last executing test programs: 1h10m58.698897428s ago: executing program 1 (id=98): mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) r0 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r0, &(0x7f0000000200)=0x8, 0x8) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f00000000c0)={0x80000000, 0x4}) r3 = eventfd2(0x5, 0x1) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0xffffffff, 0x10000, 0x1, r3, 0x9}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, 0x0) 1h10m51.607152777s ago: executing program 1 (id=99): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x81}}], 0x28}, &(0x7f0000000080)=[@featur1={0x1, 0x60}], 0x1) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000000c0)=@arm64={0x3, 0x80, 0x81, '\x00', 0x8}) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2d) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x6, 0xffffffffffffffff, 0x1}) syz_kvm_setup_cpu$arm64(r1, r0, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000400)=[{0x0, &(0x7f0000000140)=[@smc={0x1e, 0x40, {0x8600ff01, [0x4, 0x9, 0x7, 0x6, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013c4cf}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfe74, 0x1f7, 0xc}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xa6efb771ee0b4ca, 0x6, 0xd}}, @eret={0xe6, 0x18, 0x3}, @hvc={0x32, 0x40, {0x86000001, [0x4, 0x3, 0x10001, 0x4, 0x7ff]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1000, 0x20e6, 0xc}}, @smc={0x1e, 0x40, {0x5000000, [0x40, 0x0, 0x9, 0x0, 0x8]}}, @code={0xa, 0x54, {"0080206e007008d50070df0cc09689d20000b0f2c10080d2220080d2030180d2640080d2020000d4007008d5008008d5007008d5000028d5000028d5000008d5"}}, @uexit={0x0, 0x18}, @memwrite={0x6e, 0x30, @generic={0x4, 0x690, 0x8, 0x4}}, @code={0xa, 0x84, {"0058000e0010000e20cf8ed20080b8f2810180d2420080d2830080d2840180d2020000d4a0a79cd20060b8f2a10180d2e20080d2c30080d2840080d2020000d4000008d5000008d500a0204e20c389d20020b8f2810080d2a20180d2230180d2040180d2020000d40000789e0000381e"}}], 0x2a0}], 0x1, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x15}], 0x1) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000004c0)=@attr_other={0x0, 0x4, 0x6, &(0x7f0000000480)=0x9}) munmap(&(0x7f0000f70000/0x4000)=nil, 0x4000) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000500)={0xfffffffb, 0x2}) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000540)=@x86={0x81, 0x72, 0x20, 0x0, 0x9, 0x1, 0xf3, 0x9, 0x1, 0x70, 0x5, 0xb, 0x0, 0x6, 0x8, 0x2, 0x6b, 0x5, 0xdc, '\x00', 0x91, 0x8001}) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b2c000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000a00)={0x0, &(0x7f0000000580)=[@irq_setup={0x46, 0x18, {0x3, 0x162}}, @eret={0xe6, 0x18, 0x5}, @mrs={0xbe, 0x18, {0x603000000013c02d}}, @smc={0x1e, 0x40, {0x0, [0x2, 0xb5f5, 0x8, 0x0, 0x101]}}, @uexit={0x0, 0x18, 0x750d}, @memwrite={0x6e, 0x30, @generic={0x6000, 0x4f1, 0x6, 0x4}}, @code={0xa, 0x54, {"0054005f000028d5007008d5000020ea60029fd20000b0f2610080d2e20180d2c30180d2240080d2020000d4007008d50008607800a4df0d1f0020eb008008d5"}}, @svc={0x122, 0x40, {0xffff, [0x400, 0xffffffffffffffff, 0x6, 0x2, 0x9]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x174}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0xa, 0x8, 0x4, 0x2}}, @svc={0x122, 0x40, {0x84000009, [0xff, 0x75b4, 0x5300, 0x80000000, 0x994c]}}, @msr={0x14, 0x20, {0x603000000013c65e, 0xd3}}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x84, {"009a98d200a0b8f2210180d2c20180d2a30080d2040080d2020000d4007008d50094005f609d89d20060b0f2610180d2e20080d2c30180d2440180d2020000d4000008d50098205e60eb9ed20020b0f2a10080d2420080d2e30080d2a40180d2020000d40000711e008008d50040c00c"}}, @irq_setup={0x46, 0x18, {0x3, 0x1f6}}, @hvc={0x32, 0x40, {0xffff, [0xd, 0x10000, 0x3, 0x99c, 0x6]}}, @eret={0xe6, 0x18, 0x1}, @irq_setup={0x46, 0x18, {0x4, 0x1f5}}, @svc={0x122, 0x40, {0x80008000, [0x3, 0x5, 0xa4b, 0xffffffffffffffff]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0xffffffffffffffff}}, @svc={0x122, 0x40, {0x84000052, [0x6, 0xdd6, 0x9, 0x7d0, 0x400]}}, @eret={0xe6, 0x18, 0x40}, @irq_setup={0x46, 0x18, {0x3, 0x19c}}, @hvc={0x32, 0x40, {0x84000053, [0x401, 0x3, 0x80000000, 0xf, 0x21]}}], 0x450}, &(0x7f0000000a40)=[@featur1={0x1, 0x20}], 0x1) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a80), 0x4a4103, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000b00)=@attr_other={0x0, 0x7ff, 0x3, &(0x7f0000000ac0)=0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000b40)={0x40000, 0x2000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000b80)={0x10000, 0x2, 0xc000, 0x2000, &(0x7f0000b40000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x3b) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r6, 0x4068aea3, &(0x7f0000000bc0)) ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000c40)={0xffffffffffffffff, 0x3}) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000d80)=[{0x0, &(0x7f0000000c80)=[@eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x8, [0x8, 0x100000000, 0x7b7, 0x5, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013d801}}, @msr={0x14, 0x20, {0x603000000013e65a, 0x4e8d}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0xa, 0x200, 0x40, 0x1}}], 0xd0}], 0x1, 0x0, &(0x7f0000000dc0)=[@featur2={0x1, 0xe9}], 0x1) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000e40)=@attr_arm64={0x0, 0x7, 0x4, &(0x7f0000000e00)=0x101}) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x13) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000e80)={0x4, 0xc}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000ec0)={0xfffffff1, 0xfffffff8, 0x7f}) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000000f00)={0xa, [0x8000000000000001, 0x3, 0x8, 0x2, 0xa, 0x9, 0x4, 0x1, 0x3, 0x6929]}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000f80)={0xb88a, 0x10000}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000001000)=@attr_arm64={0x0, 0x8, 0x0, &(0x7f0000000fc0)=0xa}) 1h10m43.976243285s ago: executing program 1 (id=101): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x26) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x1ff, 0x2, 0x30000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x4, 0x1, 0x0}) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x1, 0xfffffff9, 0x1}}) r7 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x40) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000280)={0x100000, 0x6000, 0x0, 0x2000000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000007c0)=@attr_other={0x0, 0x7, 0x40, &(0x7f0000000100)=0x7fffffff}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf0) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x21) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r11, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1000000}) 1h10m37.64142794s ago: executing program 0 (id=102): munmap(&(0x7f0000481000/0x1000)=nil, 0x1000) munmap(&(0x7f0000136000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, r1, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r5, 0x1000002, 0x13, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x30, r4, 0x9000000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap$KVM_VCPU(r0, 0xc0) 1h10m28.436998841s ago: executing program 1 (id=103): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2c00, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)={0xc, "11029c14e50eaac9139c4595"}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x5}) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r10, 0x10005, 0x120) syz_kvm_vgic_v3_setup(r10, 0x3, 0xc0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000bc2000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 1h10m28.436656241s ago: executing program 0 (id=104): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5}) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x40400000, 0x7, 0x10000, 0x0, 0x1}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000700)={0x0, &(0x7f00000003c0)=[@msr={0x14, 0x20, {0x0, 0x800}}, @mrs={0xbe, 0x18, {0x6030000000138075}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x1af}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x3b0}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xd, 0x5c, 0x8, 0x3}}, @uexit={0x0, 0x18, 0xd}, @eret={0xe6, 0x18, 0x7}, @svc={0x122, 0x40, {0x80000002, [0x8, 0x7, 0xcc2, 0xaa, 0x3]}}, @uexit={0x0, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0xf, 0x3, 0x6, 0x3}}, @msr={0x14, 0x20, {0x1793, 0x7}}, @irq_setup={0x46, 0x18, {0x2, 0x1ef}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x300, 0xffffffffffffff8f}}, @code={0xa, 0x9c, {"001c004e000008d5a0128ad20000b0f2e10080d2620180d2030180d2440080d2020000d460a595d200a0b8f2210080d2020080d2c30180d2040080d2020000d4008008d5000008d5000008d50000001440ea8cd20000b0f2210080d2220080d2a30180d2c40080d2020000d4e06f92d20040b0f2810080d2820180d2e30180d2040080d2020000d4"}}, @svc={0x122, 0x40, {0x84000052, [0x6, 0x10, 0x0, 0x3, 0x3]}}, @svc={0x122, 0x40, {0x4000000, [0x0, 0xb, 0x2, 0xff, 0x3]}}, @irq_setup={0x46, 0x18, {0x2, 0x10a}}, @irq_setup={0x46, 0x18, {0x1, 0xba}}], 0x32c}, &(0x7f0000000740)=[@featur2], 0x1) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff, 0x1}) r12 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x2d) r14 = syz_kvm_vgic_v3_setup(r13, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r11, 0x4018aee3, &(0x7f00000002c0)=@attr_other={0x0, 0x4, 0x8, 0x0}) r15 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r10, 0x4010ae74, &(0x7f0000000100)={0x7fff, 0x2, 0x3}) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c4f1, 0x8000}}, @msr={0x14, 0xfffffe3f, {0x603000000013c4f2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce2, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce3, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x7fffffff}}], 0x100}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000380)=0x7}) ioctl$KVM_RUN(r16, 0xae80, 0x0) 1h10m15.088308878s ago: executing program 0 (id=105): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) r2 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x401c5820, 0x20001002) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x101ff, 0x1, 0xdddd1000, 0x2000, &(0x7f0000db1000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0x101, 0x8, 0x2, 0x80000000000000c, 0x0, 0x4, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x9, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x1, 0x8, 0x7, 0x1, 0x1, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x4, 0x4, 0x7, 0x4, 0x3, 0xcd, 0x888f, 0x1, 0x6, 0x46, 0x1, 0x3, 0xa3e0, 0x20000000006, 0x6, 0x7, 0x400, 0x3, 0xffffffffffffffb7, 0xfffffffffffffffa, 0x80000000, 0xe, 0x1, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x20040000005, 0xfffffffeffffffff, 0x9, 0xd, 0x4, 0xbbd9, 0x80000000, 0xfffffffffffffbfd, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0xfffffffffffffffe, 0x3, 0x5, 0x2, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x1, 0x4, 0x4, 0x7, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x0, 0x7, 0xf6, 0x0, 0x6, 0xfffffffffffffffb, 0x25b, 0xe53e, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd7, 0xfff9, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb695, 0xcc, 0x8, 0x1000003]}) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000040)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x3, 0xdddd0000, 0x1000, &(0x7f0000007000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1f9, 0x3, 0x100000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee8000, 0x1000, &(0x7f0000f15000/0x1000)=nil}) r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x8900, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x24) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c2aa, &(0x7f0000000080)=0x800000000000}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xeeee0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r11, 0x4068aea3, &(0x7f0000000140)={0xb6, 0x0, 0x4}) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r11, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81}) 1h10m4.820710015s ago: executing program 0 (id=106): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000100)={0x69, 0x5}) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013df10, 0x0}) (async) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x40400000, 0x7, 0x10000, 0x0, 0x1}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae03, 0x29) (async) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x2, 0x1, 0x0, @adapter={0x7, 0x100000000, 0x8, 0x0, 0x7}}, {0x9, 0x2, 0x1, 0x0, @adapter={0xd4ff, 0x6d39, 0x2, 0x0, 0x7f}}, {0x3, 0x0, 0x1, 0x0, @sint={0x6, 0x8000}}, {0x0, 0x0, 0x0, 0x0, @adapter={0x8f9, 0xe808e8f, 0x3f, 0x7, 0x332ccd89}}]}) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) (async) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f0000000300)={{0x40000, 0x5112230311195ad3, 0x3, 0x81, 0x5b, 0xb, 0x81, 0x8, 0xe, 0x78, 0x3, 0x6}, {0x7f625000, 0xdddd1000, 0x10, 0x81, 0xb, 0x0, 0x0, 0xf2, 0x10, 0xcb, 0x9, 0x98}, {0x40000, 0x100000, 0x10, 0x0, 0xa6, 0x7, 0x2d, 0xf2, 0xa, 0x0, 0x2, 0x4}, {0x26000, 0x54000, 0xa, 0x7e, 0x6, 0x7, 0x5c, 0x9, 0x4, 0x2, 0xe, 0xef}, {0x6000, 0x81c0003, 0x4, 0x1b, 0xf1, 0xa4, 0x0, 0xa, 0x5, 0x2, 0xff}, {0x0, 0x6000, 0x8, 0x7, 0x4, 0x40, 0x8, 0x9, 0x4, 0x9a, 0xd, 0x7}, {0x26000, 0x26000, 0xbd6e87c0ceccddee, 0x9, 0x5, 0x8, 0xf6, 0xa, 0x0, 0x5, 0x8, 0x2}, {0x3000, 0x5000, 0x10, 0x6, 0x2, 0x7f, 0x5, 0x5, 0x4, 0x1, 0x6, 0x81}, {0x80a0000, 0x2}, {0x58000, 0xfffd}, 0x40000000, 0x0, 0x58000, 0x200b8, 0xf, 0x1, 0xdddd0000, [0x4, 0x1, 0x81, 0x2]}) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x46, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x900001, 0x0, 0x0, 0x3, 0xa, 0x8, '\x00', 0x1, 0x93}) (async) write$eventfd(r10, &(0x7f00000001c0)=0x3, 0xfdef) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1h9m59.860154051s ago: executing program 1 (id=107): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4030582a, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 1h9m57.417628066s ago: executing program 0 (id=108): syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000200)="f30138ddf77f2b380b7bb71c04010003e600020000000003f4ff00061000bb000010090000000000000015051d000000000000000000003f00", 0x0, 0x48) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x46, 0x48, 0x86, 0xdd, 0x64, 0x0, 0x100001, 0xffc0000, 0x0, 0x3, 0xa, 0x8, '\x00', 0x1, 0x93}) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0xfdef) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000040)) 1h9m54.515743594s ago: executing program 1 (id=109): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x640, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000240), 0x1f4242, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xfffffff8}) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000000c0)=0x1) r8 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x3, 0x40000000, 0x10000, 0x0, 0x105, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x5}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r14, 0x0, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000280)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0x16}], 0x1) r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x33) syz_kvm_vgic_v3_setup(r18, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r18, 0x4008ae61, &(0x7f0000000000)={0x1002020, 0x5}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r16, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8}) 1h9m49.467518676s ago: executing program 0 (id=110): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r2, 0x0) r4 = eventfd2(0x2, 0x80001) close(r4) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000000)) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) munmap(&(0x7f0000eb0000/0x1000)=nil, 0x1000) write$eventfd(r4, &(0x7f0000000100)=0xfffffffffffffffe, 0x8) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) 1h9m7.679802551s ago: executing program 32 (id=109): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x640, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000240), 0x1f4242, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x27) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xfffffff8}) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000000c0)=0x1) r8 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x3, 0x40000000, 0x10000, 0x0, 0x105, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x5}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r14, 0x0, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000280)={0x0, 0x0}, &(0x7f0000000100)=[@featur2={0x1, 0x16}], 0x1) r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x33) syz_kvm_vgic_v3_setup(r18, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r18, 0x4008ae61, &(0x7f0000000000)={0x1002020, 0x5}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r16, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8}) 1h9m1.290730168s ago: executing program 33 (id=110): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x12, r2, 0x0) r4 = eventfd2(0x2, 0x80001) close(r4) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000000)) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) munmap(&(0x7f0000eb0000/0x1000)=nil, 0x1000) write$eventfd(r4, &(0x7f0000000100)=0xfffffffffffffffe, 0x8) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) 39m35.479325947s ago: executing program 3 (id=327): munmap(&(0x7f0000481000/0x1000)=nil, 0x1000) munmap(&(0x7f0000136000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000810000/0x4000)=nil, 0x930, 0x0, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1, 0x3, 0x9000, 0x2000, &(0x7f0000764000/0x2000)=nil}) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) 39m28.538367345s ago: executing program 2 (id=328): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r8, 0x1, 0x12, r6, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r9, 0x8, 0x13, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r9, 0x1000001, 0x12, r6, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_vgic_v3_setup(r2, 0x0, 0xc0) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r10, 0x40000) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x80000001}) 39m26.742279848s ago: executing program 3 (id=329): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f0000000100)={0x5, 0x0, &(0x7f0000d99000/0x4000)=nil}) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r8, 0x2000003, 0x11, r5, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000b0d000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000100)={0x0, &(0x7f0000000880)=[@msr={0x14, 0x20, {0x603000000013defc, 0x5a8}}], 0x20}, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 39m17.070763083s ago: executing program 2 (id=330): mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async, rerun: 32) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x4, 0x1, 0x70, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x8, 0x5, 0x5, 0x1, '\x00', 0x1, 0x7}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async, rerun: 64) write$eventfd(r2, &(0x7f00000001c0)=0x9, 0x1d) (async, rerun: 64) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 39m15.19911415s ago: executing program 3 (id=331): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x9c3, 0x6}) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000140)={0x5, 0xa8}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x1}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0xfffffffffffffffe) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0x0) write$eventfd(r6, &(0x7f00000001c0)=0x3, 0x8e80) r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r12, 0x40086602, 0x110ca32000) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r9, 0x2, 0x220) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x25) r14 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000240)=@arm64_core={0x6030000000100038, &(0x7f0000000080)=0x5}) 39m9.529047316s ago: executing program 2 (id=332): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x484502, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x484502, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, 0x0) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000340)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1800, 0x3, 0x1}}], 0x30}, 0x0, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000340)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1800, 0x3, 0x1}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x3, 0xa0) (async) syz_kvm_vgic_v3_setup(r7, 0x3, 0xa0) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = eventfd2(0x0, 0x0) close(r10) (async) close(r10) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9280, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2a) (async) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2a) r13 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8900, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x24) r14 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000aec000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000040)={0x0, 0x0}, 0x0, 0x0) 39m0.23798221s ago: executing program 3 (id=333): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000300)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0xfffff804, 0x1, &(0x7f0000000200)=0x3}) r3 = eventfd2(0x8801, 0x800) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000340)=0xfffffffffffffffc}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x3, &(0x7f0000000240)=0x5}) r7 = eventfd2(0x83ff, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2c) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000100)=@arm64_fw={0x6030000000140002, &(0x7f00000003c0)=0x1}) r12 = eventfd2(0x10, 0x1) r13 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, &(0x7f0000000380)=@attr_other={0x0, 0x2, 0x6, &(0x7f00000000c0)=0x3}) r16 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r17, 0x2, 0xe0) r18 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xf) ioctl$KVM_IRQFD(r18, 0x4020ae76, &(0x7f0000000180)={r12, 0x3fb6, 0x0, r7}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r7, 0x5, 0x2, r7}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r7, 0x5, 0x1, r3}) 38m55.875915861s ago: executing program 2 (id=334): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}], 0x28}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c103, &(0x7f00000000c0)=0xa0}) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r9 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0x40305839, 0x19) 38m42.740054537s ago: executing program 3 (id=335): ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010004e, &(0x7f00000000c0)=0x80003fb}) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4}) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000440)={0x0, &(0x7f0000000140)=[@its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0xb, 0xd39, 0x7ac, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x171}}, @code={0xa, 0xcc, {"000008d5003c000e20f69ad20000b8f2210080d2c20180d2430080d2840080d2020000d4e0fd81d200e0b0f2210180d2020180d2230180d2c40180d2020000d4209b9dd200e0b0f2410080d2420080d2230180d2440180d2020000d4000000d2e0f789d20080b0f2a10080d2620080d2e30080d2840080d2020000d4e0fe80d200e0b8f2010180d2020180d2230080d2640080d2020000d4802f83d20080b8f2810080d2620180d2c30180d2840180d2020000d4000028d5"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0xa, 0x2, 0x42}}, @irq_setup={0x46, 0x18, {0x3, 0x32b}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x84000013, [0x100000008, 0x4, 0xc, 0x9, 0x8]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x2ce}}, @uexit={0x0, 0x18, 0x2}, @svc={0x122, 0x40, {0x0, [0xffffffffffffffff, 0x401, 0x6, 0xffffffffffffffff, 0x7]}}, @irq_setup={0x46, 0x18, {0x1, 0x21}}, @uexit={0x0, 0x18, 0xb}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x376}}, @hvc={0x32, 0x40, {0x0, [0x5, 0x2, 0xffffffffffffff81, 0x6, 0x10]}}], 0x2cc}, &(0x7f0000000480)=[@featur2={0x1, 0x2}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x2000007, 0x8010, r5, 0x0) 38m37.572106275s ago: executing program 2 (id=336): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xac) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x400454d1, 0x110c23001e) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r9, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff}) ioctl$KVM_IRQ_LINE_STATUS(r9, 0xc008ae67, &(0x7f0000000000)={0x2, 0xfff}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c021, 0x5}}], 0x3}, &(0x7f0000000100)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r14, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x5}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x18) 38m30.931592538s ago: executing program 3 (id=337): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xa8200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27) syz_kvm_vgic_v3_setup(r6, 0x4, 0x1a0) r7 = eventfd2(0x2, 0x80000) r8 = eventfd2(0xf, 0x80001) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000100)={r8, 0x0, 0x2, r7}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7, 0x8, 0x2, r7}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000040)={r8, 0x0, 0x1}) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x16}], 0x1) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000680)={0x0, &(0x7f0000000700)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x259}}, @msr={0x14, 0x20, {0x603000000013df76, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013df54}}, @msr={0x14, 0x20, {0x603000000013c2a0, 0x10000000}}, @hvc={0x32, 0x40, {0x84000000, [0xa862, 0x8, 0x2, 0xa, 0xd]}}, @msr={0x14, 0x20, {0x603000000013c807, 0x3}}, @hvc={0x32, 0x40, {0x0, [0x5, 0x30, 0x7, 0x7f, 0x3]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x35c}}, @hvc={0x32, 0x40, {0x84000012, [0x2, 0xb7, 0xf, 0x0, 0x3]}}, @smc={0x1e, 0x40, {0x84000050, [0x3, 0x81, 0x5, 0x4, 0x7]}}, @hvc={0x32, 0x40, {0x8000, [0x3, 0x8e, 0x3, 0xfffffffffffffff9, 0x9]}}, @msr={0x14, 0x20, {0x603000000013f2b0, 0x1}}, @uexit={0x0, 0x18, 0xe}, @smc={0x1e, 0x40, {0xc4000012, [0x800, 0x7, 0x4, 0x3, 0x5]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x196}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x72}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0xc4c9, 0x4}}, @msr={0x14, 0x20, {0x603000000013e6db, 0x7fff}}], 0x320}, &(0x7f00000006c0)=[@featur2={0x1, 0x82}], 0x1) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r13, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000140)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000e96000/0x1000)=nil}) ioctl$KVM_RESET_DIRTY_RINGS(r9, 0xaec7) r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x35) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r14, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x1}) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="a8ab65a88c4852be5550ea3e2c4b84e478eccbdb2654c313", 0x0, 0x18) mmap$KVM_VCPU(&(0x7f0000c44000/0xd000)=nil, 0x930, 0x0, 0xce36b03e1c480b38, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_MP_STATE(r11, 0x8004ae98, &(0x7f0000000080)) 38m22.158123365s ago: executing program 2 (id=338): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xce240, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x20200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) syz_kvm_vgic_v3_setup(r4, 0x20000003, 0x80) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000053, [0x3ff, 0x0, 0x7fff, 0xfffffffffffeffff, 0xf9]}}, @hvc={0x32, 0x40, {0x4000000, [0xb6, 0xb, 0x7, 0x10000, 0xffffffff]}}, @mrs={0xbe, 0x18, {0x603000000013def0}}, @irq_setup={0x46, 0x18, {0x1, 0x3b5}}, @code={0xa, 0xb4, {"007008d5a08384d20080b0f2610180d2e20080d2a30180d2840080d2020000d4c0658ed20080b0f2410180d2220080d2830080d2a40180d2020000d420fc8bd20000b0f2610180d2820180d2430180d2240180d2020000d4007008d5000080a840e38ad200a0b0f2610180d2c20080d2230180d2840080d2020000d4007008d5000028d5209783d20020b0f2e10080d2620080d2630080d2c40180d2020000d4"}}], 0x164}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2a) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r12, 0x1000002, 0x810, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000347000/0x3000)=nil, 0x3000) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) r13 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000050000/0x4000)=nil, r12, 0x1000007, 0x40010, r13, 0x0) 37m44.207787361s ago: executing program 34 (id=337): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xa8200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x27) syz_kvm_vgic_v3_setup(r6, 0x4, 0x1a0) r7 = eventfd2(0x2, 0x80000) r8 = eventfd2(0xf, 0x80001) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000100)={r8, 0x0, 0x2, r7}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000000)={r7, 0x8, 0x2, r7}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000040)={r8, 0x0, 0x1}) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x16}], 0x1) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000680)={0x0, &(0x7f0000000700)=[@its_setup={0x82, 0x28, {0x4, 0x1, 0x259}}, @msr={0x14, 0x20, {0x603000000013df76, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013df54}}, @msr={0x14, 0x20, {0x603000000013c2a0, 0x10000000}}, @hvc={0x32, 0x40, {0x84000000, [0xa862, 0x8, 0x2, 0xa, 0xd]}}, @msr={0x14, 0x20, {0x603000000013c807, 0x3}}, @hvc={0x32, 0x40, {0x0, [0x5, 0x30, 0x7, 0x7f, 0x3]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x35c}}, @hvc={0x32, 0x40, {0x84000012, [0x2, 0xb7, 0xf, 0x0, 0x3]}}, @smc={0x1e, 0x40, {0x84000050, [0x3, 0x81, 0x5, 0x4, 0x7]}}, @hvc={0x32, 0x40, {0x8000, [0x3, 0x8e, 0x3, 0xfffffffffffffff9, 0x9]}}, @msr={0x14, 0x20, {0x603000000013f2b0, 0x1}}, @uexit={0x0, 0x18, 0xe}, @smc={0x1e, 0x40, {0xc4000012, [0x800, 0x7, 0x4, 0x3, 0x5]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x196}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x72}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0xc4c9, 0x4}}, @msr={0x14, 0x20, {0x603000000013e6db, 0x7fff}}], 0x320}, &(0x7f00000006c0)=[@featur2={0x1, 0x82}], 0x1) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r13, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000140)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r13, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000e96000/0x1000)=nil}) ioctl$KVM_RESET_DIRTY_RINGS(r9, 0xaec7) r14 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x35) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r14, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x1}) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="a8ab65a88c4852be5550ea3e2c4b84e478eccbdb2654c313", 0x0, 0x18) mmap$KVM_VCPU(&(0x7f0000c44000/0xd000)=nil, 0x930, 0x0, 0xce36b03e1c480b38, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_MP_STATE(r11, 0x8004ae98, &(0x7f0000000080)) 37m30.879449095s ago: executing program 35 (id=338): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xce240, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x20200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3) syz_kvm_vgic_v3_setup(r4, 0x20000003, 0x80) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0x84000053, [0x3ff, 0x0, 0x7fff, 0xfffffffffffeffff, 0xf9]}}, @hvc={0x32, 0x40, {0x4000000, [0xb6, 0xb, 0x7, 0x10000, 0xffffffff]}}, @mrs={0xbe, 0x18, {0x603000000013def0}}, @irq_setup={0x46, 0x18, {0x1, 0x3b5}}, @code={0xa, 0xb4, {"007008d5a08384d20080b0f2610180d2e20080d2a30180d2840080d2020000d4c0658ed20080b0f2410180d2220080d2830080d2a40180d2020000d420fc8bd20000b0f2610180d2820180d2430180d2240180d2020000d4007008d5000080a840e38ad200a0b0f2610180d2c20080d2230180d2840080d2020000d4007008d5000028d5209783d20020b0f2e10080d2620080d2630080d2c40180d2020000d4"}}], 0x164}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2a) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r12, 0x1000002, 0x810, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000347000/0x3000)=nil, 0x3000) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) r13 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000050000/0x4000)=nil, r12, 0x1000007, 0x40010, r13, 0x0) 2m23.169062092s ago: executing program 4 (id=539): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x80801) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000100)={0x5, 0x10}) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010002e, &(0x7f0000000040)=0x8000000000000005}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0xc, 0x5, 0x0}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x11b681, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x7, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0xd, 0x8, '\x00', 0x1, 0x400000000002}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x5, 0x0, 0x0, @msi={0x401, 0xfb, 0xb, 0x7}}, {0x0, 0x3, 0x0, 0x0, @sint={0x7fffffff, 0x6}}, {0xb, 0x3, 0x0, 0x0, @adapter={0x204d4ff, 0xffffffffffffffff, 0x2}}, {0x0, 0x2, 0x0, 0x0, @adapter={0x8000, 0x7fffffff, 0x20000000401, 0x7f, 0xb2d}}]}) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x8) ioctl$KVM_CREATE_VM(r11, 0x40087602, 0x20000000) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000100)={0x1, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x2, 0x1, &(0x7f0000000240)=0x9}) r15 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r15, 0xaead) syz_kvm_vgic_v3_setup(r5, 0x1, 0x0) 2m5.899557818s ago: executing program 5 (id=541): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3d) r4 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0xfffffffffffffff9, 0x2, 0x4, r4}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r5, 0x400454d0, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xe) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r6, 0x4010ae74, &(0x7f0000000000)={0x2, 0x6}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x6) r8 = syz_kvm_vgic_v3_setup(r3, 0x3, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000080)=0xfffffffffffffd12}) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x4000010, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, 0x930, 0x300000a, 0x100010, r7, 0x0) 2m4.018348647s ago: executing program 4 (id=542): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x3a) ioctl$KVM_CREATE_VM(r1, 0x5761, 0x2000001c) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xf) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000240)=0xf}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x4000000000009) (async) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x3, 0x2, &(0x7f0000000040)=0xe0a7}) (async) r7 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r12 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_irq={0x0, 0x0, 0x1000000, 0x0}) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3abf408020000001b0000005a9610fbff67521ce16f8f1f449a7ab2aa76c829d2262f00000000000000000200df38000000000000000020001e91114900", 0x0, 0xfda9) (async) openat$kvm(0x0, &(0x7f0000000080), 0x40000, 0x0) (async) r14 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x1) ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f00000001c0)=@arm64_fp={0x60400000001000a7, &(0x7f0000000100)=0x9}) ioctl$KVM_SET_GSI_ROUTING(r14, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x3, 0x2, 0x1, 0x0, @msi={0x1, 0x9ca0, 0x0, 0x7ff}}, {0x3, 0x1, 0x0, 0x0, @sint={0x8, 0x7f}}]}) (async) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x930, 0x4, 0x11, r9, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x600657af12600f2, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) 1m53.422207745s ago: executing program 5 (id=543): mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x100) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x22840, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x2, 0x4cc022b770239f26, &(0x7f0000000100)=0x8010000000000001}) ioctl$KVM_CREATE_VM(r3, 0x400454d4, 0x110c230020) (async) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async) r8 = eventfd2(0x0, 0x800) close(r8) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) write$eventfd(r8, &(0x7f0000000180)=0x5, 0xfffffde3) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0x40086602, 0x20000000) ioctl$KVM_CREATE_VM(r11, 0x401054d6, 0x110c230020) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 1m52.325585329s ago: executing program 4 (id=544): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000180), 0x2400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x84000003, 0xa, 0x3, 0x3, 0x10]}}], 0x40}, &(0x7f00000000c0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000100)=@arm64={0x4e, 0x2, 0x0, '\x00', 0x4}) ioctl$KVM_GET_VCPU_EVENTS(r9, 0x8040ae9f, &(0x7f0000000000)=@arm64) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0xe) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r12, 0x4010ae68, &(0x7f0000000040)={0xdddd1000, 0x2000}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r13, 0x4b47, 0xfffffffffffffffe) r14 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@hvc={0x32, 0x40, {0x84000050, [0x2, 0x2, 0x2, 0x3, 0x3]}}], 0x40}, 0x0, 0x0) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x26000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r17, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r15, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r18, 0x894c, 0x0) 1m41.045722586s ago: executing program 5 (id=545): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x22000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0x40305839, 0x19) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f00000000c0)) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r8, 0xae80, 0x0) 1m27.010826124s ago: executing program 4 (id=546): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) openat$kvm(0x0, 0x0, 0x22840, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000240), 0x80081, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x8, 0xc, &(0x7f00000000c0)=0x3}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000001c0)="fb0149dd833be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8faa767969d22627e700", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a97f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x0, {0x603000000013df11, 0x3}}], 0x28}, 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0x401c5820, 0x20000007) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0x1fd}, @smc={0x1e, 0x40, {0x84000050, [0x3, 0xc4, 0x80000000, 0x80000000]}}, @irq_setup={0x46, 0x18, {0x1, 0x28e}}], 0x70}, 0x0, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x50000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) 1m25.118137234s ago: executing program 5 (id=547): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380), 0xfffffffffffffe6e}, &(0x7f0000000300)=[@featur1={0x1, 0xb3}], 0x1) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00009d3000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000240)={0x0, &(0x7f00000001c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r10 = syz_kvm_vgic_v3_setup(r6, 0x2, 0x100) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x5, 0x0, 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0x401c5820, 0x8000000000000001) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve={0x6080000000150120, 0x0}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x6, 0x8, 0x2}}) 1m5.417932623s ago: executing program 4 (id=548): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000380)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0xc4000004, [0x8, 0x3, 0x0, 0xc042, 0xffffffff]}}, @msr={0x14, 0x20, {0x6030000000131a04, 0xc000000000}}, @code={0xa, 0x84, {"000028d5007008d5e0ca8bd200e0b0f2410080d2a20180d2e30080d2840080d2020000d400f8a12e007008d540479fd200c0b0f2210180d2020180d2830180d2c40180d2020000d4007008d5008008d5c0b592d200c0b0f2410180d2e20080d2430180d2840080d2020000d4000000cb"}}, @smc={0x1e, 0x40, {0xc4000003, [0x8001, 0xffffffff, 0x7ff, 0xde, 0x8000000000000001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x58, 0xfffffffffffffffe, 0x9}}, @hvc={0x32, 0x40, {0x84000000, [0x5, 0x800, 0x8, 0x5, 0x7]}}, @code={0xa, 0x9c, {"a0889dd20000b8f2e10080d2420180d2c30080d2e40080d2020000d4e003006b008008d50038201ee03981d20000b0f2210180d2e20180d2630080d2e40080d2020000d4000400380004005e20858bd20060b0f2410180d2620080d2030180d2240080d2020000d400d8217e801f90d200c0b8f2e10080d2020180d2a30080d2840080d2020000d4"}}, @svc={0x122, 0x40, {0xc400000d, [0x0, 0x7ff, 0x5a9d, 0x7fff, 0xfffffffffffff60f]}}], 0x270}, &(0x7f00000003c0)=[@featur1={0x1, 0x86}], 0x1) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000440)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000400)=0x1c}) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3a) ioctl$KVM_RUN(r0, 0xae80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000180)="f30138dd56bf00e2004b584bd92e00000f00000000000100010000020000000083f402000000235acbd98700000000000200", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x40305828, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x100000000000000, 0x0}) r10 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f0000000000)) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f00000008c0)=[@hvc={0x32, 0x40, {0xc4000053, [0x9f, 0x7a000, 0x1000, 0x3, 0x6]}}, @eret={0xe6, 0x18, 0x2d}, @smc={0x1e, 0x40, {0xc4000005, [0x8000000000000000, 0xc, 0x40, 0x8, 0x3]}}, @msr={0x14, 0x20, {0x6030000000138054, 0x4}}, @msr={0x14, 0x20, {0x603000000013e663, 0x8001}}, @eret={0xe6, 0x18, 0x80000001}, @code={0xa, 0x9c, {"000028d5e0a89bd200c0b0f2010080d2220180d2c30180d2840180d2020000d4000028d560468fd200c0b8f2410080d2620180d2430180d2640180d2020000d4007008d5a0b983d20000b8f2610180d2220180d2030180d2440080d2020000d4008008d50000591e000008d5201e9dd20040b0f2a10180d2c20180d2430080d2a40080d2020000d4"}}], 0x18c}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_RUN(r11, 0xae80, 0x0) 1m4.930170051s ago: executing program 5 (id=549): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x42741, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r5, 0x1, 0x12, r3, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r6, 0x8, 0x13, r3, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r6, 0x1000001, 0x10, r3, 0x0) 52.004642605s ago: executing program 5 (id=550): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x2, 0x1, 0x0, @msi={0x5, 0x4ec6}}, {0x9, 0x3, 0x1, 0x0, @adapter={0xd4ff, 0x0, 0x3}}, {0x0, 0x0, 0x0, 0x0, @msi}, {0x0, 0x0, 0x0, 0x0, @msi}]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r4, 0x4, 0x2e0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x50) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000640)={0x10004, 0x200, 0x200, &(0x7f0000000240)=[0x265, 0xfff, 0x9, 0x1, 0xff, 0x5, 0x7, 0x1, 0x4, 0x7, 0x99d, 0x2, 0x6, 0x7, 0x7fff, 0x8000000000000001, 0x2, 0x0, 0x8, 0x81, 0x6, 0x0, 0x4, 0x0, 0x6, 0x5, 0x3, 0x9, 0x7, 0x2, 0x6, 0x452, 0xb, 0x5, 0x8000000000000000, 0x6, 0x29, 0x9, 0x6, 0x5, 0x1, 0x6, 0x10, 0x2, 0xfffffffffffffff1, 0x2, 0x6, 0x81, 0x3, 0x5, 0x90, 0x6f7, 0x8000000000000001, 0x3, 0xb31, 0x8, 0x8000000000000001, 0x1, 0x8, 0x4, 0x0, 0x7f, 0x5, 0x6, 0x8000000000000001, 0x73, 0x9, 0x1ff, 0x1, 0xfff, 0x8001, 0x7ff, 0x3ff80000, 0x2, 0x4, 0x1, 0x6, 0x945, 0x10, 0x4, 0x20f, 0x8, 0x8, 0xfffffffffffffffb, 0x40, 0x1, 0x6, 0xea, 0x9, 0x5, 0x7, 0x7, 0x8000000000000000, 0x5, 0x8, 0xd4c0, 0x9, 0x1, 0xc, 0x5, 0xb, 0x0, 0x0, 0x5, 0x2, 0x8db, 0x3, 0x5, 0x3, 0x2, 0x6b1c530a, 0x4, 0x5, 0x400, 0x6, 0x1, 0x8, 0x518, 0x1000, 0x6, 0x7, 0x800, 0x9, 0x3fc, 0x5, 0xff, 0xffffffffffffffff, 0x5]}) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) 47.45734963s ago: executing program 4 (id=551): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (rerun: 64) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0x1f95}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xc4}, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000cbc000/0x4000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) (async, rerun: 32) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) (async, rerun: 32) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xcf}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000040)=@arm64={0x4, 0x9, 0x1, '\x00', 0xe}) (rerun: 64) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x37) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0x57) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) 4.769269041s ago: executing program 36 (id=550): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x2, 0x1, 0x0, @msi={0x5, 0x4ec6}}, {0x9, 0x3, 0x1, 0x0, @adapter={0xd4ff, 0x0, 0x3}}, {0x0, 0x0, 0x0, 0x0, @msi}, {0x0, 0x0, 0x0, 0x0, @msi}]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r4, 0x4, 0x2e0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x8}) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x50) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000640)={0x10004, 0x200, 0x200, &(0x7f0000000240)=[0x265, 0xfff, 0x9, 0x1, 0xff, 0x5, 0x7, 0x1, 0x4, 0x7, 0x99d, 0x2, 0x6, 0x7, 0x7fff, 0x8000000000000001, 0x2, 0x0, 0x8, 0x81, 0x6, 0x0, 0x4, 0x0, 0x6, 0x5, 0x3, 0x9, 0x7, 0x2, 0x6, 0x452, 0xb, 0x5, 0x8000000000000000, 0x6, 0x29, 0x9, 0x6, 0x5, 0x1, 0x6, 0x10, 0x2, 0xfffffffffffffff1, 0x2, 0x6, 0x81, 0x3, 0x5, 0x90, 0x6f7, 0x8000000000000001, 0x3, 0xb31, 0x8, 0x8000000000000001, 0x1, 0x8, 0x4, 0x0, 0x7f, 0x5, 0x6, 0x8000000000000001, 0x73, 0x9, 0x1ff, 0x1, 0xfff, 0x8001, 0x7ff, 0x3ff80000, 0x2, 0x4, 0x1, 0x6, 0x945, 0x10, 0x4, 0x20f, 0x8, 0x8, 0xfffffffffffffffb, 0x40, 0x1, 0x6, 0xea, 0x9, 0x5, 0x7, 0x7, 0x8000000000000000, 0x5, 0x8, 0xd4c0, 0x9, 0x1, 0xc, 0x5, 0xb, 0x0, 0x0, 0x5, 0x2, 0x8db, 0x3, 0x5, 0x3, 0x2, 0x6b1c530a, 0x4, 0x5, 0x400, 0x6, 0x1, 0x8, 0x518, 0x1000, 0x6, 0x7, 0x800, 0x9, 0x3fc, 0x5, 0xff, 0xffffffffffffffff, 0x5]}) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) 0s ago: executing program 37 (id=551): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (rerun: 64) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1, 0xe000, 0x1}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000340)=[@uexit={0x0, 0x18, 0x1f95}, @svc={0x122, 0x40, {0x100, [0x9, 0x7030, 0x3, 0x5, 0x3]}}, @code={0xa, 0x6c, {"008008d50044207e0000809a007008d5006c200e007c001b20ec99d20040b8f2810180d2e20180d2230180d2240180d2020000d4a0a19dd20080b0f2810180d2620080d2630080d2640080d2020000d40820601e000008d5"}}], 0xc4}, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000cbc000/0x4000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) (async, rerun: 32) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x202, 0x2, 0x1, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) (async, rerun: 32) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xcf}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4040aea0, &(0x7f0000000040)=@arm64={0x4, 0x9, 0x1, '\x00', 0xe}) (rerun: 64) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x37) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r13, 0xae03, 0x57) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) kernel console output (not intermixed with test programs): [ 368.116807][ T24] audit: type=1400 audit(367.330:74): avc: denied { write } for pid=3257 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.054143][ T24] audit: type=1400 audit(371.290:75): avc: denied { write } for pid=3261 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 374.758363][ T3204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.409497][ T24] audit: type=1400 audit(381.650:76): avc: denied { write } for pid=3267 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 387.742221][ T24] audit: type=1400 audit(386.980:77): avc: denied { write } for pid=3270 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 402.370025][ T24] audit: type=1400 audit(401.610:78): avc: denied { write } for pid=3275 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 406.202399][ T24] audit: type=1400 audit(405.420:79): avc: denied { write } for pid=3278 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 416.589884][ T24] audit: type=1400 audit(415.830:80): avc: denied { write } for pid=3283 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 420.613310][ T24] audit: type=1400 audit(419.850:81): avc: denied { write } for pid=3286 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 423.195164][ T3204] eql: remember to turn off Van-Jacobson compression on your slave devices [ 433.124477][ T24] audit: type=1400 audit(432.360:82): avc: denied { write } for pid=3292 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 437.028770][ T24] audit: type=1400 audit(436.230:83): avc: denied { write } for pid=3295 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 449.882700][ T24] audit: type=1400 audit(449.120:84): avc: denied { write } for pid=3300 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 455.033908][ T24] audit: type=1400 audit(454.270:85): avc: denied { write } for pid=3303 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 461.491356][ T24] audit: type=1400 audit(460.730:86): avc: denied { write } for pid=3305 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 465.167928][ T24] audit: type=1400 audit(464.390:87): avc: denied { write } for pid=3308 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 475.403439][ T24] audit: type=1400 audit(474.640:88): avc: denied { write } for pid=3313 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 479.386606][ T24] audit: type=1400 audit(478.620:89): avc: denied { write } for pid=3316 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 484.660647][ T24] audit: type=1400 audit(483.900:90): avc: denied { write } for pid=3318 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 488.647161][ T24] audit: type=1400 audit(487.880:91): avc: denied { write } for pid=3321 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 514.387894][ T24] audit: type=1400 audit(513.610:92): avc: denied { write } for pid=3333 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 519.477270][ T24] audit: type=1400 audit(518.680:93): avc: denied { write } for pid=3336 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 529.728468][ T24] audit: type=1400 audit(528.960:94): avc: denied { write } for pid=3340 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 533.546974][ T24] audit: type=1400 audit(532.780:95): avc: denied { write } for pid=3343 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 549.396911][ T24] audit: type=1400 audit(548.610:96): avc: denied { write } for pid=3348 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 553.299671][ T24] audit: type=1400 audit(552.520:97): avc: denied { write } for pid=3351 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '[localhost]:14499' (ED25519) to the list of known hosts. [ 588.692810][ T24] audit: type=1400 audit(587.930:98): avc: denied { name_bind } for pid=3356 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 590.570839][ T24] audit: type=1400 audit(589.800:99): avc: denied { execute } for pid=3357 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 590.609734][ T24] audit: type=1400 audit(589.830:100): avc: denied { execute_no_trans } for pid=3357 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 615.429571][ T24] audit: type=1400 audit(614.650:101): avc: denied { mounton } for pid=3357 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 615.445114][ T24] audit: type=1400 audit(614.680:102): avc: denied { mount } for pid=3357 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 615.539889][ T3357] cgroup: Unknown subsys name 'net' [ 615.594561][ T24] audit: type=1400 audit(614.830:103): avc: denied { unmount } for pid=3357 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 615.999520][ T3357] cgroup: Unknown subsys name 'cpuset' [ 616.112129][ T3357] cgroup: Unknown subsys name 'rlimit' [ 616.983332][ T24] audit: type=1400 audit(616.220:104): avc: denied { setattr } for pid=3357 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 617.008317][ T24] audit: type=1400 audit(616.240:105): avc: denied { mounton } for pid=3357 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 617.022964][ T24] audit: type=1400 audit(616.260:106): avc: denied { mount } for pid=3357 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 618.012879][ T3360] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 618.036920][ T24] audit: type=1400 audit(617.270:107): avc: denied { relabelto } for pid=3360 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 618.061132][ T24] audit: type=1400 audit(617.300:108): avc: denied { write } for pid=3360 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 618.252227][ T24] audit: type=1400 audit(617.490:109): avc: denied { read } for pid=3357 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 618.270555][ T24] audit: type=1400 audit(617.500:110): avc: denied { open } for pid=3357 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 618.317017][ T3357] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 678.688122][ T24] audit: type=1400 audit(677.920:111): avc: denied { write } for pid=3361 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 679.990142][ T24] audit: type=1400 audit(679.220:112): avc: denied { execmem } for pid=3362 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 681.108409][ T24] audit: type=1400 audit(680.320:113): avc: denied { write } for pid=3366 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 685.330501][ T24] audit: type=1400 audit(684.570:114): avc: denied { read } for pid=3368 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 685.360487][ T24] audit: type=1400 audit(684.600:115): avc: denied { open } for pid=3369 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 685.417346][ T24] audit: type=1400 audit(684.640:116): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 685.677102][ T24] audit: type=1400 audit(684.870:117): avc: denied { module_request } for pid=3368 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 686.599854][ T24] audit: type=1400 audit(685.830:118): avc: denied { sys_module } for pid=3368 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 712.098845][ T3368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.178429][ T3369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.249107][ T3368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.309699][ T3369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 723.901326][ T3368] hsr_slave_0: entered promiscuous mode [ 723.929420][ T3368] hsr_slave_1: entered promiscuous mode [ 725.061310][ T3369] hsr_slave_0: entered promiscuous mode [ 725.093627][ T3369] hsr_slave_1: entered promiscuous mode [ 725.124596][ T3369] debugfs: 'hsr0' already exists in 'hsr' [ 725.138933][ T3369] Cannot create hsr debugfs directory [ 730.561187][ T24] audit: type=1400 audit(729.800:119): avc: denied { create } for pid=3368 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.597812][ T24] audit: type=1400 audit(729.830:120): avc: denied { write } for pid=3368 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.647898][ T24] audit: type=1400 audit(729.880:121): avc: denied { read } for pid=3368 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 730.802129][ T3368] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 731.199320][ T3368] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 731.302466][ T3368] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 731.489267][ T3368] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 731.591783][ T3368] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 731.742679][ T3368] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 731.774500][ T3368] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 731.852691][ T3368] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 733.683231][ T3369] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 733.868753][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 733.943558][ T3369] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 734.130379][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 734.250398][ T3369] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 734.428542][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 734.483721][ T3369] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.650400][ T3369] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 745.752076][ T3368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 748.569287][ T3369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 799.964957][ T3368] veth0_vlan: entered promiscuous mode [ 800.419054][ T3368] veth1_vlan: entered promiscuous mode [ 802.332309][ T3368] veth0_macvtap: entered promiscuous mode [ 802.809991][ T3369] veth0_vlan: entered promiscuous mode [ 802.959463][ T3368] veth1_macvtap: entered promiscuous mode [ 803.768676][ T3369] veth1_vlan: entered promiscuous mode [ 805.219816][ T3380] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.232310][ T3380] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.241527][ T3380] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.279074][ T3380] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 806.900420][ T3369] veth0_macvtap: entered promiscuous mode [ 807.485298][ T3369] veth1_macvtap: entered promiscuous mode [ 807.574812][ T24] audit: type=1400 audit(806.810:122): avc: denied { mount } for pid=3368 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 807.978855][ T24] audit: type=1400 audit(807.200:123): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/syzkaller.Yos3ID/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 808.177110][ T24] audit: type=1400 audit(807.410:124): avc: denied { mount } for pid=3368 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 808.531069][ T24] audit: type=1400 audit(807.770:125): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/syzkaller.Yos3ID/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 808.648316][ T24] audit: type=1400 audit(807.880:126): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/syzkaller.Yos3ID/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 809.273778][ T24] audit: type=1400 audit(808.510:127): avc: denied { unmount } for pid=3368 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 809.618052][ T24] audit: type=1400 audit(808.850:128): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 809.738638][ T24] audit: type=1400 audit(808.940:129): avc: denied { mount } for pid=3368 comm="syz-executor" name="/" dev="gadgetfs" ino=3740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 809.922217][ T3380] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.938190][ T3380] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.947531][ T3380] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.955081][ T3380] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.169311][ T24] audit: type=1400 audit(809.400:130): avc: denied { mount } for pid=3368 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 810.238900][ T24] audit: type=1400 audit(809.470:131): avc: denied { mounton } for pid=3368 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 811.951466][ T3368] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 813.067102][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 813.067989][ T24] audit: type=1400 audit(812.220:133): avc: denied { read write } for pid=3368 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 813.068869][ T24] audit: type=1400 audit(812.290:134): avc: denied { open } for pid=3368 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 813.147131][ T24] audit: type=1400 audit(812.290:135): avc: denied { ioctl } for pid=3368 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 825.978416][ T24] audit: type=1400 audit(825.210:136): avc: denied { read } for pid=3521 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 826.101580][ T24] audit: type=1400 audit(825.340:137): avc: denied { open } for pid=3521 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 826.753742][ T24] audit: type=1400 audit(825.990:138): avc: denied { ioctl } for pid=3521 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 830.831413][ T24] audit: type=1400 audit(830.070:139): avc: denied { execute } for pid=3521 comm="syz.0.1" path=2F302F10FBFF67525673312B0104 dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 831.597434][ T24] audit: type=1400 audit(830.820:140): avc: denied { map } for pid=3523 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 831.651856][ T24] audit: type=1400 audit(830.890:141): avc: denied { execute } for pid=3523 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 837.707457][ T24] audit: type=1400 audit(836.940:142): avc: denied { write } for pid=3529 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 838.349509][ T24] audit: type=1400 audit(837.540:143): avc: denied { create } for pid=3529 comm="syz.1.3" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 852.977234][ T24] audit: type=1400 audit(852.200:144): avc: denied { execute } for pid=3540 comm="syz.1.6" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4103 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 866.888855][ T24] audit: type=1400 audit(866.120:145): avc: denied { append } for pid=3550 comm="syz.1.10" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 996.922600][ T24] audit: type=1400 audit(996.160:146): avc: denied { setattr } for pid=3609 comm="syz.1.31" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1025.842976][ T24] audit: type=1400 audit(1025.080:147): avc: denied { ioctl } for pid=3621 comm="syz.1.36" path="net:[4026532627]" dev="nsfs" ino=4026532627 ioctlcmd=0xb709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1152.752914][ T24] audit: type=1400 audit(1151.970:148): avc: denied { map } for pid=3685 comm="syz.1.58" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1152.811458][ T24] audit: type=1400 audit(1152.040:149): avc: denied { read } for pid=3685 comm="syz.1.58" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=6718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1235.378290][ T3735] kvm [3735]: Failed to find VMA for hva 0x20d8d000 [ 1239.065370][ T3740] kvm [3740]: Failed to find VMA for hva 0x21016000 [ 1245.630467][ T24] audit: type=1400 audit(1244.860:150): avc: denied { write } for pid=3742 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1255.517898][ T24] audit: type=1400 audit(1254.650:151): avc: denied { write } for pid=3750 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1464.611109][ T24] audit: type=1400 audit(1463.850:152): avc: denied { write } for pid=3866 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1468.347289][ T24] audit: type=1400 audit(1467.520:153): avc: denied { write } for pid=3869 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1495.598950][ T3380] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.009109][ T3380] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.230102][ T3380] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1499.419966][ T3380] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1510.961038][ T3380] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1511.062831][ T3380] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1511.129936][ T3380] bond0 (unregistering): Released all slaves [ 1512.328510][ T3380] hsr_slave_0: left promiscuous mode [ 1512.418304][ T3380] hsr_slave_1: left promiscuous mode [ 1512.961329][ T3380] veth1_macvtap: left promiscuous mode [ 1512.972052][ T3380] veth0_macvtap: left promiscuous mode [ 1513.000348][ T3380] veth1_vlan: left promiscuous mode [ 1513.009138][ T3380] veth0_vlan: left promiscuous mode [ 1530.380881][ T3380] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1531.113128][ T3380] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1532.210292][ T3380] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1533.121249][ T3380] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1535.413153][ T24] audit: type=1400 audit(1534.650:154): avc: denied { write } for pid=3900 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1540.734247][ T24] audit: type=1400 audit(1539.920:155): avc: denied { write } for pid=3908 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1549.148005][ T3380] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1549.318967][ T3380] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1549.430509][ T3380] bond0 (unregistering): Released all slaves [ 1550.961839][ T3204] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1551.748646][ T3380] hsr_slave_0: left promiscuous mode [ 1551.816485][ T3380] hsr_slave_1: left promiscuous mode [ 1552.256876][ T3380] veth1_macvtap: left promiscuous mode [ 1552.260026][ T3380] veth0_macvtap: left promiscuous mode [ 1552.277216][ T3380] veth1_vlan: left promiscuous mode [ 1552.280724][ T3380] veth0_vlan: left promiscuous mode [ 1572.952202][ T24] audit: type=1400 audit(1572.140:156): avc: denied { write } for pid=3926 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1577.077062][ T24] audit: type=1400 audit(1576.310:157): avc: denied { write } for pid=3936 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1579.102340][ T3874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1579.437057][ T3874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1580.192299][ T3204] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1584.111408][ T3878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1584.419254][ T3878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1589.218785][ T24] audit: type=1400 audit(1588.450:158): avc: denied { write } for pid=3949 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1593.787424][ T24] audit: type=1400 audit(1593.020:159): avc: denied { write } for pid=3958 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1597.361282][ T3204] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1598.035401][ T3874] hsr_slave_0: entered promiscuous mode [ 1598.101224][ T3874] hsr_slave_1: entered promiscuous mode [ 1604.647810][ T3878] hsr_slave_0: entered promiscuous mode [ 1604.708967][ T3878] hsr_slave_1: entered promiscuous mode [ 1604.754590][ T3878] debugfs: 'hsr0' already exists in 'hsr' [ 1604.759087][ T3878] Cannot create hsr debugfs directory [ 1607.427431][ T24] audit: type=1400 audit(1606.620:160): avc: denied { write } for pid=3969 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1612.880227][ T24] audit: type=1400 audit(1612.110:161): avc: denied { write } for pid=3973 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1616.334218][ T3204] 8021q: adding VLAN 0 to HW filter on device eth4 [ 1617.581128][ T3874] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1617.892352][ T3874] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1618.100700][ T3874] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1618.489303][ T3874] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1618.639055][ T3874] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1618.979171][ T3874] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1619.573030][ T3874] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1619.810858][ T3874] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1622.577517][ T3878] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1622.774469][ T3878] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1622.831496][ T3878] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1623.038676][ T3878] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1623.122527][ T3878] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1623.402924][ T3878] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1623.445100][ T3878] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1623.739931][ T3878] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1628.808664][ T24] audit: type=1400 audit(1628.040:162): avc: denied { write } for pid=3987 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1634.577899][ T24] audit: type=1400 audit(1633.810:163): avc: denied { write } for pid=4002 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1638.782990][ T3204] 8021q: adding VLAN 0 to HW filter on device eth5 [ 1642.649050][ T3874] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1646.124205][ T3878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1651.847799][ T24] audit: type=1400 audit(1651.000:164): avc: denied { write } for pid=4013 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1658.010464][ T24] audit: type=1400 audit(1657.240:165): avc: denied { write } for pid=4023 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1663.432532][ T3204] 8021q: adding VLAN 0 to HW filter on device eth6 [ 1681.677249][ T24] audit: type=1400 audit(1680.900:166): avc: denied { write } for pid=4037 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1689.504333][ T24] audit: type=1400 audit(1688.720:167): avc: denied { write } for pid=4046 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1693.752590][ T3204] 8021q: adding VLAN 0 to HW filter on device eth7 [ 1706.468316][ T24] audit: type=1400 audit(1705.700:168): avc: denied { write } for pid=4062 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1713.102417][ T24] audit: type=1400 audit(1712.240:169): avc: denied { write } for pid=4073 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1718.062910][ T3204] 8021q: adding VLAN 0 to HW filter on device eth8 [ 1733.850500][ T3874] veth0_vlan: entered promiscuous mode [ 1735.060900][ T3874] veth1_vlan: entered promiscuous mode [ 1739.821624][ T3874] veth0_macvtap: entered promiscuous mode [ 1740.398092][ T3878] veth0_vlan: entered promiscuous mode [ 1740.699694][ T3874] veth1_macvtap: entered promiscuous mode [ 1742.621493][ T3878] veth1_vlan: entered promiscuous mode [ 1746.309087][ T41] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1746.318892][ T41] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1746.438009][ T41] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1746.444115][ T41] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1748.944256][ T3878] veth0_macvtap: entered promiscuous mode [ 1749.973857][ T3878] veth1_macvtap: entered promiscuous mode [ 1752.973847][ T24] audit: type=1400 audit(1752.210:170): avc: denied { unmount } for pid=3874 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1754.114107][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.172956][ T3472] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.189495][ T3472] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.308898][ T3472] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1773.587689][ T24] audit: type=1400 audit(1772.750:171): avc: denied { write } for pid=4109 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1783.481709][ T24] audit: type=1400 audit(1782.700:172): avc: denied { write } for pid=4121 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1809.400757][ T24] audit: type=1400 audit(1808.630:173): avc: denied { write } for pid=4135 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1821.656540][ T24] audit: type=1400 audit(1820.880:174): avc: denied { write } for pid=4142 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1850.900247][ T24] audit: type=1400 audit(1850.120:175): avc: denied { write } for pid=4161 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1862.614638][ T24] audit: type=1400 audit(1861.820:176): avc: denied { write } for pid=4171 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1882.407251][ T24] audit: type=1400 audit(1881.640:177): avc: denied { write } for pid=4181 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1890.690006][ T24] audit: type=1400 audit(1889.920:178): avc: denied { write } for pid=4185 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1908.904102][ T24] audit: type=1400 audit(1908.140:179): avc: denied { write } for pid=4195 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1920.187742][ T24] audit: type=1400 audit(1919.410:180): avc: denied { write } for pid=4204 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1938.969742][ T24] audit: type=1400 audit(1938.120:181): avc: denied { write } for pid=4216 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1948.746500][ T24] audit: type=1400 audit(1947.980:182): avc: denied { write } for pid=4227 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1968.583880][ T24] audit: type=1400 audit(1967.800:183): avc: denied { write } for pid=4240 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1979.910799][ T24] audit: type=1400 audit(1979.140:184): avc: denied { write } for pid=4253 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2007.474143][ T24] audit: type=1400 audit(2006.710:185): avc: denied { write } for pid=4264 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2016.719004][ T24] audit: type=1400 audit(2015.950:186): avc: denied { write } for pid=4273 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2040.177681][ T24] audit: type=1400 audit(2039.370:187): avc: denied { write } for pid=4285 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2051.880151][ T24] audit: type=1400 audit(2051.000:188): avc: denied { write } for pid=4292 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2241.277128][ T24] audit: type=1400 audit(2240.510:189): avc: denied { write } for pid=4387 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2250.517575][ T24] audit: type=1400 audit(2249.730:190): avc: denied { write } for pid=4394 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2581.825269][ T24] audit: type=1400 audit(2581.050:191): avc: denied { write } for pid=4557 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2593.494112][ T24] audit: type=1400 audit(2592.690:192): avc: denied { write } for pid=4567 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2866.301983][ T24] audit: type=1400 audit(2865.530:193): avc: denied { write } for pid=4703 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2877.420125][ T24] audit: type=1400 audit(2876.590:194): avc: denied { write } for pid=4711 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3204.370328][ T4874] kvm [4874]: Failed to find VMA for hva 0x20000000 [ 3323.237451][ T4933] kvm [4933]: Failed to find VMA for hva 0x20d8b000 [ 3336.882831][ T24] audit: type=1400 audit(3336.070:195): avc: denied { write } for pid=4935 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3341.327271][ T24] audit: type=1400 audit(3340.560:196): avc: denied { write } for pid=4938 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3432.450348][ T4941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3432.742302][ T4941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3443.459669][ T4947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3443.722355][ T4947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3461.090683][ T4941] hsr_slave_0: entered promiscuous mode [ 3461.181852][ T4941] hsr_slave_1: entered promiscuous mode [ 3461.257517][ T4941] debugfs: 'hsr0' already exists in 'hsr' [ 3461.260993][ T4941] Cannot create hsr debugfs directory [ 3473.901866][ T4947] hsr_slave_0: entered promiscuous mode [ 3473.950965][ T4947] hsr_slave_1: entered promiscuous mode [ 3474.041362][ T4947] debugfs: 'hsr0' already exists in 'hsr' [ 3474.044461][ T4947] Cannot create hsr debugfs directory [ 3486.297272][ T4941] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 3486.722772][ T4941] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 3487.598653][ T4941] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 3487.909515][ T4941] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 3488.618963][ T4941] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 3488.930496][ T4941] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 3489.657658][ T4941] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 3490.010134][ T4941] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 3501.553496][ T4947] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 3501.871023][ T4947] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 3502.002218][ T4947] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 3502.500720][ T4947] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 3502.651700][ T4947] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 3503.081273][ T4947] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 3503.231352][ T4947] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 3503.674377][ T4947] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 3524.881325][ T4941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3539.371507][ T4947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3553.689226][ T5040] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3555.664783][ T5040] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3557.563148][ T5040] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3559.692584][ T5040] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3578.240301][ T5040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3578.450853][ T5040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3578.592537][ T5040] bond0 (unregistering): Released all slaves [ 3581.200623][ T5040] hsr_slave_0: left promiscuous mode [ 3581.241436][ T5040] hsr_slave_1: left promiscuous mode [ 3581.800690][ T5040] veth1_macvtap: left promiscuous mode [ 3581.809611][ T5040] veth0_macvtap: left promiscuous mode [ 3581.810962][ T5040] veth1_vlan: left promiscuous mode [ 3581.811984][ T5040] veth0_vlan: left promiscuous mode [ 3614.992339][ T5040] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3617.474514][ T5040] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3619.189224][ T5040] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3620.621963][ T5040] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3629.557196][ T24] audit: type=1400 audit(3628.790:197): avc: denied { write } for pid=5064 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3637.790023][ T24] audit: type=1400 audit(3637.020:198): avc: denied { write } for pid=5074 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3642.118069][ T5040] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3642.458566][ T5040] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3642.582770][ T5040] bond0 (unregistering): Released all slaves [ 3643.290554][ T3204] 8021q: adding VLAN 0 to HW filter on device eth9 [ 3644.393217][ T5040] hsr_slave_0: left promiscuous mode [ 3644.792844][ T5040] hsr_slave_1: left promiscuous mode [ 3645.541822][ T5040] veth1_macvtap: left promiscuous mode [ 3645.587003][ T5040] veth0_macvtap: left promiscuous mode [ 3645.623865][ T5040] veth1_vlan: left promiscuous mode [ 3645.632969][ T5040] veth0_vlan: left promiscuous mode [ 3678.034434][ T24] audit: type=1400 audit(3677.270:199): avc: denied { write } for pid=5081 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3684.809983][ T24] audit: type=1400 audit(3684.050:200): avc: denied { write } for pid=5091 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3702.528745][ T24] audit: type=1400 audit(3701.710:201): avc: denied { write } for pid=5107 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3709.181064][ T24] audit: type=1400 audit(3708.360:202): avc: denied { write } for pid=5116 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3715.212273][ T3204] 8021q: adding VLAN 0 to HW filter on device eth10 [ 3734.239443][ T24] audit: type=1400 audit(3733.470:203): avc: denied { write } for pid=5132 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3735.108611][ T4941] veth0_vlan: entered promiscuous mode [ 3736.088856][ T4941] veth1_vlan: entered promiscuous mode [ 3739.504193][ T4941] veth0_macvtap: entered promiscuous mode [ 3740.164959][ T4941] veth1_macvtap: entered promiscuous mode [ 3743.274104][ T3882] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3743.300104][ T3882] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3743.323719][ T3882] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3743.334572][ T3882] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3744.746483][ T24] audit: type=1400 audit(3743.960:204): avc: denied { write } for pid=5139 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3751.308627][ T3204] 8021q: adding VLAN 0 to HW filter on device eth11 [ 3751.386353][ T4947] veth0_vlan: entered promiscuous mode [ 3752.782401][ T4947] veth1_vlan: entered promiscuous mode [ 3756.802687][ T4947] veth0_macvtap: entered promiscuous mode [ 3757.623408][ T4947] veth1_macvtap: entered promiscuous mode [ 3761.811217][ T3452] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3761.820793][ T3452] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3761.949624][ T3452] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3761.979650][ T3452] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3774.608260][ T24] audit: type=1400 audit(3773.770:205): avc: denied { write } for pid=5152 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3787.278351][ T24] audit: type=1400 audit(3786.480:206): avc: denied { write } for pid=5161 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3796.142673][ T3204] 8021q: adding VLAN 0 to HW filter on device eth12 [ 3822.484005][ T24] audit: type=1400 audit(3821.680:207): avc: denied { write } for pid=5174 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3833.145114][ T24] audit: type=1400 audit(3832.250:208): avc: denied { write } for pid=5182 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3841.118257][ T3204] 8021q: adding VLAN 0 to HW filter on device eth13 [ 3866.901912][ T24] audit: type=1400 audit(3866.140:209): avc: denied { write } for pid=5198 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3878.342563][ T24] audit: type=1400 audit(3877.570:210): avc: denied { write } for pid=5210 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3886.092321][ T3204] 8021q: adding VLAN 0 to HW filter on device eth14 [ 3913.029283][ T24] audit: type=1400 audit(3912.140:211): avc: denied { write } for pid=5226 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3926.183381][ T24] audit: type=1400 audit(3925.420:212): avc: denied { write } for pid=5243 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3934.522881][ T3204] 8021q: adding VLAN 0 to HW filter on device eth15 [ 3945.372567][ T24] audit: type=1400 audit(3944.600:213): avc: denied { write } for pid=5245 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3957.152289][ T24] audit: type=1400 audit(3956.370:214): avc: denied { write } for pid=5254 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3993.291087][ T24] audit: type=1400 audit(3992.490:215): avc: denied { write } for pid=5269 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4004.720450][ T24] audit: type=1400 audit(4003.940:216): avc: denied { write } for pid=5281 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4012.440770][ T3204] 8021q: adding VLAN 0 to HW filter on device eth16 [ 4080.818919][ T24] audit: type=1400 audit(4079.940:217): avc: denied { write } for pid=5322 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4094.518910][ T24] audit: type=1400 audit(4093.750:218): avc: denied { write } for pid=5331 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4122.298583][ T24] audit: type=1400 audit(4121.500:219): avc: denied { write } for pid=5342 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4134.369270][ T24] audit: type=1400 audit(4133.570:220): avc: denied { write } for pid=5353 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4158.119698][ T24] audit: type=1400 audit(4157.270:221): avc: denied { write } for pid=5362 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4171.618397][ T24] audit: type=1400 audit(4170.840:222): avc: denied { write } for pid=5373 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4195.246756][ T24] audit: type=1400 audit(4194.370:223): avc: denied { write } for pid=5382 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4208.808025][ T24] audit: type=1400 audit(4208.020:224): avc: denied { write } for pid=5390 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4240.737818][ T24] audit: type=1400 audit(4239.970:225): avc: denied { write } for pid=5401 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4252.178193][ T24] audit: type=1400 audit(4251.300:226): avc: denied { write } for pid=5412 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4317.627247][ T24] audit: type=1400 audit(4316.750:227): avc: denied { write } for pid=5448 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4330.460160][ T24] audit: type=1400 audit(4329.690:228): avc: denied { write } for pid=5458 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4352.599867][ T24] audit: type=1400 audit(4351.810:229): avc: denied { write } for pid=5462 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4363.689713][ T24] audit: type=1400 audit(4362.900:230): avc: denied { write } for pid=5476 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4396.840312][ T24] audit: type=1400 audit(4396.070:231): avc: denied { write } for pid=5488 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4410.534182][ T24] audit: type=1400 audit(4409.730:232): avc: denied { write } for pid=5499 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4429.957005][ T24] audit: type=1400 audit(4429.190:233): avc: denied { write } for pid=5509 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4442.377163][ T24] audit: type=1400 audit(4441.490:234): avc: denied { write } for pid=5516 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4732.101371][ T5649] kvm [5649]: Failed to find VMA for hva 0x21016000 [ 4760.817782][ T24] audit: type=1400 audit(4760.010:235): avc: denied { write } for pid=5654 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4773.529957][ T24] audit: type=1400 audit(4772.650:236): avc: denied { write } for pid=5668 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5115.342074][ T24] audit: type=1400 audit(5114.530:237): avc: denied { write } for pid=5813 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5128.929022][ T24] audit: type=1400 audit(5128.140:238): avc: denied { write } for pid=5823 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5392.924676][ T24] audit: type=1400 audit(5392.060:239): avc: denied { write } for pid=5948 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5406.049100][ T24] audit: type=1400 audit(5405.230:240): avc: denied { write } for pid=5954 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5714.494754][ T6043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5714.992754][ T6043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5720.323926][ T6045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5720.731718][ T6045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5746.071001][ T24] audit: type=1400 audit(5745.300:241): avc: denied { write } for pid=6097 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5754.310423][ T6043] hsr_slave_0: entered promiscuous mode [ 5754.411273][ T6043] hsr_slave_1: entered promiscuous mode [ 5755.980468][ T24] audit: type=1400 audit(5755.200:242): avc: denied { write } for pid=6107 comm="rm" name="hook-state" dev="tmpfs" ino=94 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5761.634308][ T6045] hsr_slave_0: entered promiscuous mode [ 5761.751586][ T6045] hsr_slave_1: entered promiscuous mode [ 5761.928999][ T6045] debugfs: 'hsr0' already exists in 'hsr' [ 5761.933166][ T6045] Cannot create hsr debugfs directory [ 5788.107699][ T6043] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 5788.851394][ T6043] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5788.974250][ T6043] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 5789.542474][ T6043] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5789.918837][ T6043] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 5790.343398][ T6043] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5790.679576][ T6043] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 5791.320966][ T6043] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5797.780226][ T6045] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 5798.278536][ T6045] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5798.474477][ T6045] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 5798.847330][ T6045] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5799.072784][ T6045] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 5799.493140][ T6045] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5799.673942][ T6045] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 5800.229993][ T6045] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5833.503953][ T6043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5840.894378][ T6045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6004.129615][ T6043] veth0_vlan: entered promiscuous mode [ 6005.792626][ T6043] veth1_vlan: entered promiscuous mode [ 6010.636419][ T6043] veth0_macvtap: entered promiscuous mode [ 6012.278983][ T6043] veth1_macvtap: entered promiscuous mode [ 6016.291430][ T6045] veth0_vlan: entered promiscuous mode [ 6019.608547][ T6045] veth1_vlan: entered promiscuous mode [ 6021.747657][ T26] INFO: task syz.5.550:6032 blocked for more than 430 seconds. [ 6021.798512][ T26] Not tainted syzkaller #0 [ 6021.810746][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 6021.811308][ T26] task:syz.5.550 state:D stack:0 pid:6032 tgid:6032 ppid:4947 task_flags:0x400040 flags:0x00000011 [ 6021.812799][ T26] Call trace: [ 6021.813293][ T26] __switch_to+0x5e0/0xb70 (T) SYZFAIL: failed to recv rpc [ 6021.937125][ T26] __schedule+0x2554/0x3828 [ 6021.957853][ T26] schedule+0xac/0x278 [ 6021.972035][ T26] schedule_timeout+0x68/0x1ec [ 6021.986723][ T26] do_wait_for_common+0x270/0x428 [ 6021.987350][ T26] wait_for_completion+0x44/0x5c [ 6021.987870][ T26] __synchronize_srcu+0x1b4/0x1f4 [ 6021.988413][ T26] synchronize_srcu+0x668/0x8dc [ 6021.988953][ T26] mmu_notifier_unregister+0x320/0x428 [ 6021.989432][ T26] kvm_put_kvm+0x69c/0xbbc [ 6021.989894][ T26] kvm_vm_release+0x58/0x78 [ 6021.990351][ T26] __fput+0x4ac/0x978 [ 6021.990814][ T26] ____fput+0x20/0x30 [ 6021.991237][ T26] task_work_run+0x1b8/0x250 [ 6021.991703][ T26] exit_to_user_mode_loop+0x110/0x188 [ 6021.992210][ T26] el0_svc+0x184/0x238 [ 6021.992693][ T26] el0t_64_sync_handler+0x84/0x12c [ 6021.993153][ T26] el0t_64_sync+0x198/0x19c [ 6021.994789][ T26] [ 6021.994789][ T26] Showing all locks held in the system: [ 6021.995299][ T26] 1 lock held by khungtaskd/26: [ 6022.178029][ T26] #0: ffff800087db4518 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 6022.180836][ T26] 1 lock held by dhcpcd/3203: [ 6022.181229][ T26] 1 lock held by dhcpcd/3204: [ 6022.181571][ T26] 2 locks held by getty/3235: [ 6022.181929][ T26] #0: ccf000001277a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 6022.184213][ T26] #1: 34ff80008cb4b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x314/0x1214 [ 6022.373025][ T26] 2 locks held by syz-executor/3357: [ 6022.378389][ T26] 3 locks held by kworker/u4:7/3452: [ 6022.378874][ T26] 3 locks held by kworker/u4:9/4029: [ 6022.379192][ T26] #0: 3df0000012627940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x804/0x1d5c [ 6022.380936][ T26] #1: ffff80008ecc7cb8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x890/0x1d5c [ 6022.383131][ T26] #2: ffff8000880e2838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 6022.384890][ T26] 3 locks held by kworker/u4:0/4467: [ 6022.385218][ T26] 3 locks held by kworker/u4:1/4627: [ 6022.517275][ T26] #0: 7ff0000012643140 ((wq_completion)udp_tunnel_nic){+.+.}-{0:0}, at: process_one_work+0x804/0x1d5c [ 6022.519431][ T26] #1: ffff80008f7f7cb8 ((work_completion)(&utn->work)){+.+.}-{0:0}, at: process_one_work+0x890/0x1d5c [ 6022.521137][ T26] #2: ffff8000880e2838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 6022.522793][ T26] 3 locks held by kworker/u4:5/4969: [ 6022.523127][ T26] 2 locks held by kworker/u4:8/5007: [ 6022.523480][ T26] 2 locks held by syz.4.551/6038: [ 6022.523853][ T26] 3 locks held by kworker/0:4/6040: [ 6022.524165][ T26] #0: e6f000000d018f40 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x804/0x1d5c [ 6022.687673][ T26] #1: ffff80008f6c7cb8 (rx_mode_work){+.+.}-{0:0}, at: process_one_work+0x890/0x1d5c [ 6022.689600][ T26] #2: ffff8000880e2838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 6022.691248][ T26] 1 lock held by syz-executor/6043: [ 6022.691594][ T26] #0: ffff8000880e2838 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 6022.693262][ T26] 2 locks held by syz-executor/6045: [ 6022.693643][ T26] 3 locks held by kworker/u4:12/6134: [ 6022.693963][ T26] 3 locks held by kworker/u4:13/6164: [ 6022.694256][ T26] 2 locks held by kworker/0:5/6205: [ 6022.694773][ T26] [ 6022.695040][ T26] ============================================= [ 6022.695040][ T26] [ 6022.818708][ T26] Kernel panic - not syncing: hung_task: blocked tasks [ 6022.822307][ T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 6022.823902][ T26] Hardware name: linux,dummy-virt (DT) [ 6022.824855][ T26] Call trace: [ 6022.825733][ T26] show_stack+0x2c/0x3c (C) [ 6022.826816][ T26] __dump_stack+0x30/0x40 [ 6022.827784][ T26] dump_stack_lvl+0x30/0x12c [ 6022.828737][ T26] dump_stack+0x1c/0x28 [ 6022.829673][ T26] vpanic+0x4cc/0x844 [ 6022.830543][ T26] vpanic+0x0/0x844 [ 6022.831358][ T26] hung_task_panic+0x0/0x2c [ 6022.832351][ T26] kthread+0x4d4/0x51c [ 6022.833231][ T26] ret_from_fork+0x10/0x20 [ 6022.835119][ T26] Kernel Offset: disabled [ 6022.835873][ T26] CPU features: 0x00000000,0034600b,f7c647a1,057ffe1f [ 6022.837013][ T26] Memory Limit: none [ 6022.839298][ T26] Rebooting in 86400 seconds..