last executing test programs: 36m9.462928791s ago: executing program 0 (id=152): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000500)=[@its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x3, 0xf, 0x4, 0x6, 0x3}}, @msr={0x14, 0x20, {0x6030000000131a01, 0x3d1}}, @svc={0x122, 0x40, {0x0, [0xffffffffffffffff, 0x4, 0x60, 0x7, 0x5]}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf}}, @msr={0x14, 0x20, {0x603000000013dee0, 0x1}}, @svc={0x122, 0x40, {0x100, [0xa, 0x1, 0x4, 0x6, 0x80000000000319f]}}, @irq_setup={0x46, 0x18, {0x4, 0x187}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x4, 0x6, 0x5, 0x1ff, 0x1}}, @hvc={0x32, 0x40, {0xc5000020, [0x4, 0xfffffffffffffff8, 0x10, 0x17, 0x3]}}, @mrs={0xbe, 0x18, {0x6030000000138046}}, @msr={0x14, 0x20, {0x6030000000138044, 0xffffffff}}, @code={0xa, 0x84, {"00d590d20000b0f2e10180d2020180d2e30180d2e40180d2020000d4000028d5000008d5007008d5405886d20000b0f2610080d2820180d2e30180d2240080d2020000d4602595d200e0b0f2410080d2620180d2c30080d2640180d2020000d400209f0c007008d50080601f0008c0da"}}, @msr={0x14, 0x20, {0x603000000013c10a, 0x80}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x7, 0x8}}], 0x2bc}, 0x0, 0x2) r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000b80), 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002}) write$eventfd(r13, &(0x7f00000001c0)=0x3, 0x50) r14 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r14, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8}) r15 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r15, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000480)="fb0149dd033be3ac2cc4a29ea6affce7454e35c4b85400005a9610fb000000000000000b449a7a835673312b54ebb2aa76c869d22627e700000600", 0x0, 0xfffffffffffffd65) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r15, 0x0) r16 = eventfd2(0x0, 0x0) close(r16) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r16, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, 0x0, 0x8200, 0x0) 35m55.260456109s ago: executing program 1 (id=155): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x800454d7, 0x2000ffffbffffffc) (async) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r11, 0x3, 0x11, r10, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r11, 0x1, 0x12, r7, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r11, 0x8, 0x1010, r1, 0x0) ioctl$KVM_CREATE_VM(r0, 0x541b, 0x2000001c) 35m50.811004725s ago: executing program 0 (id=156): r0 = openat$kvm(0x0, &(0x7f00000003c0), 0x1e75c2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000000)=@attr_other={0x0, 0x0, 0x9, &(0x7f0000000180)=0x2}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2428c0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x200000, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd8) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x400200, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x1) ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r5, 0x300000a, 0x1010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ebf000/0x3000)=nil, r5, 0xf, 0x4010, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r12, 0x4010ae74, &(0x7f0000000140)={0x1, 0x9}) 35m47.579633693s ago: executing program 1 (id=157): openat$kvm(0x0, &(0x7f0000000080), 0x143302, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) r1 = eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0x4020940d, 0x20000000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0xd000, 0x2000, &(0x7f0000e98000/0x2000)=nil}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bc2000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x3) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010001a, &(0x7f00000000c0)=0x11}) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000080)=@arm64={0xe6, 0x7, 0x8, '\x00', 0xff}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 35m44.923260919s ago: executing program 0 (id=158): openat$kvm(0x0, 0x0, 0x22840, 0x0) r0 = openat$kvm(0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0xc, &(0x7f00000000c0)=0x401}) 35m40.245273145s ago: executing program 0 (id=159): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0xffffffffffbffffc, 0x120) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x200000000000001}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x9}}], 0x50}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r13 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bc2000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r15 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0xc, {0x4, 0x1, 0x39d}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0xffffffffffbffffc, 0x120) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r15, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) 35m38.405729699s ago: executing program 1 (id=160): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) eventfd2(0x3, 0x100000) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c00b}}], 0x18}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@mrs={0xbe, 0x18, {0x603000000013dce8}}, @irq_setup={0x46, 0x18, {0x3, 0x2a}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x5, 0x9, 0x6, 0x3}}, @eret={0xe6, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x4, 0x23a}}, @smc={0x1e, 0x40, {0x1, [0x9, 0x5, 0x4, 0x2, 0x55]}}, @svc={0x122, 0x40, {0x8400000f, [0x3, 0x6, 0x7, 0x10001, 0x96]}}, @msr={0x14, 0x20, {0x603000000013c028, 0x120}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x703, 0x4, 0x1}}, @code={0xa, 0x9c, {"0088200e000008d5802897d20080b0f2a10080d2c20080d2230180d2840180d2020000d4000008d5001c4093007008d5c0b490d200a0b0f2010180d2a20180d2430080d2040180d2020000d440b191d20080b8f2c10080d2820080d2a30180d2a40080d2020000d440ce93d20040b8f2c10180d2420180d2230080d2040180d2020000d40074200e"}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0x7, 0x5, 0x2, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e180}}, @eret={0xe6, 0x18, 0x4}, @uexit={0x0, 0x18, 0x72}, @smc={0x1e, 0x40, {0x86000000, [0x0, 0x8000000000000001, 0x1, 0x7, 0x2]}}, @svc={0x122, 0x40, {0x84000013, [0x1, 0xfffffffffffff000, 0x7fffffffffffffff, 0x4, 0xed4d]}}, @eret={0xe6, 0x18, 0x80}, @svc={0x122, 0x40, {0x40000000, [0x4, 0x7, 0xb, 0xff, 0x1]}}], 0x33c}, &(0x7f0000000040)=[@featur1={0x1, 0x18}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 35m29.492787576s ago: executing program 1 (id=161): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x6, 0x800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r2, 0x3}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x3, 0xffff1000, 0x1000, &(0x7f00004bf000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x2, 0x3, 0x100000, 0x2000, &(0x7f000000f000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r2, 0xa}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r2, 0x3}) 35m20.182643592s ago: executing program 1 (id=162): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (rerun: 64) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async, rerun: 64) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r3, 0x1, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7}) (async, rerun: 64) r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) (rerun: 64) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7}) r7 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000e5f000/0x3000)=nil, r9, 0x3, 0x13, r7, 0x0) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) 35m15.082105319s ago: executing program 0 (id=163): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000dc5000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fa4000/0x4000)=nil, r0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x81, 0x7, 0xaca, 0x2, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) 35m10.938179808s ago: executing program 1 (id=164): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000000}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3) 35m8.649971062s ago: executing program 0 (id=165): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, 0xffffffffffffffff) r10 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000340)=[@featur2={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000180)=0x2}) r11 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0xc4000012, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28) (async) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) (async) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, 0xffffffffffffffff) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000340)=[@featur2={0x1, 0x4}], 0x1) (async) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000180)=0x2}) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0xc4000012, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) 34m24.960354592s ago: executing program 32 (id=164): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x33) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000000}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x9) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3) 34m21.851404922s ago: executing program 33 (id=165): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, 0xffffffffffffffff) r10 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000340)=[@featur2={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000180)=0x2}) r11 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0xc4000012, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x28) (async) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) (async) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, 0xffffffffffffffff) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000340)=[@featur2={0x1, 0x4}], 0x1) (async) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000180)=0x2}) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@hvc={0x32, 0x40, {0xc4000012, [0x100000001, 0x8000000000000000, 0xffffffffffffffff, 0xee24, 0xfffffffffffeffff]}}], 0x40}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) 28m49.500938679s ago: executing program 3 (id=171): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f00000000c0)=@arm64) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a76000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013c10a}}, @hvc={0x32, 0x40, {0xc4000053, [0x80000001, 0x7, 0xfffffffffffffff3, 0xffffffffffffff2b]}}, @mrs={0xbe, 0x18, {0x603000000013de87}}, @code={0xa, 0x84, {"008008d50060202e608887d20000b8f2410080d2420080d2c30080d2a40180d2020000d4008008d520aa80d20020b8f2210180d2e20080d2a30180d2240180d2020000d4a0f597d20060b0f2e10080d2e20180d2830180d2640180d2020000d4008008d5000000b90008a03c0000c078"}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x185}}, @svc={0x122, 0x40, {0x84000007, [0x9, 0x3, 0x2, 0xcb, 0xc6]}}, @msr={0x14, 0x20, {0x603000000013c03a}}, @hvc={0x32, 0x40, {0xc400000e, [0x9, 0x1, 0x2, 0x5, 0x4]}}, @smc={0x1e, 0x40, {0x1, [0x8, 0x4, 0x2, 0x9, 0xffffffffffffffff]}}, @smc={0x1e, 0x40, {0xc4000001, [0x7eb, 0x5, 0xfffffffffffffff7, 0x8, 0x8]}}, @msr={0x14, 0x20, {0x603000000013f682, 0x8000000000000001}}, @mrs={0xbe, 0x18, {0x603000000013dea5}}, @hvc={0x32, 0x40, {0x80000002, [0x10, 0x6, 0x8, 0x10000, 0x7f]}}, @uexit={0x0, 0x18, 0x6319b182}, @smc={0x1e, 0x40, {0x31000000, [0x2, 0x3, 0x8, 0xb, 0x1]}}], 0x30c}, &(0x7f0000000080)=[@featur1={0x1, 0xac}], 0x1) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000004c0)={0x4006, 0x313}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_ccsidr={0x603000000013df19, &(0x7f0000000140)=0x3ff}) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x401]}}], 0x40}, 0x0, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r12, 0x2000003, 0x11, r11, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 28m33.209531026s ago: executing program 3 (id=173): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000eb3000/0x1000)=nil, 0x1000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x280000c, 0x20010, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010001e, &(0x7f0000000000)=0x3}) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 28m8.533570665s ago: executing program 3 (id=175): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000dc5000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fa4000/0x4000)=nil, r0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x81, 0x7, 0xaca, 0x2, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) 27m54.454019553s ago: executing program 3 (id=177): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000200)=@attr_other={0x0, 0x5, 0xffd0, &(0x7f00000000c0)}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r8, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000000)={0x7}) r10 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000080)={0x0, 0x6000, 0x0, r10}) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000000c0)={0x8}) ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000000)={0x6000}) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) 27m30.709411957s ago: executing program 3 (id=180): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r2, 0x541b, 0x2000001c) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) eventfd2(0x3ff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r5, 0x400454d0, 0x2b) 27m22.551565839s ago: executing program 3 (id=182): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000100)={r0, 0xcb, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r3, 0x800454dd, 0x16) mmap$KVM_VCPU(&(0x7f0000787000/0x3000)=nil, 0x930, 0x0, 0x10, r0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8001, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b6b000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x3, 0x8, 0x7, '\x00', 0x10}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2000000000000) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x9, 0xffffffffffffffff, 0x1}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0xb, 0x74}) write$eventfd(r8, &(0x7f00000001c0)=0x3, 0x10) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x4, 0x188993, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) syz_kvm_setup_cpu$arm64(r9, r0, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0a000000000000009c00000000000000a06c80d200c0b0f2810080d2c20180d2c30080d2440180d2020000d4e0409fd200a0b8f2810080d2c20080d2c3008000000000000071c8d4007008d5000008d5008008d5007008d520c084d20080b8f2410080d2420080d2030080d2640080d2020000d40000202e0000001b80d996d20000b0f2210180d2a20080d2230080d2c40180d2020000d4c0035fd6000000000000000018000000000000000000000000000000aa0000000000000028000000000000000301000a0000000000000000000000000080000000000000e600000000000000180000000000000003000000000000003200000000000000400000000000000000000005000000000600000000000000c6f2ffffffffffff020000000000000001000000000000000c0d0000000000000000000000000000180000000000000004000000000000006e00000000000000300000000000000000c00000000000001e080000000020000800000000000000000000000000000032000000000000004000000000000000ff7f0080000000000900000000000000000000800100000032000000000000000400000000000000090000000000000000000000000000001800000000000000ffffffffffffffffaa00000000000000280000000000000004000300000007000000a0050000010000000100000000002201000000000000400000000000000001ff008600000000010000000000000001000100000000000300000000000000000000000000000009000000000000001e000000000000004000000000000000bc6a22220000000009000000000000006fc4000000000000471d000000000000154800000000000007000000000000004b3714df5b2919a54f5b2c5edb4df9f06448e117510d7cadc7288dc770da8f0a20e4c4a2"], 0x27c}], 0x1, 0x0, &(0x7f0000000740)=[@featur1={0x1, 0x20}], 0x1) ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000400)=0x8001) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 26m35.150330667s ago: executing program 34 (id=182): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000100)={r0, 0xcb, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r3, 0x800454dd, 0x16) mmap$KVM_VCPU(&(0x7f0000787000/0x3000)=nil, 0x930, 0x0, 0x10, r0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8001, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b6b000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x3, 0x8, 0x7, '\x00', 0x10}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2000000000000) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x9, 0xffffffffffffffff, 0x1}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0xb, 0x74}) write$eventfd(r8, &(0x7f00000001c0)=0x3, 0x10) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x4, 0x188993, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x2, 0x1, 0x2000, &(0x7f0000f31000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) syz_kvm_setup_cpu$arm64(r9, r0, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000700)=[{0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0a000000000000009c00000000000000a06c80d200c0b0f2810080d2c20180d2c30080d2440180d2020000d4e0409fd200a0b8f2810080d2c20080d2c3008000000000000071c8d4007008d5000008d5008008d5007008d520c084d20080b8f2410080d2420080d2030080d2640080d2020000d40000202e0000001b80d996d20000b0f2210180d2a20080d2230080d2c40180d2020000d4c0035fd6000000000000000018000000000000000000000000000000aa0000000000000028000000000000000301000a0000000000000000000000000080000000000000e600000000000000180000000000000003000000000000003200000000000000400000000000000000000005000000000600000000000000c6f2ffffffffffff020000000000000001000000000000000c0d0000000000000000000000000000180000000000000004000000000000006e00000000000000300000000000000000c00000000000001e080000000020000800000000000000000000000000000032000000000000004000000000000000ff7f0080000000000900000000000000000000800100000032000000000000000400000000000000090000000000000000000000000000001800000000000000ffffffffffffffffaa00000000000000280000000000000004000300000007000000a0050000010000000100000000002201000000000000400000000000000001ff008600000000010000000000000001000100000000000300000000000000000000000000000009000000000000001e000000000000004000000000000000bc6a22220000000009000000000000006fc4000000000000471d000000000000154800000000000007000000000000004b3714df5b2919a54f5b2c5edb4df9f06448e117510d7cadc7288dc770da8f0a20e4c4a2"], 0x27c}], 0x1, 0x0, &(0x7f0000000740)=[@featur1={0x1, 0x20}], 0x1) ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f0000000400)=0x8001) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 24m3.899429421s ago: executing program 2 (id=197): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23m56.639746792s ago: executing program 2 (id=198): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xe) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r7 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f00000000c0)=0x4}) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f00000001c0)=0x4) openat$kvm(0x0, 0x0, 0x0, 0x0) close(0x4) close(0x5) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x4, 0x80000001}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x4) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x4000}) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CAP_ARM_MTE(r12, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0xe5) mmap$KVM_VCPU(&(0x7f0000ece000/0x3000)=nil, 0x930, 0x1800002, 0x4010, 0xffffffffffffffff, 0x0) 23m38.092869343s ago: executing program 2 (id=199): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000dc5000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fa4000/0x4000)=nil, r0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x81, 0x7, 0xaca, 0x2, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) 23m30.210708187s ago: executing program 2 (id=200): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000240)=0xffffffff}) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x27) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x0, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x0, 0x6, 0x10, 0x9}}], 0x50}, 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, 0x0}) syz_kvm_vgic_v3_setup(r1, 0xfffffffffffffffe, 0x180) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, 0xfffffffffffffffe) ioctl$KVM_ARM_SET_DEVICE_ADDR(r10, 0x4010aeab, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000001c0)={0x0, 0x0}, 0x0, 0x28) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) eventfd2(0x8, 0x80800) 23m11.802602253s ago: executing program 2 (id=201): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0xfccef2b66e0bfad1}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) r3 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000080)=@attr_riscv64=@attr_ctrl={0x0, 0x1, 0x1, &(0x7f0000000040)=0x1000}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x800454d3, 0x10000000000000) 23m1.520526503s ago: executing program 2 (id=202): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x1, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f00000000c0)}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x240) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 22m12.793952502s ago: executing program 35 (id=202): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x1, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f00000000c0)}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x240) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14m16.039958586s ago: executing program 4 (id=222): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000001340)={0x7, 0x0, 0x2, r2, 0x3}) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x51d987bd, 0x0, 0x0, r2, 0xa}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x40000000016f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x2c0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x800000000000000) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000200)={0x0, &(0x7f0000000100)}, 0x0, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) (async) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) (async) ioctl$KVM_IRQ_LINE(r11, 0x4008ae61, &(0x7f0000000240)={0x200002f}) r12 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (rerun: 64) syz_kvm_vgic_v3_setup(r12, 0x1, 0x100) (async) ioctl$KVM_RUN(r14, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE(r12, 0x4008ae61, &(0x7f0000000100)={0x1000020, 0x1}) (rerun: 32) 13m57.948029776s ago: executing program 4 (id=223): munmap(&(0x7f0000481000/0x1000)=nil, 0x1000) munmap(&(0x7f0000136000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f70000/0x1000)=nil, 0x1000) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) munmap(&(0x7f00009f4000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e4c000/0x4000)=nil, 0x4000) munmap(&(0x7f0000967000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ff3000/0x3000)=nil, 0x3000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x171742, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0x76dc8650, 0x4}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0x40086602, 0x20000000) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000f1e000/0x4000)=nil, r2, 0x2000004, 0x12, r6, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r2, 0xc, 0x30, r7, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10003, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) munmap(&(0x7f00007f5000/0xe000)=nil, 0xe000) munmap(&(0x7f0000d04000/0x1000)=nil, 0x1000) munmap(&(0x7f0000270000/0x1000)=nil, 0x1000) munmap(&(0x7f00007fd000/0x800000)=nil, 0x800000) 13m55.919758962s ago: executing program 5 (id=224): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0xfffffffffffffffd, 0xb}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=0x8}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3, 0x11, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) 13m39.862076727s ago: executing program 4 (id=225): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x2a4080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000e00000/0x4000)=nil, r3, 0x8, 0x11, r4, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, 0x0, 0x1, 0x10, r11, 0x0) r14 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000edc000/0x4000)=nil, r13, 0x8, 0x2010, r11, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r15, 0x1000014, 0x110, r10, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x600000d, 0x11, r10, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r16, 0x3, 0x11, r14, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) eventfd2(0x400, 0x40000) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) 13m38.618295792s ago: executing program 5 (id=226): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000000)=0x8000000fbed}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) 13m25.070559625s ago: executing program 5 (id=227): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3a) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x1000}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000a89000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0xdddd0000, 0x2000, &(0x7f000000a000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x33) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@hvc={0x32, 0x40, {0x84000002, [0x9, 0x9, 0x7, 0x0, 0x8]}}], 0x40}, 0x0, 0x0) r8 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x8000000000002, 0x100) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x4ae40, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x2, 0x2b9}}], 0x18}, 0x0, 0x0) r13 = syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) ioctl$KVM_RUN(r12, 0xae80, 0x0) close(r3) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x8}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r14, 0x800454e1, 0x8000110c230008) 13m24.041857439s ago: executing program 4 (id=228): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0x4b47, 0xfffffffffffffffe) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f000000000c0000005a9610fbff17521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48) r8 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f00000008c0)=[@code={0xa, 0x6c, {"007008d5007008d5007008d5400094d20060b0f2c10180d2220080d2a30180d2240080d2020000d40084df0d008040c8802b98d200c0b0f2810080d2820180d2e30080d2840080d2020000d40050200e007008d50018601e"}}], 0x6c}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x220) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000280)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65d, 0x7fffffffffffffff}}], 0x20}, 0x0, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r17, 0x4010aeac, &(0x7f0000000180)=@arm64_core={0x6030000000100038, &(0x7f0000000140)=0x40}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 13m10.139523572s ago: executing program 5 (id=229): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x1000, [0x4, 0x1ff, 0x1, 0x7fffffffffffffff, 0x8001]}}, @eret={0xe6, 0x18, 0x3}, @smc={0x1e, 0x40, {0x8400000f, [0x4, 0x1, 0x4, 0x6, 0x7]}}, @irq_setup={0x46, 0x18, {0x4, 0x26f}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x1, 0x0, 0x1, 0x9, 0x0, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x0, 0x7, 0x1, 0x4}}, @smc={0x1e, 0x40, {0x84000051, [0x605c, 0x9b, 0xe, 0x7, 0x7bea]}}, @msr={0x14, 0x20, {0x603000000013df59, 0x32}}, @svc={0x122, 0x40, {0x80, [0xb0c8, 0xfffffffffffffffb, 0xfffffffffffffff6, 0x5, 0x2e3]}}, @svc={0x122, 0x40, {0x86000001, [0x6, 0xffff, 0x7d, 0xa0, 0x401]}}, @uexit={0x0, 0x18, 0xe8a}, @code={0xa, 0x6c, {"000080a8000440fc000008d5803d99d20020b0f2010180d2e20080d2830080d2640180d2020000d4604892d20000b0f2e10180d2220080d2030180d2240080d2020000d400eca02e000028d5007008d5007008d5007008d5"}}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x2}, @svc={0x122, 0x40, {0x84000003, [0xffffffffffffffff, 0x3, 0x6, 0x8, 0x3]}}, @mrs={0xbe, 0x18, {0x17aa}}], 0x2ec}, &(0x7f0000000040)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f00000004c0)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000080)={0x2, 0x82}) (async) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r3 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x4010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 13m0.688209591s ago: executing program 4 (id=230): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000040)=0xd}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x1000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (rerun: 64) 12m58.581583342s ago: executing program 5 (id=231): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xb2) (async) mmap$KVM_VCPU(&(0x7f0000edc000/0x2000)=nil, 0x930, 0xe, 0x16831, r2, 0x0) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x6) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013809c}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) ioctl$KVM_CREATE_VM(r12, 0x894c, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0x6}) (async) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) close(r15) (async) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0xb, 0x11, r2, 0x0) (async) r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r16, 0x801c581f, 0x0) 12m44.380049292s ago: executing program 4 (id=232): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x2, 0x1, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x16) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffb}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0) (async) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000b7c000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0x401, &(0x7f00000000c0)=0x5}) 12m40.469751538s ago: executing program 5 (id=233): r0 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0xb2, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0xeffffffb, 0x80001) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r5, 0x1}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r5, 0x3}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x1, r5, 0xf}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x82401, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r7, 0x4020ae46, &(0x7f00000001c0)={0x7ffc, 0x3000}) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r11, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x0, &(0x7f0000000080)=0x3}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) eventfd2(0x3ff, 0x0) r13 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x37) ioctl$KVM_CAP_ARM_USER_IRQ(r13, 0x4068aea3, &(0x7f00000002c0)) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r16, 0x400454d0, 0x1) 11m56.651231016s ago: executing program 36 (id=232): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x2, 0x1, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x16) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffb}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0) (async) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000b7c000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0x401, &(0x7f00000000c0)=0x5}) 11m51.141107468s ago: executing program 37 (id=233): r0 = openat$kvm(0x0, &(0x7f0000000280), 0x103080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0xb2, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0xeffffffb, 0x80001) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r5, 0x1}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r5, 0x3}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x1, r5, 0xf}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x82401, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r7, 0x4020ae46, &(0x7f00000001c0)={0x7ffc, 0x3000}) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r11, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x0, &(0x7f0000000080)=0x3}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) eventfd2(0x3ff, 0x0) r13 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x37) ioctl$KVM_CAP_ARM_USER_IRQ(r13, 0x4068aea3, &(0x7f00000002c0)) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r16, 0x400454d0, 0x1) 2m59.110759386s ago: executing program 6 (id=239): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101080, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0xb, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000842000/0x1000)=nil, 0x930, 0x1000005, 0x5c1fd1b6164b3f1, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r7, 0x40305839, 0x19) 2m48.777485825s ago: executing program 7 (id=240): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfd000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0x0, [0x400000000000007, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000040)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xa}) syz_kvm_vgic_v3_setup(r1, 0x2, 0x2e0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m35.620504456s ago: executing program 6 (id=241): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5}) munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x40010, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) r6 = eventfd2(0x0, 0x0) close(r6) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r4, 0x4018aee2, &(0x7f0000000100)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1c}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000ae9000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000340)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x88c80, 0x0) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000140)=0x3) r11 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r11, &(0x7f0000384000/0x400000)=nil, &(0x7f0000000180)=[{0x0, &(0x7f0000000380)=[@eret={0xe6, 0x18, 0x7f}, @smc={0x1e, 0x40, {0x84000012, [0x1, 0x10000, 0x8, 0xae, 0x3]}}, @smc={0x1e, 0x40, {0x84000003, [0x0, 0x5, 0x4, 0x92, 0x3]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x3d2}}, @code={0xa, 0x6c, {"00a4002f0000409b00a0df0c802799d20080b8f2810180d2220180d2430180d2440080d2020000d40000401f007493d200e0b0f2210180d2020080d2c30180d2440080d2020000d40068603c008000c8000008d50300a0d4"}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e6c0, 0x4}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x40}, @eret={0xe6, 0x18, 0x1}], 0x1ac}], 0x1, 0x0, &(0x7f00000001c0)=[@featur1={0x1, 0x48}], 0x1) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, r12, 0x200000c, 0x10, r6, 0x0) eventfd2(0x1ff, 0x1) 2m19.204690104s ago: executing program 7 (id=242): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x3}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8c00, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x7f) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) close(0x4) close(0x5) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000080)=0x5}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0xfffffffffffffffd) syz_kvm_setup_cpu$arm64(r11, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, 0x0, 0x2d8}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x80) r12 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) 2m11.211432456s ago: executing program 6 (id=243): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x4000)=nil, r6, 0x1000000, 0x30, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000200)="f301181301d136000000000000f4ff0000802346cbd987000001000200ecff0900010200250000000000000000000000000001000000000040000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x40305828, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) 1m52.199435204s ago: executing program 7 (id=244): mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x100000000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000780)={0x0, 0x0, 0x2000, 0x1000, &(0x7f0000ffc000/0x1000)=nil, 0x3, r2}) (async) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000080)={0x1fd, 0x4, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x10000, r2}) (async) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000140)={0x1ff, 0x1, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil, 0x6, r2}) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c5}) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000200)) mmap$KVM_VCPU(&(0x7f0000dd4000/0x3000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) 1m50.172579034s ago: executing program 6 (id=245): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000240)=@arm64_fp={0x60400000001004a3, 0x0}) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000e3c000/0x3000)=nil, r3, 0x2000007, 0x1010, r9, 0x0) 1m31.932430501s ago: executing program 7 (id=246): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x280000, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xf50) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x13, r3, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0602, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) close(0x5) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r7, &(0x7f00000001c0), 0xe80) r8 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100014, &(0x7f0000000000)=0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) ioctl$KVM_GET_SREGS(r4, 0x8000ae83, &(0x7f0000000200)) 1m25.47994905s ago: executing program 6 (id=247): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) syz_kvm_vgic_v3_setup(r1, 0xa00000001, 0x320) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4}) (async) r2 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async, rerun: 32) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) (async) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0x80111500, 0x20000000) write$eventfd(r12, &(0x7f0000000040), 0x8) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f000020b000/0x2000)=nil, r5, 0x1000001, 0x10, r9, 0x0) (async) r13 = eventfd2(0x3, 0x0) close(r13) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r13, &(0x7f0000000180)=0x5, 0xfffffde3) (async) write$eventfd(r13, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async, rerun: 32) ioctl$KVM_CREATE_VM(r6, 0x40049409, 0x13) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r4, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) 1m10.679513131s ago: executing program 7 (id=248): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r3, 0x1}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r3, 0x3}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x1000000000003, 0x0, 0x2, r3, 0xf}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000240)=@arm64_core={0x6030000000100044, &(0x7f0000000080)=0x5}) 1m5.279310984s ago: executing program 6 (id=249): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013e7fc, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r8 = eventfd2(0xd, 0x1) close(r8) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) write$eventfd(r8, 0x0, 0x500) r9 = eventfd2(0x0, 0x0) close(r9) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x34) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x40, 0x5, 0x2}}) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r9, 0x0) 51.520097209s ago: executing program 7 (id=250): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10001, 0x1, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil) (rerun: 64) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000440)={0x0, &(0x7f00000000c0)}, &(0x7f0000000480)=[@featur1={0x1, 0x43}], 0x1) (async, rerun: 32) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (rerun: 32) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2a}], 0x1) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r13 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xfffffffffffffffe) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async) r14 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r15, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async, rerun: 32) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) (rerun: 32) syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) 16.540748344s ago: executing program 38 (id=249): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013e7fc, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r8 = eventfd2(0xd, 0x1) close(r8) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) write$eventfd(r8, 0x0, 0x500) r9 = eventfd2(0x0, 0x0) close(r9) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x34) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x40, 0x5, 0x2}}) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x2000004, 0x2011, r9, 0x0) 0s ago: executing program 39 (id=250): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10001, 0x1, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bc2000/0x400000)=nil) (rerun: 64) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000440)={0x0, &(0x7f00000000c0)}, &(0x7f0000000480)=[@featur1={0x1, 0x43}], 0x1) (async, rerun: 32) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (rerun: 32) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2a}], 0x1) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r13 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xfffffffffffffffe) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async) r14 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r15, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async, rerun: 32) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) (rerun: 32) syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 389.530376][ T3172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.064421][ T3172] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:11700' (ED25519) to the list of known hosts. [ 604.902679][ T24] audit: type=1400 audit(604.070:61): avc: denied { name_bind } for pid=3330 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 606.077865][ T24] audit: type=1400 audit(605.230:62): avc: denied { execute } for pid=3331 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 606.118939][ T24] audit: type=1400 audit(605.260:63): avc: denied { execute_no_trans } for pid=3331 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 629.670602][ T24] audit: type=1400 audit(628.840:64): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 629.711938][ T24] audit: type=1400 audit(628.880:65): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 629.812779][ T3331] cgroup: Unknown subsys name 'net' [ 629.872202][ T24] audit: type=1400 audit(629.040:66): avc: denied { unmount } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.468123][ T3331] cgroup: Unknown subsys name 'cpuset' [ 630.673348][ T3331] cgroup: Unknown subsys name 'rlimit' [ 631.662831][ T24] audit: type=1400 audit(630.830:67): avc: denied { setattr } for pid=3331 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 631.690973][ T24] audit: type=1400 audit(630.860:68): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 631.710891][ T24] audit: type=1400 audit(630.880:69): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 632.768862][ T3334] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 632.788861][ T24] audit: type=1400 audit(631.950:70): avc: denied { relabelto } for pid=3334 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 632.813651][ T24] audit: type=1400 audit(631.970:71): avc: denied { write } for pid=3334 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 632.999372][ T24] audit: type=1400 audit(632.160:72): avc: denied { read } for pid=3331 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.013557][ T24] audit: type=1400 audit(632.180:73): avc: denied { open } for pid=3331 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.059670][ T3331] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 689.489308][ T24] audit: type=1400 audit(688.660:74): avc: denied { execmem } for pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 693.293646][ T24] audit: type=1400 audit(692.460:75): avc: denied { read } for pid=3337 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.340766][ T24] audit: type=1400 audit(692.480:76): avc: denied { open } for pid=3338 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 693.398239][ T24] audit: type=1400 audit(692.550:77): avc: denied { mounton } for pid=3337 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 693.620791][ T24] audit: type=1400 audit(692.780:78): avc: denied { module_request } for pid=3337 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 694.612641][ T24] audit: type=1400 audit(693.780:79): avc: denied { sys_module } for pid=3338 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 721.518330][ T3338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.915128][ T3338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.027863][ T3337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.264872][ T3337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 734.281079][ T3338] hsr_slave_0: entered promiscuous mode [ 734.311814][ T3338] hsr_slave_1: entered promiscuous mode [ 735.290421][ T3337] hsr_slave_0: entered promiscuous mode [ 735.340209][ T3337] hsr_slave_1: entered promiscuous mode [ 735.380728][ T3337] debugfs: 'hsr0' already exists in 'hsr' [ 735.407113][ T3337] Cannot create hsr debugfs directory [ 741.413348][ T24] audit: type=1400 audit(740.580:80): avc: denied { create } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.465266][ T24] audit: type=1400 audit(740.610:81): avc: denied { write } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.509313][ T24] audit: type=1400 audit(740.670:82): avc: denied { read } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 741.667520][ T3338] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 741.998789][ T3338] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 742.320231][ T3338] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 742.733196][ T3338] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 744.318313][ T3337] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 744.470629][ T3337] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 744.629633][ T3337] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 744.811868][ T3337] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 757.222197][ T3338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.278615][ T3337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 816.622252][ T3338] veth0_vlan: entered promiscuous mode [ 817.250940][ T3338] veth1_vlan: entered promiscuous mode [ 820.255150][ T3337] veth0_vlan: entered promiscuous mode [ 820.558876][ T3338] veth0_macvtap: entered promiscuous mode [ 821.219846][ T3338] veth1_macvtap: entered promiscuous mode [ 821.480245][ T3337] veth1_vlan: entered promiscuous mode [ 825.007257][ T2129] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.027856][ T2129] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.033956][ T2129] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.097091][ T2129] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.389412][ T3337] veth0_macvtap: entered promiscuous mode [ 825.992988][ T3337] veth1_macvtap: entered promiscuous mode [ 828.576856][ T24] audit: type=1400 audit(827.710:83): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 828.899007][ T24] audit: type=1400 audit(828.060:84): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.OuJhYr/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 829.230698][ T24] audit: type=1400 audit(828.360:85): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 829.709165][ T24] audit: type=1400 audit(828.860:86): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.OuJhYr/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 829.866545][ T3490] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.892350][ T3490] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.898082][ T3490] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.907883][ T3490] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.022775][ T24] audit: type=1400 audit(829.190:87): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/syzkaller.OuJhYr/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 831.017022][ T24] audit: type=1400 audit(830.180:88): avc: denied { unmount } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 831.373544][ T24] audit: type=1400 audit(830.540:89): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 831.659707][ T24] audit: type=1400 audit(830.800:90): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="gadgetfs" ino=3761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 832.088523][ T24] audit: type=1400 audit(831.250:91): avc: denied { mount } for pid=3338 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 832.248792][ T24] audit: type=1400 audit(831.340:92): avc: denied { mounton } for pid=3338 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 833.999807][ T3338] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 835.613661][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 835.649875][ T24] audit: type=1400 audit(834.780:94): avc: denied { read write } for pid=3338 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 835.710086][ T24] audit: type=1400 audit(834.860:95): avc: denied { open } for pid=3338 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 835.761338][ T24] audit: type=1400 audit(834.920:96): avc: denied { ioctl } for pid=3338 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 844.837762][ T24] audit: type=1400 audit(843.910:97): avc: denied { read } for pid=3494 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 844.844352][ T24] audit: type=1400 audit(843.980:98): avc: denied { open } for pid=3494 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.231333][ T24] audit: type=1400 audit(844.400:99): avc: denied { ioctl } for pid=3494 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 869.336623][ T24] audit: type=1400 audit(868.500:100): avc: denied { setattr } for pid=3511 comm="syz.1.6" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 875.332225][ T24] audit: type=1400 audit(874.490:101): avc: denied { write } for pid=3515 comm="syz.1.8" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 875.429265][ T24] audit: type=1400 audit(874.570:102): avc: denied { map } for pid=3515 comm="syz.1.8" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 896.361295][ T24] audit: type=1400 audit(895.530:103): avc: denied { append } for pid=3524 comm="syz.1.11" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 907.783850][ T24] audit: type=1400 audit(906.930:104): avc: denied { execute } for pid=3527 comm="syz.0.12" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 915.721571][ T24] audit: type=1400 audit(914.890:105): avc: denied { create } for pid=3534 comm="syz.1.14" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 915.833455][ T24] audit: type=1400 audit(915.000:106): avc: denied { map } for pid=3534 comm="syz.1.14" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4559 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 915.961426][ T24] audit: type=1400 audit(915.070:107): avc: denied { read } for pid=3534 comm="syz.1.14" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4559 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 978.412623][ T24] audit: type=1400 audit(977.580:108): avc: denied { ioctl } for pid=3570 comm="syz.1.26" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1053.303240][ T3612] kvm [3612]: Failed to find VMA for hva 0x20c79000 [ 1152.397827][ T24] audit: type=1400 audit(1151.560:109): avc: denied { write } for pid=3665 comm="syz.0.63" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7090 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1301.205002][ T24] audit: type=1400 audit(1300.370:110): avc: denied { execute } for pid=3735 comm="syz.1.85" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1316.430173][ T3748] kvm [3748]: Failed to find VMA for hva 0x21016000 [ 1395.283579][ T3787] kvm [3787]: Failed to find VMA for hva 0x20c01000 [ 1694.819385][ T3973] kvm [3973]: Failed to find VMA for hva 0x20e08000 [ 1759.793905][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1761.423524][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1763.104570][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1764.282628][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1778.439186][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1778.593119][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1778.683284][ T12] bond0 (unregistering): Released all slaves [ 1779.582252][ T12] hsr_slave_0: left promiscuous mode [ 1779.609471][ T12] hsr_slave_1: left promiscuous mode [ 1779.755153][ T12] veth1_macvtap: left promiscuous mode [ 1779.759437][ T12] veth0_macvtap: left promiscuous mode [ 1779.773597][ T12] veth1_vlan: left promiscuous mode [ 1779.804508][ T12] veth0_vlan: left promiscuous mode [ 1803.112216][ T3429] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1804.377661][ T3429] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1805.381865][ T3429] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1806.714499][ T3429] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1820.631432][ T3429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1820.694221][ T3429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1820.748657][ T3429] bond0 (unregistering): Released all slaves [ 1821.789694][ T3429] hsr_slave_0: left promiscuous mode [ 1821.849834][ T3429] hsr_slave_1: left promiscuous mode [ 1822.260744][ T3429] veth1_macvtap: left promiscuous mode [ 1822.267933][ T3429] veth0_macvtap: left promiscuous mode [ 1822.277703][ T3429] veth1_vlan: left promiscuous mode [ 1822.296903][ T3429] veth0_vlan: left promiscuous mode [ 1848.570748][ T3979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1848.830323][ T3979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1853.292139][ T3982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1853.681706][ T3982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1872.577918][ T3979] hsr_slave_0: entered promiscuous mode [ 1872.640928][ T3979] hsr_slave_1: entered promiscuous mode [ 1876.442152][ T3982] hsr_slave_0: entered promiscuous mode [ 1876.468361][ T3982] hsr_slave_1: entered promiscuous mode [ 1876.502186][ T3982] debugfs: 'hsr0' already exists in 'hsr' [ 1876.512136][ T3982] Cannot create hsr debugfs directory [ 1888.684547][ T3979] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1889.350058][ T3979] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1889.710636][ T3979] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1890.132332][ T3979] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1894.282974][ T3982] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1894.634860][ T3982] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1894.954525][ T3982] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1895.275004][ T3982] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1916.131015][ T3979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1922.760635][ T3982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2011.274896][ T3979] veth0_vlan: entered promiscuous mode [ 2012.451761][ T3979] veth1_vlan: entered promiscuous mode [ 2015.109411][ T3979] veth0_macvtap: entered promiscuous mode [ 2015.520494][ T3979] veth1_macvtap: entered promiscuous mode [ 2018.618701][ T3982] veth0_vlan: entered promiscuous mode [ 2020.118587][ T4128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2020.122760][ T4128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2020.130747][ T4128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2020.411464][ T4128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2020.762268][ T3982] veth1_vlan: entered promiscuous mode [ 2026.483828][ T3982] veth0_macvtap: entered promiscuous mode [ 2027.018915][ T24] audit: type=1400 audit(2026.160:111): avc: denied { unmount } for pid=3979 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 2027.429269][ T3982] veth1_macvtap: entered promiscuous mode [ 2031.788697][ T3343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.789853][ T3343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.811048][ T3343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2031.833900][ T3991] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2230.673243][ T3429] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2232.547440][ T3429] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2235.233674][ T3429] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2237.762526][ T3429] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2264.093401][ T3429] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2264.462685][ T3429] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2264.849348][ T3429] bond0 (unregistering): Released all slaves [ 2267.256792][ T3429] hsr_slave_0: left promiscuous mode [ 2267.460257][ T3429] hsr_slave_1: left promiscuous mode [ 2268.214438][ T3429] veth1_macvtap: left promiscuous mode [ 2268.249663][ T3429] veth0_macvtap: left promiscuous mode [ 2268.258265][ T3429] veth1_vlan: left promiscuous mode [ 2268.277365][ T3429] veth0_vlan: left promiscuous mode [ 2360.267526][ T4319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2360.802301][ T4319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2397.667050][ T4319] hsr_slave_0: entered promiscuous mode [ 2397.751766][ T4319] hsr_slave_1: entered promiscuous mode [ 2397.862072][ T4319] debugfs: 'hsr0' already exists in 'hsr' [ 2397.888295][ T4319] Cannot create hsr debugfs directory [ 2421.798477][ T4319] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2422.155022][ T4319] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2422.479231][ T4319] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2423.078825][ T4319] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2423.962696][ T4436] debugfs: 'vgic-its-state@8080000' already exists in '4436-4' [ 2451.264958][ T4319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2494.497255][ T3990] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2496.042563][ T3990] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2497.609448][ T3990] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2499.033460][ T3990] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2520.323360][ T3990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2520.918292][ T3990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2521.411304][ T3990] bond0 (unregistering): Released all slaves [ 2523.354968][ T3990] hsr_slave_0: left promiscuous mode [ 2523.507469][ T3990] hsr_slave_1: left promiscuous mode [ 2524.227053][ T3990] veth1_macvtap: left promiscuous mode [ 2524.230487][ T3990] veth0_macvtap: left promiscuous mode [ 2524.268616][ T3990] veth1_vlan: left promiscuous mode [ 2524.308002][ T3990] veth0_vlan: left promiscuous mode [ 2591.090774][ T4471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2591.460077][ T4471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2619.313270][ T4319] veth0_vlan: entered promiscuous mode [ 2622.252321][ T4471] hsr_slave_0: entered promiscuous mode [ 2622.350539][ T4471] hsr_slave_1: entered promiscuous mode [ 2622.604148][ T4319] veth1_vlan: entered promiscuous mode [ 2626.250275][ T4319] veth0_macvtap: entered promiscuous mode [ 2626.902154][ T4319] veth1_macvtap: entered promiscuous mode [ 2639.380698][ T31] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2639.462646][ T3343] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2639.500719][ T3343] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2639.746612][ T3343] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2650.611591][ T4471] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2651.121038][ T4471] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2651.474752][ T4471] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2652.090798][ T4471] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2686.737348][ T4471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2860.970397][ T4471] veth0_vlan: entered promiscuous mode [ 2862.224306][ T4471] veth1_vlan: entered promiscuous mode [ 2866.020135][ T4471] veth0_macvtap: entered promiscuous mode [ 2866.911286][ T4471] veth1_macvtap: entered promiscuous mode [ 2871.980807][ T4617] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2871.995203][ T4617] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2872.180619][ T4544] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2872.193291][ T4544] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3122.139447][ T50] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3124.600347][ T50] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3126.693740][ T50] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3128.638917][ T50] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3150.923345][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3151.074752][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3151.201684][ T50] bond0 (unregistering): Released all slaves [ 3152.948094][ T50] hsr_slave_0: left promiscuous mode [ 3153.107530][ T50] hsr_slave_1: left promiscuous mode [ 3153.898644][ T50] veth1_macvtap: left promiscuous mode [ 3153.902260][ T50] veth0_macvtap: left promiscuous mode [ 3153.967386][ T50] veth1_vlan: left promiscuous mode [ 3153.979692][ T50] veth0_vlan: left promiscuous mode [ 3189.449833][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3191.534431][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3193.054143][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3194.747194][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3213.954468][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3214.115224][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3214.159887][ T12] bond0 (unregistering): Released all slaves [ 3216.706776][ T12] hsr_slave_0: left promiscuous mode [ 3216.962920][ T12] hsr_slave_1: left promiscuous mode [ 3217.834217][ T12] veth1_macvtap: left promiscuous mode [ 3217.876935][ T12] veth0_macvtap: left promiscuous mode [ 3217.890194][ T12] veth1_vlan: left promiscuous mode [ 3217.908873][ T12] veth0_vlan: left promiscuous mode [ 3267.007619][ T4836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3267.342700][ T4836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3270.743247][ T4833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3271.123903][ T4833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3298.332675][ T4836] hsr_slave_0: entered promiscuous mode [ 3298.461804][ T4836] hsr_slave_1: entered promiscuous mode [ 3305.343784][ T4833] hsr_slave_0: entered promiscuous mode [ 3305.461504][ T4833] hsr_slave_1: entered promiscuous mode [ 3305.567820][ T4833] debugfs: 'hsr0' already exists in 'hsr' [ 3305.576854][ T4833] Cannot create hsr debugfs directory [ 3326.081325][ T4836] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3326.811304][ T4836] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3327.285121][ T4836] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3327.953725][ T4836] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3332.473805][ T4833] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 3333.173195][ T4833] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 3333.793111][ T4833] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 3334.282832][ T4833] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 3365.094780][ T4836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3373.013076][ T4833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3533.294504][ T4836] veth0_vlan: entered promiscuous mode [ 3534.879364][ T4836] veth1_vlan: entered promiscuous mode [ 3540.988969][ T4836] veth0_macvtap: entered promiscuous mode [ 3542.110469][ T4833] veth0_vlan: entered promiscuous mode [ 3542.755063][ T4836] veth1_macvtap: entered promiscuous mode [ 3544.664327][ T4833] veth1_vlan: entered promiscuous mode [ 3550.487956][ T5000] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3550.511935][ T5000] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3550.552573][ T4839] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3550.588393][ T3429] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3552.899337][ T4833] veth0_macvtap: entered promiscuous mode [ 3554.139434][ T4833] veth1_macvtap: entered promiscuous mode [ 3561.773880][ T31] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3561.833511][ T3490] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3561.919503][ T31] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3561.954955][ T3991] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3942.804980][ T5179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3943.299951][ T5179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3962.133872][ T5186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3962.865164][ T5186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4004.940180][ T5179] hsr_slave_0: entered promiscuous mode [ 4005.148557][ T5179] hsr_slave_1: entered promiscuous mode [ 4005.234649][ T5179] debugfs: 'hsr0' already exists in 'hsr' [ 4005.261707][ T5179] Cannot create hsr debugfs directory [ 4031.274248][ T5186] hsr_slave_0: entered promiscuous mode [ 4031.419904][ T5186] hsr_slave_1: entered promiscuous mode [ 4031.579437][ T5186] debugfs: 'hsr0' already exists in 'hsr' [ 4031.609228][ T5186] Cannot create hsr debugfs directory [ 4056.162760][ T5179] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 4057.857149][ T5179] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 4058.355136][ T5179] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 4059.670152][ T5179] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 4079.080663][ T5186] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 4079.860909][ T5186] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 4080.524430][ T5186] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 4081.362420][ T5186] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 4118.423675][ T5179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4134.304447][ T5186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4192.694623][ T26] INFO: task syz.7.250:5163 blocked for more than 430 seconds. [ 4192.751160][ T26] Not tainted syzkaller #0 [ 4192.763432][ T26] Blocked by coredump. [ 4192.763875][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4192.764389][ T26] task:syz.7.250 state:D stack:0 pid:5163 tgid:5162 ppid:4836 task_flags:0x40044c flags:0x00000010 [ 4192.858458][ T26] Call trace: [ 4192.877452][ T26] __switch_to+0x584/0xb00 (T) [ 4192.879939][ T26] __schedule+0x1da4/0x3678 [ 4192.880579][ T26] schedule+0xac/0x27c [ 4192.881091][ T26] schedule_timeout+0x68/0x1ec [ 4192.881565][ T26] do_wait_for_common+0x28c/0x440 [ 4192.881980][ T26] wait_for_completion+0x44/0x5c [ 4192.882537][ T26] __synchronize_srcu+0x2a4/0x320 [ 4192.882981][ T26] synchronize_srcu+0x3d0/0x4f8 [ 4192.883429][ T26] __mmu_notifier_release+0x424/0x614 [ 4192.883889][ T26] exit_mmap+0xcc/0xb84 [ 4192.884373][ T26] __mmput+0x10c/0x528 [ 4192.884793][ T26] mmput+0x70/0xa8 [ 4192.885210][ T26] exit_mm+0x158/0x248 [ 4193.099394][ T26] do_exit+0x828/0x2410 [ 4193.100061][ T26] do_group_exit+0x1d4/0x2ac [ 4193.100603][ T26] get_signal+0x1440/0x154c [ 4193.101016][ T26] arch_do_signal_or_restart+0x23c/0x4bac [ 4193.101549][ T26] exit_to_user_mode_loop+0x88/0x188 [ 4193.102044][ T26] el0_svc+0x17c/0x238 [ 4193.102526][ T26] el0t_64_sync_handler+0x84/0x12c [ 4193.102973][ T26] el0t_64_sync+0x198/0x19c [ 4193.160794][ T26] [ 4193.160794][ T26] Showing all locks held in the system: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4193.239557][ T26] 1 lock held by khungtaskd/26: [ 4193.286706][ T26] #0: ffff800087c971f8 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 4193.289758][ T26] 3 locks held by kworker/u4:6/2129: [ 4193.290207][ T26] 2 locks held by getty/3200: [ 4193.290573][ T26] #0: fcf00000128c28a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 4193.292266][ T26] #1: f2ff80008ca2b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234 [ 4193.294580][ T26] 1 lock held by sshd-session/3330: [ 4193.294901][ T26] 2 locks held by syz-executor/3331: [ 4193.295228][ T26] 3 locks held by kworker/u4:8/3490: [ 4193.462153][ T26] 3 locks held by kworker/u4:4/3991: [ 4193.462635][ T26] 3 locks held by kworker/u4:10/4329: [ 4193.462953][ T26] 2 locks held by kworker/u4:11/4617: [ 4193.463286][ T26] #0: 92f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94 [ 4193.465387][ T26] #1: ffff80008eee7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94 [ 4193.582440][ T26] 2 locks held by kworker/u4:13/5000: [ 4193.582793][ T26] #0: 92f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94 [ 4193.584638][ T26] #1: ffff80008f177ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94 [ 4193.661804][ T26] 2 locks held by kworker/0:1/5070: [ 4193.662226][ T26] 2 locks held by syz.6.249/5157: [ 4193.662640][ T26] 3 locks held by kworker/u4:14/5299: [ 4193.662966][ T26] 1 lock held by modprobe/5324: [ 4193.663290][ T26] 2 locks held by modprobe/5325: [ 4193.777688][ T26] [ 4193.778400][ T26] ============================================= [ 4193.778400][ T26] [ 4193.779475][ T26] Kernel panic - not syncing: hung_task: blocked tasks [ 4193.784737][ T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 4193.786373][ T26] Hardware name: linux,dummy-virt (DT) [ 4193.787426][ T26] Call trace: [ 4193.788306][ T26] show_stack+0x2c/0x3c (C) [ 4193.789438][ T26] __dump_stack+0x30/0x40 [ 4193.790499][ T26] dump_stack_lvl+0x30/0x12c [ 4193.791431][ T26] dump_stack+0x1c/0x28 [ 4193.792436][ T26] vpanic+0x4d0/0x848 [ 4193.793352][ T26] vpanic+0x0/0x848 [ 4193.794236][ T26] hung_task_panic+0x0/0x2c [ 4193.795257][ T26] kthread+0x4d4/0x51c [ 4193.796228][ T26] ret_from_fork+0x10/0x20 [ 4193.798237][ T26] Kernel Offset: disabled [ 4193.798958][ T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 4193.800212][ T26] Memory Limit: none [ 4193.802580][ T26] Rebooting in 86400 seconds..