiscuous mode [ 826.356218][ T3420] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.386564][ T3420] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.394273][ T3420] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.564101][ T3420] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.854790][ T25] audit: type=1400 audit(829.070:83): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 830.125137][ T25] audit: type=1400 audit(829.340:84): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.O9dvaQ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 830.181806][ T3420] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.187212][ T3420] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.225173][ T3420] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.231584][ T3420] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.391600][ T25] audit: type=1400 audit(829.620:85): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 830.910934][ T25] audit: type=1400 audit(830.140:86): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.O9dvaQ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 831.110430][ T25] audit: type=1400 audit(830.270:87): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/syzkaller.O9dvaQ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 832.234785][ T25] audit: type=1400 audit(831.460:88): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 832.705073][ T25] audit: type=1400 audit(831.900:89): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 832.987703][ T25] audit: type=1400 audit(832.130:90): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="gadgetfs" ino=3802 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 833.468628][ T25] audit: type=1400 audit(832.620:91): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 833.546463][ T25] audit: type=1400 audit(832.770:92): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 835.137949][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 836.071368][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 836.080172][ T25] audit: type=1400 audit(835.300:94): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 836.126599][ T25] audit: type=1400 audit(835.340:95): avc: denied { open } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 836.181045][ T25] audit: type=1400 audit(835.410:96): avc: denied { ioctl } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=637 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 845.178760][ T25] audit: type=1400 audit(844.410:97): avc: denied { read } for pid=3474 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.255019][ T25] audit: type=1400 audit(844.480:98): avc: denied { open } for pid=3474 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.357732][ T25] audit: type=1400 audit(844.590:99): avc: denied { ioctl } for pid=3474 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 847.340809][ T3477] debugfs: 'vgic-its-state@8080000' already exists in '3477-4' [ 849.330948][ T25] audit: type=1400 audit(848.560:100): avc: denied { write } for pid=3476 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 863.551864][ T25] audit: type=1400 audit(862.780:101): avc: denied { execute } for pid=3484 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3981 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 906.594809][ T25] audit: type=1400 audit(905.820:102): avc: denied { append } for pid=3501 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 912.467216][ T25] audit: type=1400 audit(911.660:103): avc: denied { ioctl } for pid=3510 comm="syz.0.10" path="net:[4026532627]" dev="nsfs" ino=4026532627 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1029.711462][ T25] audit: type=1400 audit(1028.930:104): avc: denied { setattr } for pid=3559 comm="syz.0.24" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1032.724122][ T3560] kvm [3560]: Failed to find VMA for hva 0x20dde000 [ 1236.836649][ T3666] kvm [3666]: Failed to find VMA for hva 0x20dee000 [ 1347.365759][ T25] audit: type=1400 audit(1346.590:105): avc: denied { map } for pid=3739 comm="syz.1.74" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1385.278605][ T3765] kvm [3765]: Failed to find VMA for hva 0x21016000 [ 1397.461043][ T3774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e0e2 [ 1397.479735][ T3774] flags: 0x1ffe94000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xa5) [ 1397.509188][ T3774] raw: 01ffe94000000000 ffffc1ffc07838c8 ffffc1ffc0783b08 0000000000000000 [ 1397.521365][ T3774] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1397.549491][ T3774] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 1397.594288][ T3774] ------------[ cut here ]------------ [ 1397.594594][ T3774] kernel BUG at ./include/linux/mm.h:1036! [ 1397.596338][ T3774] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 1397.601271][ T3774] Modules linked in: [ 1397.603451][ T3774] CPU: 0 UID: 0 PID: 3774 Comm: syz.0.83 Not tainted syzkaller #0 PREEMPT [ 1397.604980][ T3774] Hardware name: linux,dummy-virt (DT) [ 1397.606252][ T3774] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1397.607566][ T3774] pc : kvm_s2_put_page+0x374/0x3a0 [ 1397.609837][ T3774] lr : kvm_s2_put_page+0x374/0x3a0 [ 1397.610803][ T3774] sp : ffff8000a3877570 [ 1397.611572][ T3774] x29: ffff8000a3877570 x28: 4ef000001e0ec000 x27: 4ef000001e0ec000 [ 1397.613225][ T3774] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 1397.614602][ T3774] x23: ffffc1ffc0783888 x22: 0000000000000000 x21: ffffc1ffc07838b4 [ 1397.615935][ T3774] x20: 0000000000000000 x19: ffffc1ffc0783880 x18: 00000000436c492a [ 1397.617336][ T3774] x17: 0000000004eda05c x16: 00000000436c16da x15: 00000000127d3076 [ 1397.618720][ T3774] x14: ffffffffffffffff x13: fff000001d15d888 x12: 0000000000000001 [ 1397.619933][ T3774] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 3c381de24de24d00 [ 1397.621419][ T3774] x8 : 3c381de24de24d00 x7 : ffff80008039fbc8 x6 : 0000000000000000 [ 1397.622813][ T3774] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008075829c [ 1397.624134][ T3774] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 1397.625752][ T3774] Call trace: [ 1397.626663][ T3774] kvm_s2_put_page+0x374/0x3a0 (P) [ 1397.627853][ T3774] stage2_free_walker+0x1b0/0x264 [ 1397.628918][ T3774] __kvm_pgtable_walk+0x7d8/0xa68 [ 1397.629919][ T3774] kvm_pgtable_walk+0x294/0x468 [ 1397.630868][ T3774] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1397.631935][ T3774] kvm_free_stage2_pgd+0x198/0x28c [ 1397.632863][ T3774] kvm_uninit_stage2_mmu+0x20/0x38 [ 1397.633838][ T3774] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1397.634856][ T3774] kvm_mmu_notifier_release+0x48/0xa8 [ 1397.635847][ T3774] mmu_notifier_unregister+0x128/0x42c [ 1397.636847][ T3774] kvm_put_kvm+0x6a0/0xfa8 [ 1397.637579][ T3774] kvm_vcpu_release+0x70/0x9c [ 1397.638529][ T3774] __fput+0x4ac/0x980 [ 1397.639306][ T3774] ____fput+0x20/0x58 [ 1397.640123][ T3774] task_work_run+0x1bc/0x254 [ 1397.641019][ T3774] get_signal+0x13ec/0x1554 [ 1397.641982][ T3774] do_signal+0x23c/0x4dd0 [ 1397.642914][ T3774] do_notify_resume+0xb0/0x270 [ 1397.643691][ T3774] el0_svc+0xb8/0x164 [ 1397.644513][ T3774] el0t_64_sync_handler+0x84/0x12c [ 1397.645424][ T3774] el0t_64_sync+0x198/0x19c [ 1397.646945][ T3774] Code: f00375a1 912d8c21 aa1303e0 97f9c9f2 (d4210000) [ 1397.648824][ T3774] ---[ end trace 0000000000000000 ]--- [ 1397.650438][ T3774] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 1397.652458][ T3774] Kernel Offset: disabled [ 1397.653212][ T3774] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1397.654422][ T3774] Memory Limit: none [ 1397.657959][ T3774] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:03:16 Registers: info registers vcpu 0 CPU#0 PC=ffff80008048f760 X00=ffff8000a3876f90 X01=00000000000003ce X02=0000000000000000 X03=ffff80008048fe7c X04=0000000000000000 X05=0000000000000000 X06=ffff80008048ab28 X07=ffff800080015834 X08=00000000fffffffe X09=0000000000000000 X10=0000000000ff0100 X11=0000000000000000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000000 X15=ffff800087f69a20 X16=0000000000000000 X17=0000000004eda05c X18=00000000436c492a X19=00000000fffffffe X20=00000000000003cd X21=ffff800087942e20 X22=00000000000003cd X23=00000000000000ff X24=ffff800087942e20 X25=00000000000003cd X26=27f000001d15d890 X27=00000000000003c0 X28=ffff800087724000 X29=ffff8000a3876fd0 X30=ffff80008048febc SP=ffff8000a3876f90 PSTATE=804023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:f0000000ffffffff Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffde2c2e60:0000ffffde2c2e60 Z17=ffffff80ffffffd0:0000ffffde2c2e30 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000