last executing test programs: 37m41.772106203s ago: executing program 0 (id=82): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r5 = ioctl$KVM_CREATE_VM(r4, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0x8004b706, 0x0) (async) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r11, 0x4068aea3, &(0x7f00000002c0)={0xe1, 0x0, 0x10000}) (async) r12 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000080)={0x4, 0x80a, 0x1}}) (async) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) 37m32.923360737s ago: executing program 0 (id=84): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000080)={0x1}) r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = eventfd2(0x600000, 0x80800) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r7, 0x2}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x1, 0x1, &(0x7f0000000000)=0x3}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x4, r7}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) openat$kvm(0x0, 0x0, 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x4, 0x4, 0x0}) ioctl$KVM_SET_GSI_ROUTING(r12, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="0207"]) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x200000e, 0x11, r2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x9a07f, 0x0) 37m18.751205779s ago: executing program 1 (id=86): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) openat$kvm(0x0, &(0x7f0000000000), 0x72483, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r1, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) 37m15.580800572s ago: executing program 0 (id=87): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0xa00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur2={0x1, 0xf}], 0x1) (async) r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x2, 0x20}}], 0x18}, 0x0, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x3, 0x11, r7, 0x0) r11 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r9, 0x3, 0x11, r8, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x35) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000}) (async) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r13, 0x4010ae68, &(0x7f0000000080)={0x1}) (async, rerun: 64) syz_kvm_assert_syzos_uexit$arm64(r11, 0xffffffffffffffff) (async, rerun: 64) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x18) syz_kvm_assert_reg(r16, 0x603000000013df12, 0x8000) (async) r17 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000001000/0x4000)=nil, r17, 0x3000001, 0x13, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000cc9000/0x4000)=nil, r17, 0x4, 0x10, r6, 0x0) (async, rerun: 32) syz_kvm_assert_syzos_uexit$arm64(r10, 0xfffffffffffffffe) 37m10.207301491s ago: executing program 1 (id=88): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x5) openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x8, 0x2, 0x0, 0x0, @sint={0x2, 0x6}}]}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e700", 0x0, 0x48) 37m6.228861121s ago: executing program 0 (id=89): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfd000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000600)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x800}, @msr={0x14, 0x20, {0x603000000013e208, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0xb, 0x1ff, 0xf00, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x4, 0xd, 0x5a1a, 0x3, 0x2}}, @eret={0xe6, 0x18, 0xfffffffffffffff8}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013e600, 0x2}}, @code={0xa, 0xb4, {"c06a9fd20080b0f2210080d2e20080d2430080d2040180d2020000d400a4006f004b85d20020b8f2410180d2820180d2e30180d2040080d2020000d480fb9bd200c0b0f2810180d2c20180d2830180d2640080d2020000d40084ff0d000028d5804e8ed200e0b0f2610180d2a20180d2c30080d2640080d2020000d400a4004f000820f8c05e81d200e0b0f2a10180d2c20180d2830180d2040080d2020000d4"}}, @smc={0x1e, 0x40, {0x84000012, [0x7, 0x8, 0x7f6, 0x9, 0x6]}}, @svc={0x122, 0x40, {0x800, [0x9, 0x7fffffff, 0x6, 0x6, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x1cd}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x380, 0x5, 0x8}}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x50}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x8000000000000000}}, @code={0xa, 0xb4, {"406483d200c0b0f2a10080d2a20080d2430080d2840180d2020000d4c00d9fd20080b8f2810180d2e20080d2230180d2a40080d2020000d4000008d50000005ee0249bd20040b0f2a10180d2e20080d2630080d2840180d2020000d4000028d5008008d5000c00b8608597d200c0b8f2410180d2e20180d2230080d2c40180d2020000d4006992d20000b0f2a10080d2620180d2230080d2440080d2020000d4"}}, @smc={0x1e, 0x40, {0x3000000, [0x1797, 0x2, 0x69a0, 0xfb4, 0x40]}}, @irq_setup={0x46, 0x18, {0x1, 0x359}}, @mrs={0xbe, 0x18, {0x603000000013dee7}}, @code={0xa, 0xb4, {"000028d5000008d5007098d20080b0f2c10180d2c20080d2c30080d2a40080d2020000d4603a84d200e0b8f2a10180d2220080d2c30180d2040080d2020000d4800886d20040b8f2410080d2c20080d2630080d2240080d2020000d4007008d5008008d5c0068bd20040b0f2c10080d2820080d2a30180d2440080d2020000d4007008d540359ad20040b8f2210180d2620080d2e30180d2e40080d2020000d4"}}, @hvc={0x32, 0x40, {0x4000, [0xa, 0x7, 0x5, 0x6, 0x8000]}}, @msr={0x14, 0x20, {0x603000000013e6d5, 0x101}}, @hvc={0x32, 0x40, {0x0, [0x1, 0x7, 0x6, 0x9, 0x2]}}, @irq_setup={0x46, 0x18, {0x3, 0x174}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0xc, 0x33, 0x0, 0x2}}, @hvc={0x32, 0x40, {0x4, [0x8, 0x4, 0x1, 0x1000, 0xbbb]}}], 0x5cc}, &(0x7f0000000640)=[@featur1={0x1, 0x5}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000006c0)=@other={0x1, &(0x7f0000000680)=0x7fffffff}) (async) ioctl$KVM_GET_REGS(r2, 0x8360ae81, &(0x7f0000000700)) munmap(&(0x7f0000fd5000/0x1000)=nil, 0x1000) (async) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f00000007c0)={0xeeef0000, 0x100000, 0x1}) (async) r3 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000d00)={0x0, &(0x7f0000000800)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x9, 0x5}}, @irq_setup={0x46, 0x18, {0x1, 0x204}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xf, 0xd1ec, 0xb, 0x3}}, @svc={0x122, 0x40, {0xc4000005, [0xa, 0x6, 0x9c4, 0x40, 0x7]}}, @hvc={0x32, 0x40, {0x4e12476ba6648453, [0x4, 0x7, 0x5c79, 0x1, 0x5]}}, @memwrite={0x6e, 0x30, @generic={0x10000, 0xd95, 0xe588, 0x7}}, @msr={0x14, 0x20, {0x603000000013801a, 0xfff}}, @code={0xa, 0x84, {"0000406c000008d5007008d5c0a584d200a0b8f2e10180d2a20180d2c30080d2040080d2020000d4402e88d200c0b8f2c10080d2220080d2830080d2240180d2020000d4000028d50004002f00779dd20060b8f2410180d2620180d2430180d2440080d2020000d4000000790000803d"}}, @svc={0x122, 0x40, {0xc4000053, [0x8cea, 0x8, 0x7, 0x6, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x3, 0xd, 0x4, 0x2, 0x4}}, @memwrite={0x6e, 0x30, @generic={0x80ad000, 0x4ff, 0x1ff, 0x2}}, @hvc={0x32, 0x40, {0x30000000, [0x8001, 0x7, 0x5, 0x10001, 0x8000]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x18, 0x9, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013e66a}}, @code={0xa, 0x6c, {"007008d5007008d50060200e00e0e00d00b0000f000000f9000028d5008008d5a03995d20080b0f2810080d2a20180d2030180d2640080d2020000d400f891d20040b0f2e10080d2020180d2c30080d2640080d2020000d4"}}, @hvc={0x32, 0x40, {0x84000000, [0x7, 0xd, 0xc, 0x1, 0x7]}}, @msr={0x14, 0x20, {0x603000000013c00a, 0x9}}, @mrs={0xbe, 0x18, {0x603000000013c684}}, @svc={0x122, 0x40, {0x2000, [0x3800000000000, 0x80000000000000, 0x2, 0x1, 0x2]}}, @uexit={0x0, 0x18, 0x4}, @svc={0x122, 0x40, {0xc5000020, [0x6, 0x8000000000000001, 0x2, 0x3, 0x2]}}, @irq_setup={0x46, 0x18, {0x4, 0x3d6}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x7, 0xf, 0x3, 0x3}}, @svc={0x122, 0x40, {0xc4000001, [0x7ff, 0xda, 0x0, 0x2, 0x8]}}], 0x4e0}, &(0x7f0000000d40)=[@featur1={0x1, 0x8}], 0x1) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r3, 0x4008ae73, &(0x7f0000000d80)={0x6, 0x7}) ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000e80)={0x0, &(0x7f0000000dc0)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0x94}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x10b}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3b3}}, @svc={0x122, 0x40, {0x0, [0x8, 0xfcf, 0x8, 0x3ad, 0x8001]}}], 0xb8}, &(0x7f0000000ec0)=[@featur2], 0x1) (async) r7 = syz_kvm_vgic_v3_setup(r0, 0x2, 0x240) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000f40)=@attr_arm64={0x0, 0x6, 0x0, &(0x7f0000000f00)=0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000f80)={0xdddd1000, 0x9000, 0x1}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r7, 0x4004aec2, &(0x7f0000000fc0)=0x2) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x33) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000001000)={0x3, 0x4, 0x0, 0x2000, &(0x7f0000dae000/0x2000)=nil}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000001080)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000001040)=0x4}) ioctl$KVM_ARM_PREFERRED_TARGET(r4, 0x8020aeaf, &(0x7f00000010c0)) (async) close(r2) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f0000001100)={{0xdddd0000, 0xffff1000, 0xa, 0xd, 0xc, 0x0, 0x13, 0xe, 0x5, 0xa, 0x2f, 0x5}, {0x10000, 0x8000000, 0x10, 0x2, 0xb2, 0x0, 0x4, 0x2, 0x6, 0x7, 0x5, 0x2}, {0xdddd1000, 0xf000, 0x3, 0x1, 0x1, 0x42, 0x8, 0x5a, 0x7f, 0x1, 0x10, 0x10}, {0x6000, 0x1000, 0x3, 0xf8, 0x4, 0x4, 0x1, 0x5, 0x4c, 0x8a, 0x3, 0x6}, {0x80a0000, 0x1, 0xf, 0x6c, 0x5, 0x50, 0xe, 0x8, 0x6, 0x4, 0x7, 0x4}, {0x1, 0xdddd0000, 0x9, 0x8, 0xf8, 0xcc, 0x2, 0x8, 0x0, 0x69, 0x8, 0xa}, {0x0, 0x6000, 0x4, 0x5, 0x87, 0xb, 0x8, 0xcc, 0x8, 0xb3, 0x81, 0x9}, {0x8080000, 0x2, 0x8, 0x7f, 0x7, 0x4, 0x8e, 0x1, 0x9, 0x70, 0x2e, 0x2}, {0xffff1000, 0x81}, {0x5000, 0x1000}, 0x10014, 0x0, 0xffff1000, 0x202, 0xa, 0x5800, 0x8080000, [0x30000, 0xc1, 0xfffffffffffffff8, 0x3]}) (async) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000001280)=@attr_other={0x0, 0xd0, 0x1, &(0x7f0000001240)=0x5}) (async) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f00000012c0)={0x1, 0x0, [{0x4, 0x4, 0x1, 0x0, @msi={0x2, 0xe, 0xffad, 0x81}}]}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000a58000/0x400000)=nil) (async) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000001300)) 37m3.554662196s ago: executing program 1 (id=90): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c01d}}, @smc={0x1e, 0x40, {0xc5000020, [0xffff, 0x3, 0x0, 0x5, 0x94]}}, @hvc={0x32, 0x40, {0xde97c115c1a358a5, [0x1, 0x3, 0x8, 0x7, 0x8]}}, @irq_setup={0x46, 0x18, {0x1, 0x4e}}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x16f2}}, @mrs={0xbe, 0x18, {0x6030000000138027}}, @uexit={0x0, 0x18, 0x10}, @msr={0x14, 0x20, {0x603000000013e099, 0x3}}, @hvc={0x32, 0x40, {0x80000000, [0x5, 0x9, 0x3, 0x7, 0xfff]}}, @hvc={0x32, 0x40, {0xc5000021, [0x8, 0x7, 0x3, 0x9, 0x180000000000000]}}, @smc={0x1e, 0x40, {0x6000000, [0x10001, 0x80000000, 0xa8b, 0x6d, 0x8]}}, @smc={0x1e, 0x40, {0x84000005, [0x9e, 0x1, 0x9, 0x8]}}, @smc={0x1e, 0x40, {0x40, [0x8, 0x5, 0x10001, 0x8, 0x100000]}}], 0x268}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013c01d}}, @smc={0x1e, 0x40, {0xc5000020, [0xffff, 0x3, 0x0, 0x5, 0x94]}}, @hvc={0x32, 0x40, {0xde97c115c1a358a5, [0x1, 0x3, 0x8, 0x7, 0x8]}}, @irq_setup={0x46, 0x18, {0x1, 0x4e}}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x16f2}}, @mrs={0xbe, 0x18, {0x6030000000138027}}, @uexit={0x0, 0x18, 0x10}, @msr={0x14, 0x20, {0x603000000013e099, 0x3}}, @hvc={0x32, 0x40, {0x80000000, [0x5, 0x9, 0x3, 0x7, 0xfff]}}, @hvc={0x32, 0x40, {0xc5000021, [0x8, 0x7, 0x3, 0x9, 0x180000000000000]}}, @smc={0x1e, 0x40, {0x6000000, [0x10001, 0x80000000, 0xa8b, 0x6d, 0x8]}}, @smc={0x1e, 0x40, {0x84000005, [0x9e, 0x1, 0x9, 0x8]}}, @smc={0x1e, 0x40, {0x40, [0x8, 0x5, 0x10001, 0x8, 0x100000]}}], 0x268}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) 36m59.848820944s ago: executing program 0 (id=91): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000080)=@arm64_extra={0x603000000013c103, &(0x7f0000000000)=0x2}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x22300, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f00004e3000/0x2000)=nil, 0x930, 0xa, 0x2013, r7, 0x40000) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r10, 0x4, 0x3a0) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x1, 0x1001, 0x2}}) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x9e, 0x7fffffff, 0x2}}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r15, 0x8040ae9f, 0xffffffffffffffff) syz_kvm_vgic_v3_setup(r6, 0x0, 0x220) r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x21) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r17, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x800}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000140)={0x10001, 0x4, 0x1, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) 36m54.479697735s ago: executing program 1 (id=92): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x8, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000d95000/0x4000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r8, 0x4068aea3, &(0x7f00000002c0)={0xe1, 0x0, 0x10000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x800000000108, &(0x7f0000000340)=0x2}) 36m43.002359738s ago: executing program 1 (id=93): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r1, 0x3, 0x11, r2, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000080)=0xa) 36m40.890118687s ago: executing program 0 (id=94): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xac) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x40000) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000080)=@arm64) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e65d, 0x8}}, @code={0xa, 0x9c, {"000028d5007008d5c0de91d20060b8f2c10180d2020180d2230180d2e40080d2020000d4405b9bd200a0b8f2410080d2620180d2c30080d2440180d2020000d4007008d500d8a00e007008d5a0a886d20080b8f2610180d2a20080d2e30180d2240080d2020000d480ad9ad200c0b0f2810180d2620180d2830080d2c40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x84000005, [0x3, 0x2, 0x0, 0x8000000000000000, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013deb5}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138054, 0x1}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x288}}, @irq_setup={0x46, 0x18, {0x0, 0x79}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x6c, {"0000402960b699d200e0b8f2610180d2620080d2030080d2440080d2020000d40004403c007008d5000028d50080206e000028d5e03a96d20060b0f2e10080d2620080d2a30080d2c40080d2020000d4007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x8f3f1136e5313371}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x6, 0x81, 0x2a, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x274}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0x866, 0x100000000, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x10, 0x7ff, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x9, 0x9, 0xf9, 0x4}}, @uexit={0x0, 0x18, 0xe75a}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2bd}}], 0x388}, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r8, 0x300000a, 0x16831, r3, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xac) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x40000) (async) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000080)=@arm64) (async) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e65d, 0x8}}, @code={0xa, 0x9c, {"000028d5007008d5c0de91d20060b8f2c10180d2020180d2230180d2e40080d2020000d4405b9bd200a0b8f2410080d2620180d2c30080d2440180d2020000d4007008d500d8a00e007008d5a0a886d20080b8f2610180d2a20080d2e30180d2240080d2020000d480ad9ad200c0b0f2810180d2620180d2830080d2c40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x84000005, [0x3, 0x2, 0x0, 0x8000000000000000, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013deb5}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138054, 0x1}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x288}}, @irq_setup={0x46, 0x18, {0x0, 0x79}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x6c, {"0000402960b699d200e0b8f2610180d2620080d2030080d2440080d2020000d40004403c007008d5000028d50080206e000028d5e03a96d20060b0f2e10080d2620080d2a30080d2c40080d2020000d4007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x8f3f1136e5313371}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x6, 0x81, 0x2a, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x274}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0x866, 0x100000000, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x10, 0x7ff, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x9, 0x9, 0xf9, 0x4}}, @uexit={0x0, 0x18, 0xe75a}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2bd}}], 0x388}, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1) (async) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r8, 0x300000a, 0x16831, r3, 0x0) (async) 36m36.076791389s ago: executing program 1 (id=95): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x8, 0x4, &(0x7f0000000240)=0x1}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 35m54.760359062s ago: executing program 32 (id=94): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xac) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x40000) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000080)=@arm64) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e65d, 0x8}}, @code={0xa, 0x9c, {"000028d5007008d5c0de91d20060b8f2c10180d2020180d2230180d2e40080d2020000d4405b9bd200a0b8f2410080d2620180d2c30080d2440180d2020000d4007008d500d8a00e007008d5a0a886d20080b8f2610180d2a20080d2e30180d2240080d2020000d480ad9ad200c0b0f2810180d2620180d2830080d2c40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x84000005, [0x3, 0x2, 0x0, 0x8000000000000000, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013deb5}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138054, 0x1}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x288}}, @irq_setup={0x46, 0x18, {0x0, 0x79}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x6c, {"0000402960b699d200e0b8f2610180d2620080d2030080d2440080d2020000d40004403c007008d5000028d50080206e000028d5e03a96d20060b0f2e10080d2620080d2a30080d2c40080d2020000d4007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x8f3f1136e5313371}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x6, 0x81, 0x2a, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x274}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0x866, 0x100000000, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x10, 0x7ff, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x9, 0x9, 0xf9, 0x4}}, @uexit={0x0, 0x18, 0xe75a}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2bd}}], 0x388}, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r8, 0x300000a, 0x16831, r3, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xac) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x40000) (async) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000080)=@arm64) (async) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) (async) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013e65d, 0x8}}, @code={0xa, 0x9c, {"000028d5007008d5c0de91d20060b8f2c10180d2020180d2230180d2e40080d2020000d4405b9bd200a0b8f2410080d2620180d2c30080d2440180d2020000d4007008d500d8a00e007008d5a0a886d20080b8f2610180d2a20080d2e30180d2240080d2020000d480ad9ad200c0b0f2810180d2620180d2830080d2c40180d2020000d4007008d5"}}, @hvc={0x32, 0x40, {0x84000005, [0x3, 0x2, 0x0, 0x8000000000000000, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013deb5}}, @uexit={0x0, 0x18, 0x7}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138054, 0x1}}, @uexit={0x0, 0x18, 0x5}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x288}}, @irq_setup={0x46, 0x18, {0x0, 0x79}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x6c, {"0000402960b699d200e0b8f2610180d2620080d2030080d2440080d2020000d40004403c007008d5000028d50080206e000028d5e03a96d20060b0f2e10080d2620080d2a30080d2c40080d2020000d4007008d5007008d5"}}, @mrs={0xbe, 0x18, {0x8f3f1136e5313371}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0x6, 0x81, 0x2a, 0x2}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x274}}, @memwrite={0x6e, 0x30, @generic={0x1000, 0x866, 0x100000000, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x10, 0x7ff, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x9, 0x9, 0xf9, 0x4}}, @uexit={0x0, 0x18, 0xe75a}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x2bd}}], 0x388}, &(0x7f0000000140)=[@featur2={0x1, 0x4}], 0x1) (async) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r8, 0x300000a, 0x16831, r3, 0x0) (async) 35m49.793511329s ago: executing program 33 (id=95): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x3a0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0x8, 0x4, &(0x7f0000000240)=0x1}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 31m36.710591197s ago: executing program 2 (id=96): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xb1) (async) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x1e) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x8000000, 0x9, 0x0, 0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async, rerun: 64) close(0x4) (rerun: 64) close(0x5) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f00000000c0)) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000080)={0x6, 0x933}) 31m25.749443277s ago: executing program 3 (id=97): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x80000001, [0x99a, 0x7, 0xaca, 0x7fffffff, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0xe}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000000)=0x5) 30m50.229699016s ago: executing program 34 (id=96): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xb1) (async) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x1e) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x43ff}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x8000000, 0x9, 0x0, 0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async, rerun: 64) close(0x4) (rerun: 64) close(0x5) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f00000000c0)) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000080)={0x6, 0x933}) 30m38.689440427s ago: executing program 35 (id=97): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x80000001, [0x99a, 0x7, 0xaca, 0x7fffffff, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0xe}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000000)=0x5) 23m32.941152491s ago: executing program 5 (id=99): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0xa) 23m27.909689266s ago: executing program 4 (id=100): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x2b4400, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f00000001c0)=@arm64_extra={0x603000000013c037, &(0x7f00000000c0)=0x5}) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000140)) 23m22.847478763s ago: executing program 5 (id=101): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x500f6a668f7ca91b, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f00002b5000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000040)={0x0, &(0x7f0000000340)=[@mrs={0xbe, 0x18, {0x603000000013c290}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x34e}}, @irq_setup={0x46, 0x18, {0x2, 0x351}}, @msr={0x14, 0x20, {0x780a, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0xdb0, 0xf3, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x400}}, @msr={0x14, 0x20, {0x603000000013e642, 0x8001}}, @eret={0xe6, 0x18, 0x581}, @irq_setup={0x46, 0x18, {0x1, 0x20c}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x3, 0xfff, 0x80000000, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0x81, 0xe}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x350}}, @irq_setup={0x46, 0x18, {0x4, 0x192}}, @svc={0x122, 0x40, {0x30000000, [0x2, 0x10, 0x0, 0x6, 0x6111fee5]}}], 0x1e8}, &(0x7f00000000c0)=[@featur1={0x1, 0x23}], 0x1) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000180)=[@uexit={0x0, 0x18, 0xb}, @code={0xa, 0x9c, {"205f93d20020b8f2e10180d2e20080d2e30080d2a40180d2020000d4007008d5007008d5007008d560b584d200a0b0f2410180d2a20180d2e30080d2640180d2020000d40050200e0004601e007008d580d58bd200a0b0f2a10180d2c20180d2230080d2a40180d2020000d4402689d200e0b8f2c10080d2a20080d2030180d2a40180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013c647, 0x10000}}, @eret={0xe6, 0x18, 0x81}, @irq_setup={0x46, 0x18, {0x0, 0x2ef}}, @smc={0x1e, 0x40, {0x0, [0x2, 0x8, 0x8000000000000000, 0x5, 0x80000001]}}, @hvc={0x32, 0x40, {0x3, [0x0, 0xc, 0x9, 0x1be4, 0x1]}}], 0x184}, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000001"]) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, r1, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 23m15.882082957s ago: executing program 4 (id=102): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0xd, 0x7, &(0x7f0000000140)=0x9}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000aea000/0x9000)=nil, 0x0, 0x1000005, 0x10, r12, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) 23m9.709258901s ago: executing program 5 (id=103): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8}) (async) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x80a0000, 0x0, 0x94, 0x1}) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) (async) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21) (async) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) syz_kvm_assert_reg(r6, 0x603000000013dce8, 0x8000) 23m0.103491113s ago: executing program 4 (id=104): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r0, 0x2000000, 0x41010, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000040)={0x4, 0xc0}) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1c5000, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={0xffffffffffffffff, 0x6, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x8, 0x0, &(0x7f0000000100)=0x2}) r5 = eventfd2(0x3ff, 0x80001) r6 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r5, 0x8, 0x2, r6}) mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x2000000, 0x10, r2, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x4, 0xff, &(0x7f00000001c0)=0x1}) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000240)={r6, 0x1000, 0x3, r5}) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f00000002c0)=@attr_other={0x0, 0x4, 0x14d, &(0x7f0000000280)=0x4}) munmap(&(0x7f0000ff8000/0x4000)=nil, 0x4000) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000300)={r5, 0x0, 0x0, r6}) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000340)={0x3, 0x56}) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x400) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000380)={0xc0, 0x0, 0x9000}) ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000400)={0x6c0, 0x2}) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000440)=[@code={0xa, 0x6c, {"0018000e0040e21ec04e8fd20060b0f2210080d2020080d2e30080d2640180d2020000d4007008d5000080da007008d5406486d200a0b8f2c10180d2c20180d2c30080d2c40080d2020000d4007008d5007008d50000df0c"}}, @irq_setup={0x46, 0x18, {0x4, 0xffffffff}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x13c}}, @smc={0x1e, 0x40, {0x80000000, [0x8, 0x1, 0x5, 0x8000000000000]}}, @hvc={0x32, 0x40, {0xc400000d, [0x9, 0x80, 0x6, 0x6, 0x9]}}, @svc={0x122, 0x40, {0xc4000005, [0x6, 0x5, 0x207f0613, 0xb333, 0x7]}}], 0x16c}, &(0x7f0000000600)=[@featur2], 0x1) r8 = ioctl$KVM_GET_STATS_FD_cpu(r7, 0xaece) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000680)=@attr_arm64={0x0, 0x4, 0x1, &(0x7f0000000640)=0x100}) 22m53.518932782s ago: executing program 5 (id=105): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0xa) 22m48.782972959s ago: executing program 4 (id=106): r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x8000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000300)=[@msr={0x14, 0x20, {0x6030000000138010, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138012, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138004, 0x8000}}, @msr={0x14, 0x20, {0x603000000013800c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138014, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801c, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138024, 0x8000}}, @msr={0x14, 0x20, {0x603000000013802c, 0x8000}}, @svc={0x122, 0x40, {0x84000010, [0x4ca1273f, 0x9, 0x9, 0x7c9d, 0x7f]}}, @msr={0x14, 0x20, {0x603000000013800d, 0x8000}}], 0x160}, 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x2, 0x100) r10 = eventfd2(0x10000, 0x0) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000000)={r10, 0x3}) ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f0000000100)={r10, 0xb16b, 0x2, r10}) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r11, 0x0) syz_kvm_assert_reg(r6, 0x6030000000138010, 0x8000) syz_kvm_assert_reg(r6, 0x6030000000138012, 0x8000) syz_kvm_assert_reg(r6, 0x6030000000138004, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013800c, 0x8000) syz_kvm_assert_reg(r6, 0x6030000000138016, 0x4) syz_kvm_assert_reg(r6, 0x603000000013801c, 0x8000) syz_kvm_assert_reg(r6, 0x6030000000138024, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013802c, 0x8000) syz_kvm_assert_reg(r6, 0x6030000000138005, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013800d, 0x8000) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000140)=[@featur2={0x1, 0x2c}], 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) 22m41.563742419s ago: executing program 5 (id=107): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x141002, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r3, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r5, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x52) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000080)={0x10004, 0x0, &(0x7f0000c82000/0x4000)=nil}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000180)=@arm64_sve={0x608000000015036d, &(0x7f0000000200)=0xfffffffffffffffc}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x4d) r11 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000040)=@arm64_sve={0xfffffffffffff5dc, &(0x7f0000000240)}) r14 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r15, 0xae03, 0x46) ioctl$KVM_CAP_DIRTY_LOG_RING(r14, 0x4068aea3, &(0x7f00000002c0)={0xe1, 0x0, 0x10000}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r14, 0x4068aea3, &(0x7f00000000c0)={0xe4, 0x0, 0xe}) 22m32.672823226s ago: executing program 4 (id=108): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x30, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) 22m24.212209384s ago: executing program 5 (id=109): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000be6000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x4, 0x80801) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x5}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, r10, 0x3}) munmap(&(0x7f0000ccd000/0x3000)=nil, 0x3000) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000be6000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) (async) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) eventfd2(0x4, 0x80801) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x5}) (async) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, r10, 0x3}) (async) munmap(&(0x7f0000ccd000/0x3000)=nil, 0x3000) (async) 22m21.163139569s ago: executing program 4 (id=110): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) close(r6) close(0x3) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xab) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2c) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000340)=ANY=[@ANYBLOB="1d00000097c4545f286a9be6d4c55e7b98c727bb16ff0bac079f0f1694d89347aa073422985ae7d78e099c97628423fd8df7cac5334115ac01da18caca93ddaeef12e4546bb5147a7333ea28a51ad17629f32e43457223fc1d9177d643b980e3065fa2ca9b608ca03cc8ed8713720771b83047"]) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x10) r12 = eventfd2(0x1, 0x80001) write$eventfd(r12, &(0x7f0000000100)=0x8, 0x8) r13 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_REGS(r13, 0x4360ae82, &(0x7f0000000280)={[0x8, 0x3, 0x5, 0x2, 0x2, 0xffffffffffffffff, 0x76, 0x6, 0x9, 0xfffffffffffffff8, 0x400, 0x6, 0x8, 0xaae, 0x5, 0x400], 0x100000, 0x110400}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0xab, 0x7f, &(0x7f0000000240)=0x5}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="04198bd844c9e8a7b82d748f0f0244293d28bd9440bfc2ed44db9969759357abab8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b2e5c3ad3c9952305abf0", 0x0, 0x48) 21m37.52724945s ago: executing program 36 (id=109): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000be6000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x4, 0x80801) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x5}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, r10, 0x3}) munmap(&(0x7f0000ccd000/0x3000)=nil, 0x3000) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000be6000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) (async) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) eventfd2(0x4, 0x80801) (async) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x5}) (async) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, r10, 0x3}) (async) munmap(&(0x7f0000ccd000/0x3000)=nil, 0x3000) (async) 21m30.402985491s ago: executing program 37 (id=110): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x0) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f00000001c0), 0x100, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) close(r6) close(0x3) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xab) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2c) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000340)=ANY=[@ANYBLOB="1d00000097c4545f286a9be6d4c55e7b98c727bb16ff0bac079f0f1694d89347aa073422985ae7d78e099c97628423fd8df7cac5334115ac01da18caca93ddaeef12e4546bb5147a7333ea28a51ad17629f32e43457223fc1d9177d643b980e3065fa2ca9b608ca03cc8ed8713720771b83047"]) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x10) r12 = eventfd2(0x1, 0x80001) write$eventfd(r12, &(0x7f0000000100)=0x8, 0x8) r13 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_REGS(r13, 0x4360ae82, &(0x7f0000000280)={[0x8, 0x3, 0x5, 0x2, 0x2, 0xffffffffffffffff, 0x76, 0x6, 0x9, 0xfffffffffffffff8, 0x400, 0x6, 0x8, 0xaae, 0x5, 0x400], 0x100000, 0x110400}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0xab, 0x7f, &(0x7f0000000240)=0x5}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="04198bd844c9e8a7b82d748f0f0244293d28bd9440bfc2ed44db9969759357abab8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b2e5c3ad3c9952305abf0", 0x0, 0x48) 14m17.042395792s ago: executing program 7 (id=112): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0xd000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x7c) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 14m11.25087146s ago: executing program 6 (id=111): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0xa) 13m58.151257s ago: executing program 7 (id=113): mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000000)=[@msr={0x14, 0x20, {0x603000000013e6c1, 0x20000000000}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x1a}}, @msr={0x14, 0x20, {0x603000000013e219, 0x8000}}, @hvc={0x32, 0x40, {0x10, [0xe, 0x7, 0x67, 0x8, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013c000}}, @hvc={0x32, 0x40, {0x80000000, [0x1000, 0x0, 0x400, 0x80000000, 0x8dc5]}}, @hvc={0x32, 0x40, {0x40000000, [0xaa95, 0x8, 0x400, 0xfffffffffffffffc, 0xffffffffffffffff]}}, @eret={0xe6, 0x18, 0x401}, @hvc={0x32, 0x40, {0xc4000011, [0x10000, 0x7f, 0x8, 0x7, 0x8001]}}, @code={0xa, 0xcc, {"008008d50000319e60f18ed200c0b8f2410080d2a20080d2230180d2a40080d2020000d4008008d5806a89d20000b0f2a10180d2220180d2430180d2040180d2020000d4a0c082d200c0b8f2410080d2420080d2630080d2840180d2020000d480dc97d20040b8f2810180d2e20180d2e30080d2840080d2020000d4409886d20060b8f2a10180d2020180d2a30180d2c40180d2020000d40090205e20c390d20080b0f2e10080d2220080d2430080d2c40180d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013c659, 0x6}}], 0x284}, &(0x7f0000000300)=[@featur1={0x1, 0x25}], 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x400000, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000340)=@x86={0x3, 0x1, 0x3, 0x0, 0x1, 0x5, 0x2, 0x8, 0x3d, 0x80, 0x9, 0x71, 0x0, 0x6, 0x5, 0x6, 0x9, 0x9, 0x9, '\x00', 0xf7, 0x3}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 13m55.453689653s ago: executing program 6 (id=114): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000100)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f00000000c0)=0x11}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x400454c8, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0xff, 0x0, &(0x7f0000000080)=0x1}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 13m42.419553665s ago: executing program 7 (id=115): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x6030000000100048, &(0x7f0000000000)=0x3}) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x4}) 13m36.729487361s ago: executing program 6 (id=116): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 32) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async, rerun: 32) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r7, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r7, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (rerun: 64) 13m12.298953604s ago: executing program 6 (id=117): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@x86={0x0, 0x3, 0xb, 0x0, 0xe09, 0x6, 0x0, 0x3, 0x9, 0x2, 0xd5, 0x8, 0x0, 0x0, 0x6, 0x2, 0x4, 0xd0, 0xf8, '\x00', 0x51, 0xfffffffffffffffc}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000240)=0x8000000000000000}) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f00007e1000/0x4000)=nil, 0x4000) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f0000000000)=0x4) 13m9.867439347s ago: executing program 7 (id=118): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r1, 0x3, 0x11, r2, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000080)=0xa) 12m54.227185398s ago: executing program 7 (id=119): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013e641, 0x0}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 12m50.525240358s ago: executing program 6 (id=120): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) (async) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_GET_ONE_REG(r0, 0x4010aeab, &(0x7f0000000040)=@arm64_bitmap={0x6030000000160000, &(0x7f0000000000)=0x4a343589}) r1 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x3000000, 0x80010, r0, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000080)="6fe8f80a4577adeb868cbfa5c10b490faf400e090bef6d88387394c4ce3eb78e53958c272416611f363a0f4bda3d2e1a5cb0f5e8eba3a5f1ed77780e7a81750f14d00eabfa653540", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000100)="6aebb4481007a4c60f2e45e44d5738defe4473550a037bb2", 0x0, 0x18) (async) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000100)="6aebb4481007a4c60f2e45e44d5738defe4473550a037bb2", 0x0, 0x18) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000140)=0x1) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000180)="d7a165d9845eb649315c71cbf8fe82d4bc97ddee496edf0b", 0x0, 0x18) (async) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000180)="d7a165d9845eb649315c71cbf8fe82d4bc97ddee496edf0b", 0x0, 0x18) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r2, 0x1, 0x10010, r0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c) (async) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f00000001c0)={0x1, 0x4}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r2, 0x2000000, 0xa4010, r0, 0x0) r4 = eventfd2(0x6, 0x800) close(r4) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000200)={0x88a, 0xdddd0000, 0x0, r4, 0x3}) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r5 = ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000240)={0x12c5234f, 0x100000000}) ioctl$KVM_HAS_DEVICE_ATTR_vm(r3, 0x4018aee3, &(0x7f00000002c0)=@attr_other={0x0, 0xdf2, 0x100000001, &(0x7f0000000280)=0x10000}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000340)=@arm64_ccsidr={0x602000000011000c, &(0x7f0000000300)=0x461d8ad0}) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x21) ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, &(0x7f0000000780)={0x10201, 0x140, 0x40, &(0x7f0000000380)=[0xab1, 0x1, 0x5, 0x1, 0x8, 0xf4, 0x502b, 0x3, 0x3, 0x8000000000000001, 0x0, 0x6, 0x4e7, 0x3, 0x1ff, 0xffffffffffffffff, 0x4, 0xe5, 0x813, 0x1, 0xd7, 0x4, 0x9, 0x917, 0x8000000000000000, 0x2, 0x6, 0x4, 0xff, 0x5, 0x13, 0x9, 0x1000, 0x7, 0x9, 0x6, 0xaf, 0x7, 0x5, 0x1000, 0x1, 0xffffffffffffffff, 0xfffffffffffffffb, 0xd, 0x1, 0x80000001, 0x21, 0x6, 0xc8be, 0x3, 0x2, 0x81, 0x8, 0x3, 0xffff, 0x8, 0x47a7, 0x7fff, 0x6, 0xffff, 0x9, 0x10001, 0x4, 0x2, 0x4, 0x2, 0x4, 0x8001, 0x1, 0x7, 0x6, 0x40, 0x5, 0x3ff, 0xff, 0xffffffffffffffc0, 0x7, 0x1, 0x8, 0x32c0, 0x1, 0x4, 0x8000000000000001, 0x8, 0xdc0, 0x1, 0x8, 0x1028d193, 0x3, 0x1000, 0x80000000, 0xfae, 0x1, 0xa1, 0x4, 0x0, 0x4, 0x2, 0x3, 0x95a, 0x32, 0xfff, 0x2, 0xec, 0x7fff, 0x8, 0x7, 0xb0, 0x58d, 0x4, 0x400000000000, 0xffffffffffff8001, 0x40, 0x6, 0x5, 0x1, 0x200000000000000, 0x10, 0xf, 0xead3, 0x9, 0x1, 0x8, 0x1000, 0x7, 0x9, 0x7ff, 0x2]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000007c0)={0x2710, 0x5, 0xeeee8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000007c0)={0x2710, 0x5, 0xeeee8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) r8 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r2, 0x1000000, 0x100010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r8, 0x20, &(0x7f0000000800)="409dc86be36908e5bf4977a5c12bce1d536f9923c66fa817", 0x0, 0x18) (async) syz_memcpy_off$KVM_EXIT_MMIO(r8, 0x20, &(0x7f0000000800)="409dc86be36908e5bf4977a5c12bce1d536f9923c66fa817", 0x0, 0x18) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r9, 0x0, 0x2010, r0, 0x0) 12m36.701871891s ago: executing program 6 (id=121): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f00000002c0)={0x200}) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c640}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 12m6.380128402s ago: executing program 38 (id=119): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013e641, 0x0}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 11m46.229651014s ago: executing program 39 (id=121): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f00000002c0)={0x200}) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c640}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2m52.787740242s ago: executing program 8 (id=124): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x5, 0xfffffffffffffff7, 0x0}) 2m37.961511681s ago: executing program 9 (id=125): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3b) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0}) 2m33.15745037s ago: executing program 8 (id=126): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r5, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x7fffffff}) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r7 = eventfd2(0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000000)={0xa, 0x4}}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r11, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_init) ioctl$KVM_RUN(r11, 0xae80, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000040)=@arm64_fw={0x6030000000140000, &(0x7f0000000000)=0x8}) close(r7) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r7, &(0x7f0000000180)=0x5, 0xfffffde3) 2m22.379025284s ago: executing program 9 (id=127): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x200000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f00008cd000/0x400000)=nil) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x10) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000040)={0x0, &(0x7f00000007c0)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0x4, 0x7, 0x5}}, @mrs={0xbe, 0x18, {0x6030000000138066}}, @smc={0x1e, 0x40, {0x84000005, [0x2, 0x10, 0x2, 0xffffffff, 0x37c]}}, @smc={0x1e, 0x40, {0x80000000, [0x6, 0xffffffff, 0x1000, 0xff, 0x2]}}, @code={0xa, 0x9c, {"00d280d200e0b0f2e10180d2620180d2030080d2c40080d2020000d4409a80d20000b0f2210180d2a20080d2030080d2c40080d2020000d4008008d50004000e60678ed20020b8f2810080d2e20080d2230080d2840080d2020000d4001ca00e0000009a00e4a02ee09485d20020b8f2e10080d2c20080d2630080d2040080d2020000d40084002f"}}, @code={0xa, 0x9c, {"000008d5a0359ad20000b0f2c10080d2820180d2c30180d2e40080d2020000d4c0158dd20040b8f2010180d2020180d2030080d2040180d2020000d4008008d5007008d580e683d20040b8f2010180d2020080d2430180d2a40080d2020000d4007008d580ca95d200e0b8f2a10080d2820180d2830080d2840180d2020000d40030005e0000ff0d"}}, @code={0xa, 0x9c, {"20998dd200c0b8f2410080d2c20180d2a30080d2240080d2020000d40100a0d440e59fd20060b8f2010080d2a20180d2c30180d2c40080d2020000d4000c200e0000c06c402f9fd20060b8f2210180d2c20080d2c30080d2840080d2020000d40068000e0040400cc0a38dd20000b8f2a10180d2e20180d2830080d2640080d2020000d4000028d5"}}, @svc={0x122, 0x40, {0xc4000007, [0xfff, 0x10001, 0x7, 0xcc4, 0x1]}}, @msr={0x14, 0x20, {0x603000000013dce8, 0xfffffffffffff000}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x0, 0xc, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x70, 0x8, 0x1}}, @svc={0x122, 0x40, {0x3f000000, [0x100, 0xed, 0x8, 0x1200000000, 0xffffffffffffffff]}}, @uexit={0x0, 0x18, 0x101}, @irq_setup={0x46, 0x18, {0x3, 0x288}}], 0x3bc}, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000003, [0x664b7dee, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) mmap$KVM_VCPU(&(0x7f0000f72000/0x1000)=nil, 0x930, 0x0, 0xe832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2m5.747595327s ago: executing program 9 (id=128): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x20) (async) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000000200)={0xee, "2778905b1f9be4617a81956252d54493a6d9c38a6bcff22b88110b878e226453bf582dd313aaf700b189337e516585d849b5b69b1931c402327aba16ebdba26477c5bc539da3441f7fc63663450c73473c54aea6ccbe05a2696fa85666329fba0b4a0ce36779c61f6bc6fc76231541c8df542a71e660ccc0700cbe35d87f1550ff5e336ac102a2dd7a1b3965bd224666651769231bf9984f417134c9282161a750c4358130214de6e75761c6b972ba1980e68ba3021cb9a8c06fa0a264563d213466656685afb634513219933ec0391b04a14eb4cf3f34579489fde3d571de3231e053689d7029dda552af5aeca0"}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001c, &(0x7f00000000c0)=0x8}) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0189436, 0x20004000) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x502, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r7, &(0x7f00000001c0)=0x7ffffff, 0x648) (async) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f0000000000)=0x1) 2m4.672379894s ago: executing program 8 (id=129): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x46) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r3, 0xc018aec0, &(0x7f00000000c0)={0x1}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1m44.181546823s ago: executing program 9 (id=130): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6af8031d1dfd900080001000000315f9731c10d097fd66f8f1f44f9ffffffffffffffebb207000000000000000000002a2900", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000}) (async) munmap(&(0x7f000049b000/0x400000)=nil, 0x400000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) (async) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000005c0)={0x0, &(0x7f0000000bc0)=[@svc={0x122, 0x40, {0x84000000, [0xc00, 0x6, 0x0, 0x6, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0x3, 0x6, 0xfffffff7}}, @mrs={0xbe, 0x18, {0x603000000013f602}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x2cc}}, @uexit={0x0, 0x18, 0x100000000}, @mrs={0xbe, 0x18, {0x603000000013dce2}}, @eret={0xe6, 0x18, 0x9}, @uexit={0x0, 0x18, 0x3}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x320}}, @eret={0xe6, 0x18, 0x8}, @irq_setup={0x46, 0x18, {0x2, 0x66}}, @eret={0xe6, 0x18, 0x1d}, @eret={0xe6, 0x18, 0x7fff}, @svc={0x122, 0x40, {0xc4000001, [0x8, 0x68, 0xf, 0x4, 0x3]}}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x6}, @mrs={0xbe, 0x18, {0xa050000000344f68}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x358}}, @smc={0x1e, 0x40, {0xffff, [0x6, 0x9, 0x9, 0xda, 0xfffffffffffffffc]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffe8, 0x2800, 0x7}}, @eret={0xe6, 0x18, 0x9}, @code={0xa, 0x6d, {"000020eb007008d5007008d5cbcb3092d200e0b8f2a10080d2420080d2c30180d2a40180d2020000d4007008d5007008d5007008d50060400c008008d5a03e84d200e0b0f2a10180d2a20180d2030180d2040080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x3, 0xb, 0x2, 0x6, 0x1}}, @svc={0x122, 0x40, {0x80008000, [0x4, 0x3, 0x81, 0x0, 0x8000000000000001]}}, @eret={0xe6, 0x18, 0x1fffffffffffe}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8}}, @code={0xa, 0xe4, {"20499dd20060b0f2a10180d2220080d2630180d2640180d2020000d4c0ab8cd20060b0f2c10080d2c20180d2430080d2a40080d2020000d4807381d20060b0f2a10180d2a20080d2a30080d2040080d2020000d400a4002f0080600d40e182d200e0b8f2010180d2620180d2c30080d2040180d2020000d4607b92d200e0b8f2010080d2e20180d2a30080d2c40080d2020000d4c09b84d20000b0f2610080d2420080d2630180d2440080d2020000d40040206e20cb92d20040b0f2010080d2420080d2630180d2240080d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0xd1}}, @code={0xa, 0x54, {"000008d5002c202e00ec207e000080a900a4004f007008d5607d99d20060b8f2e10180d2e20080d2430180d2440180d2020000d40020006f007008d5000008d5"}}], 0x535}, &(0x7f0000000600)=[@featur2={0x1, 0x1}], 0x1) 1m37.919578438s ago: executing program 8 (id=131): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 1m22.761496334s ago: executing program 8 (id=132): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000200)=0x8000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000000)=0x400000080a0000}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r3 = mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000000)="fb0a790fc666429c2f684d7557658d42c61ca9f761375e40", 0x0, 0x18) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x800454e1, 0x110c230008) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x20) 1m20.971147944s ago: executing program 9 (id=133): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x37) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x400001a) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r6 = syz_kvm_vgic_v3_setup(r3, 0x4, 0x220) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r9, 0x400454d0, 0x2d) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r10, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) 55.991237501s ago: executing program 9 (id=134): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x13) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0x4}) (async) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000000)={0x383d, 0x1}) write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x25) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async, rerun: 64) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, r3, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000da8000/0x2000)=nil, 0x2000) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000a, 0x53033, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, 0x0}) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f00000000c0)=@arm64_sys={0x603000000013c102, &(0x7f00000001c0)=0x200000000006}) (async) r14 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) 54.399413806s ago: executing program 8 (id=135): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) 7.77976178s ago: executing program 40 (id=134): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x13) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0x4}) (async) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000000)={0x383d, 0x1}) write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x25) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) (async, rerun: 64) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, r3, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) (async, rerun: 32) munmap(&(0x7f0000da8000/0x2000)=nil, 0x2000) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000a, 0x53033, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, 0x0}) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f00000000c0)=@arm64_sys={0x603000000013c102, &(0x7f00000001c0)=0x200000000006}) (async) r14 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) 0s ago: executing program 41 (id=135): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_GET_REG_LIST(r4, 0xc008aeb0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) kernel console output (not intermixed with test programs): [ 387.462886][ T3157] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.536756][ T3157] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:29360' (ED25519) to the list of known hosts. [ 608.818736][ T25] audit: type=1400 audit(608.030:60): avc: denied { name_bind } for pid=3311 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 609.765485][ T25] audit: type=1400 audit(608.970:61): avc: denied { execute } for pid=3312 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 609.791777][ T25] audit: type=1400 audit(609.000:62): avc: denied { execute_no_trans } for pid=3312 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 630.396800][ T25] audit: type=1400 audit(629.610:63): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 630.434365][ T25] audit: type=1400 audit(629.640:64): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.517403][ T3312] cgroup: Unknown subsys name 'net' [ 630.568201][ T25] audit: type=1400 audit(629.780:65): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 630.968412][ T3312] cgroup: Unknown subsys name 'cpuset' [ 631.068845][ T3312] cgroup: Unknown subsys name 'rlimit' [ 631.988990][ T25] audit: type=1400 audit(631.200:66): avc: denied { setattr } for pid=3312 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 632.014724][ T25] audit: type=1400 audit(631.230:67): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 632.032859][ T25] audit: type=1400 audit(631.240:68): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 633.218450][ T3315] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 633.240725][ T25] audit: type=1400 audit(632.450:69): avc: denied { relabelto } for pid=3315 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.266307][ T25] audit: type=1400 audit(632.480:70): avc: denied { write } for pid=3315 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 633.452608][ T25] audit: type=1400 audit(632.660:71): avc: denied { read } for pid=3312 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.468616][ T25] audit: type=1400 audit(632.680:72): avc: denied { open } for pid=3312 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 633.517211][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 685.685621][ T25] audit: type=1400 audit(684.900:73): avc: denied { execmem } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 690.493937][ T25] audit: type=1400 audit(689.690:74): avc: denied { read } for pid=3318 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 690.535020][ T25] audit: type=1400 audit(689.750:75): avc: denied { open } for pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 690.590712][ T25] audit: type=1400 audit(689.790:76): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 690.838640][ T25] audit: type=1400 audit(690.050:77): avc: denied { module_request } for pid=3318 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 691.954193][ T25] audit: type=1400 audit(691.150:78): avc: denied { sys_module } for pid=3319 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 720.447988][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.654936][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.342081][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.497664][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 733.631684][ T3319] hsr_slave_0: entered promiscuous mode [ 733.692216][ T3319] hsr_slave_1: entered promiscuous mode [ 735.362196][ T3318] hsr_slave_0: entered promiscuous mode [ 735.385974][ T3318] hsr_slave_1: entered promiscuous mode [ 735.406607][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 735.411410][ T3318] Cannot create hsr debugfs directory [ 740.460808][ T25] audit: type=1400 audit(739.660:79): avc: denied { create } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 740.515060][ T25] audit: type=1400 audit(739.720:80): avc: denied { write } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 740.581420][ T25] audit: type=1400 audit(739.790:81): avc: denied { read } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 740.757483][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 741.144718][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 741.383187][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 741.738445][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 743.257212][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 743.455793][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 743.681615][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 743.849051][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 756.658182][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 759.958697][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 815.414169][ T3319] veth0_vlan: entered promiscuous mode [ 815.893274][ T3319] veth1_vlan: entered promiscuous mode [ 818.477699][ T3319] veth0_macvtap: entered promiscuous mode [ 819.005101][ T3318] veth0_vlan: entered promiscuous mode [ 819.323088][ T3319] veth1_macvtap: entered promiscuous mode [ 820.090754][ T3318] veth1_vlan: entered promiscuous mode [ 822.444418][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.467694][ T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.632203][ T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 822.637071][ T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.841811][ T3318] veth0_macvtap: entered promiscuous mode [ 824.587965][ T3318] veth1_macvtap: entered promiscuous mode [ 825.821100][ T25] audit: type=1400 audit(825.030:82): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 826.112182][ T25] audit: type=1400 audit(825.240:83): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/syzkaller.vajd00/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 826.361317][ T25] audit: type=1400 audit(825.570:84): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 826.994803][ T25] audit: type=1400 audit(826.210:85): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/syzkaller.vajd00/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 827.125619][ T25] audit: type=1400 audit(826.330:86): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/syzkaller.vajd00/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3774 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 827.888206][ T3423] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.898635][ T3423] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.973320][ T3423] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.977439][ T3423] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.174539][ T25] audit: type=1400 audit(827.390:87): avc: denied { unmount } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 828.538262][ T25] audit: type=1400 audit(827.750:88): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 828.771006][ T25] audit: type=1400 audit(827.900:89): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="gadgetfs" ino=3783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 829.192448][ T25] audit: type=1400 audit(828.390:90): avc: denied { mount } for pid=3319 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 829.364302][ T25] audit: type=1400 audit(828.580:91): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 831.293797][ T3319] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 832.724546][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 832.733812][ T25] audit: type=1400 audit(831.920:93): avc: denied { read write } for pid=3319 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 832.773705][ T25] audit: type=1400 audit(831.980:94): avc: denied { open } for pid=3319 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 832.844980][ T25] audit: type=1400 audit(832.050:95): avc: denied { ioctl } for pid=3319 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 845.410574][ T25] audit: type=1400 audit(844.620:96): avc: denied { read } for pid=3472 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.507272][ T25] audit: type=1400 audit(844.700:97): avc: denied { open } for pid=3472 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.651164][ T25] audit: type=1400 audit(844.860:98): avc: denied { ioctl } for pid=3472 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 861.982260][ T25] audit: type=1400 audit(861.160:99): avc: denied { append } for pid=3486 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 862.620585][ T25] audit: type=1400 audit(861.820:100): avc: denied { write } for pid=3486 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 874.197182][ T25] audit: type=1400 audit(873.340:101): avc: denied { execute } for pid=3501 comm="syz.1.7" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 907.594521][ T25] audit: type=1400 audit(906.790:102): avc: denied { setattr } for pid=3523 comm="syz.0.13" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 993.303934][ T25] audit: type=1400 audit(992.510:103): avc: denied { ioctl } for pid=3582 comm="syz.1.31" path="net:[4026532643]" dev="nsfs" ino=4026532643 ioctlcmd=0x582a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 998.017249][ T3583] kvm [3583]: Failed to find VMA for hva 0x20c01000 [ 1265.318846][ T3767] kvm [3767]: Failed to find VMA for hva 0x21016000 [ 1284.007839][ T25] audit: type=1400 audit(1283.220:104): avc: denied { map } for pid=3778 comm="syz.1.93" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1395.075018][ T3794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1395.276849][ T3794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1402.245914][ T3798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1402.466255][ T3798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1418.807966][ T3794] hsr_slave_0: entered promiscuous mode [ 1418.846818][ T3794] hsr_slave_1: entered promiscuous mode [ 1418.905288][ T3794] debugfs: 'hsr0' already exists in 'hsr' [ 1418.910220][ T3794] Cannot create hsr debugfs directory [ 1428.771660][ T3798] hsr_slave_0: entered promiscuous mode [ 1428.848583][ T3798] hsr_slave_1: entered promiscuous mode [ 1428.883761][ T3798] debugfs: 'hsr0' already exists in 'hsr' [ 1428.900546][ T3798] Cannot create hsr debugfs directory [ 1437.933405][ T3794] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1438.345351][ T3794] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1439.195049][ T3794] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1439.858239][ T3794] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1449.138108][ T3798] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1449.548726][ T3798] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1449.845002][ T3798] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1450.114467][ T3798] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1466.948744][ T3794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1474.881797][ T3798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1570.414484][ T3794] veth0_vlan: entered promiscuous mode [ 1571.264119][ T3794] veth1_vlan: entered promiscuous mode [ 1574.407099][ T3794] veth0_macvtap: entered promiscuous mode [ 1574.823213][ T3794] veth1_macvtap: entered promiscuous mode [ 1577.807237][ T3412] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1577.813605][ T3412] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1577.828046][ T3412] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1577.871168][ T3412] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1581.211943][ T3798] veth0_vlan: entered promiscuous mode [ 1582.372246][ T3798] veth1_vlan: entered promiscuous mode [ 1585.555556][ T3798] veth0_macvtap: entered promiscuous mode [ 1586.043384][ T3798] veth1_macvtap: entered promiscuous mode [ 1589.731557][ T3930] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1589.771424][ T3813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1589.773324][ T3813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1589.814090][ T3813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1735.061926][ T3930] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1737.132641][ T3930] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1737.858608][ T3957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1738.832867][ T3930] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.373856][ T3957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1740.142169][ T3930] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1760.438793][ T3930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1760.557647][ T3930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1760.672306][ T3930] bond0 (unregistering): Released all slaves [ 1764.055630][ T3930] hsr_slave_0: left promiscuous mode [ 1764.361264][ T3930] hsr_slave_1: left promiscuous mode [ 1765.234021][ T3930] veth1_macvtap: left promiscuous mode [ 1765.255955][ T3930] veth0_macvtap: left promiscuous mode [ 1765.276961][ T3930] veth1_vlan: left promiscuous mode [ 1765.334357][ T3930] veth0_vlan: left promiscuous mode [ 1783.607954][ T3965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1784.158339][ T3965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1791.154545][ T3930] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1793.256539][ T3930] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1795.346738][ T3930] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1796.492937][ T3957] hsr_slave_0: entered promiscuous mode [ 1796.576573][ T3957] hsr_slave_1: entered promiscuous mode [ 1796.703558][ T3957] debugfs: 'hsr0' already exists in 'hsr' [ 1796.706931][ T3957] Cannot create hsr debugfs directory [ 1797.305647][ T3930] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1808.875104][ T3930] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1811.165401][ T3930] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1813.418136][ T3930] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1814.838302][ T3930] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1824.103109][ T3965] hsr_slave_0: entered promiscuous mode [ 1824.146279][ T3965] hsr_slave_1: entered promiscuous mode [ 1824.183904][ T3965] debugfs: 'hsr0' already exists in 'hsr' [ 1824.186986][ T3965] Cannot create hsr debugfs directory [ 1824.566926][ T3930] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1825.688128][ T3930] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1827.282960][ T3930] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1829.886699][ T3930] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1830.218957][ T3957] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1831.477227][ T3957] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1832.131752][ T3957] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1833.026253][ T3957] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1852.725513][ T3930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1852.922113][ T3930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1853.073061][ T3930] bond0 (unregistering): Released all slaves [ 1858.772751][ T3930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1858.874926][ T3930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1858.946900][ T3930] bond0 (unregistering): Released all slaves [ 1862.278193][ T3930] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1862.377071][ T3930] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1862.458906][ T3930] bond0 (unregistering): Released all slaves [ 1865.412559][ T3930] hsr_slave_0: left promiscuous mode [ 1865.462337][ T3930] hsr_slave_1: left promiscuous mode [ 1865.722067][ T3930] hsr_slave_0: left promiscuous mode [ 1865.770973][ T3930] hsr_slave_1: left promiscuous mode [ 1866.022495][ T3930] hsr_slave_0: left promiscuous mode [ 1866.081473][ T3930] hsr_slave_1: left promiscuous mode [ 1867.043798][ T3930] veth1_macvtap: left promiscuous mode [ 1867.047115][ T3930] veth0_macvtap: left promiscuous mode [ 1867.071916][ T3930] veth1_vlan: left promiscuous mode [ 1867.081901][ T3930] veth0_vlan: left promiscuous mode [ 1867.165399][ T3930] veth1_macvtap: left promiscuous mode [ 1867.175919][ T3930] veth0_macvtap: left promiscuous mode [ 1867.183320][ T3930] veth1_vlan: left promiscuous mode [ 1867.203481][ T3930] veth0_vlan: left promiscuous mode [ 1867.296881][ T3930] veth1_macvtap: left promiscuous mode [ 1867.308976][ T3930] veth0_macvtap: left promiscuous mode [ 1867.315130][ T3930] veth1_vlan: left promiscuous mode [ 1867.345224][ T3930] veth0_vlan: left promiscuous mode [ 1906.002549][ T3965] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1906.677673][ T3965] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1907.154836][ T3965] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1907.782498][ T3965] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1923.905286][ T3957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1937.631461][ T3965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2036.812587][ T3957] veth0_vlan: entered promiscuous mode [ 2037.724297][ T3957] veth1_vlan: entered promiscuous mode [ 2040.873389][ T3957] veth0_macvtap: entered promiscuous mode [ 2041.315615][ T3957] veth1_macvtap: entered promiscuous mode [ 2044.734001][ T3308] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2044.756961][ T3423] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2044.816887][ T3930] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2044.935755][ T3930] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2053.545630][ T3965] veth0_vlan: entered promiscuous mode [ 2054.717509][ T3965] veth1_vlan: entered promiscuous mode [ 2058.674872][ T3965] veth0_macvtap: entered promiscuous mode [ 2059.498259][ T3965] veth1_macvtap: entered promiscuous mode [ 2063.418016][ T3412] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2063.424334][ T3412] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2063.436635][ T3412] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2063.461758][ T3412] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2248.416019][ T3423] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2251.834206][ T3423] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2253.558964][ T3423] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2255.038619][ T3423] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2273.925908][ T3423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2274.127288][ T3423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2274.308757][ T3423] bond0 (unregistering): Released all slaves [ 2276.385095][ T3423] hsr_slave_0: left promiscuous mode [ 2276.491335][ T3423] hsr_slave_1: left promiscuous mode [ 2276.883648][ T3423] veth1_macvtap: left promiscuous mode [ 2276.886997][ T3423] veth0_macvtap: left promiscuous mode [ 2276.904842][ T3423] veth1_vlan: left promiscuous mode [ 2276.942812][ T3423] veth0_vlan: left promiscuous mode [ 2299.847837][ T3423] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2302.577216][ T3423] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2304.995083][ T3423] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2306.463166][ T3423] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2325.003035][ T3423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2325.292883][ T3423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2325.507480][ T3423] bond0 (unregistering): Released all slaves [ 2329.090321][ T3423] hsr_slave_0: left promiscuous mode [ 2329.381169][ T3423] hsr_slave_1: left promiscuous mode [ 2330.146555][ T3423] veth1_macvtap: left promiscuous mode [ 2330.200635][ T3423] veth0_macvtap: left promiscuous mode [ 2330.204162][ T3423] veth1_vlan: left promiscuous mode [ 2330.235272][ T3423] veth0_vlan: left promiscuous mode [ 2364.523144][ T4269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2365.225612][ T4269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2366.051270][ T4266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2366.647710][ T4266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2393.207432][ T4269] hsr_slave_0: entered promiscuous mode [ 2393.335061][ T4269] hsr_slave_1: entered promiscuous mode [ 2396.536300][ T4266] hsr_slave_0: entered promiscuous mode [ 2396.663302][ T4266] hsr_slave_1: entered promiscuous mode [ 2396.744644][ T4266] debugfs: 'hsr0' already exists in 'hsr' [ 2396.771367][ T4266] Cannot create hsr debugfs directory [ 2415.706111][ T4269] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2416.387581][ T4269] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2416.943775][ T4269] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2417.428396][ T4269] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2422.743739][ T4266] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2423.231484][ T4266] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2423.685681][ T4266] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2424.041507][ T4266] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2449.058208][ T4269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2455.795428][ T4266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2600.366631][ T4269] veth0_vlan: entered promiscuous mode [ 2601.346241][ T4269] veth1_vlan: entered promiscuous mode [ 2606.902786][ T4266] veth0_vlan: entered promiscuous mode [ 2607.355735][ T4269] veth0_macvtap: entered promiscuous mode [ 2608.458827][ T4269] veth1_macvtap: entered promiscuous mode [ 2609.218446][ T4266] veth1_vlan: entered promiscuous mode [ 2613.868736][ T4414] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2613.872407][ T4414] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2614.160249][ T4414] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2614.350518][ T3412] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2615.145234][ T4266] veth0_macvtap: entered promiscuous mode [ 2616.542318][ T4266] veth1_macvtap: entered promiscuous mode [ 2621.881289][ T3308] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2621.934659][ T35] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2621.961674][ T35] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2621.966618][ T35] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2808.518596][ T3865] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2810.575732][ T3865] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2812.935493][ T3865] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2814.854916][ T3865] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2845.630981][ T3865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2846.085195][ T3865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2846.332476][ T3865] bond0 (unregistering): Released all slaves [ 2849.201568][ T3865] hsr_slave_0: left promiscuous mode [ 2849.333822][ T3865] hsr_slave_1: left promiscuous mode [ 2850.122993][ T3865] veth1_macvtap: left promiscuous mode [ 2850.157367][ T3865] veth0_macvtap: left promiscuous mode [ 2850.162626][ T3865] veth1_vlan: left promiscuous mode [ 2850.164199][ T3865] veth0_vlan: left promiscuous mode [ 2885.666097][ T4591] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2887.492562][ T4591] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2889.152892][ T4591] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2891.107147][ T4591] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2915.314592][ T4591] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2915.595122][ T4591] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2915.725935][ T4591] bond0 (unregistering): Released all slaves [ 2917.251796][ T4591] hsr_slave_0: left promiscuous mode [ 2917.293415][ T4591] hsr_slave_1: left promiscuous mode [ 2917.644522][ T4591] veth1_macvtap: left promiscuous mode [ 2917.648104][ T4591] veth0_macvtap: left promiscuous mode [ 2917.676681][ T4591] veth1_vlan: left promiscuous mode [ 2917.688994][ T4591] veth0_vlan: left promiscuous mode [ 2973.164975][ T4577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2973.468497][ T4577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2981.753002][ T4587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2982.066093][ T4587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3010.753452][ T4577] hsr_slave_0: entered promiscuous mode [ 3010.865345][ T4577] hsr_slave_1: entered promiscuous mode [ 3022.286461][ T4587] hsr_slave_0: entered promiscuous mode [ 3022.336350][ T4587] hsr_slave_1: entered promiscuous mode [ 3022.388445][ T4587] debugfs: 'hsr0' already exists in 'hsr' [ 3022.447546][ T4587] Cannot create hsr debugfs directory [ 3032.356740][ T4577] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 3032.808218][ T4577] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 3033.791300][ T4577] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 3034.591779][ T4577] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 3047.187364][ T4587] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 3047.944619][ T4587] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 3048.562019][ T4587] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 3049.197441][ T4587] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 3080.111031][ T4577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3091.895576][ T4587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3266.361723][ T4577] veth0_vlan: entered promiscuous mode [ 3267.863455][ T4577] veth1_vlan: entered promiscuous mode [ 3272.651950][ T4577] veth0_macvtap: entered promiscuous mode [ 3273.607966][ T4577] veth1_macvtap: entered promiscuous mode [ 3278.994909][ T35] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3279.007055][ T3894] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3279.117980][ T4410] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3279.128704][ T4410] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3280.787733][ T4587] veth0_vlan: entered promiscuous mode [ 3283.686174][ T4587] veth1_vlan: entered promiscuous mode [ 3290.706631][ T4587] veth0_macvtap: entered promiscuous mode [ 3291.604996][ T4587] veth1_macvtap: entered promiscuous mode [ 3296.680883][ T3894] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3296.695447][ T3894] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3296.890928][ T42] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3296.892065][ T42] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3674.452598][ T4906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3675.045291][ T4906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3681.597739][ T4909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3682.165216][ T4909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3743.387930][ T4906] hsr_slave_0: entered promiscuous mode [ 3743.534445][ T4906] hsr_slave_1: entered promiscuous mode [ 3743.701082][ T4906] debugfs: 'hsr0' already exists in 'hsr' [ 3743.701918][ T4906] Cannot create hsr debugfs directory [ 3749.957602][ T4909] hsr_slave_0: entered promiscuous mode [ 3750.126273][ T4909] hsr_slave_1: entered promiscuous mode [ 3750.189034][ T4909] debugfs: 'hsr0' already exists in 'hsr' [ 3750.303673][ T4909] Cannot create hsr debugfs directory [ 3815.927112][ T4909] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 3817.411315][ T4909] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 3818.368865][ T4909] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 3821.080757][ T4909] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 3830.511405][ T4906] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3831.446105][ T4906] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3832.319019][ T4906] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3833.086403][ T4906] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3883.915353][ T4909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3886.081799][ T27] INFO: task syz.8.135:4884 blocked for more than 430 seconds. [ 3886.101678][ T27] Not tainted syzkaller #0 [ 3886.166529][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3886.170616][ T27] task:syz.8.135 state:D stack:0 pid:4884 tgid:4884 ppid:4577 task_flags:0x400040 flags:0x00000019 [ 3886.172227][ T27] Call trace: [ 3886.172742][ T27] __switch_to+0x584/0xb20 (T) [ 3886.174820][ T27] __schedule+0x1eec/0x33a4 [ 3886.175411][ T27] schedule+0xac/0x27c [ 3886.175935][ T27] schedule_timeout+0x5c/0x1e4 [ 3886.176352][ T27] do_wait_for_common+0x28c/0x444 [ 3886.176768][ T27] wait_for_completion+0x44/0x5c [ 3886.177298][ T27] __synchronize_srcu+0x2a4/0x320 [ 3886.177782][ T27] synchronize_srcu+0x3cc/0x4f0 [ 3886.178218][ T27] mmu_notifier_unregister+0x320/0x42c [ 3886.178692][ T27] kvm_put_kvm+0x6a0/0xfa8 [ 3886.384940][ T27] kvm_vm_release+0x58/0x78 [ 3886.387524][ T27] __fput+0x4ac/0x980 [ 3886.388116][ T27] ____fput+0x20/0x58 [ 3886.388556][ T27] task_work_run+0x1bc/0x254 [ 3886.389002][ T27] do_notify_resume+0x1bc/0x270 [ 3886.424278][ T27] el0_svc+0xb8/0x164 [ 3886.424916][ T27] el0t_64_sync_handler+0x84/0x12c [ 3886.425425][ T27] el0t_64_sync+0x198/0x19c [ 3886.496142][ T27] [ 3886.496142][ T27] Showing all locks held in the system: [ 3886.502583][ T27] 1 lock held by khungtaskd/27: [ 3886.503140][ T27] #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 3886.505818][ T27] 2 locks held by getty/3185: [ 3886.506237][ T27] #0: 5ff0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c SYZFAIL: failed to recv rpc [ 3886.507977][ T27] #1: 77ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 3886.664312][ T27] 3 locks held by kworker/u4:0/3308: [ 3886.664709][ T27] 1 lock held by sshd-session/3311: [ 3886.665038][ T27] 2 locks held by syz-executor/3312: [ 3886.665386][ T27] 3 locks held by kworker/u4:8/3412: [ 3886.665719][ T27] #0: 48f0000011b2d148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 3886.667451][ T27] #1: ffff8000a3c17c78 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 3886.776429][ T27] #2: ffff800087b92fc0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 3886.783036][ T27] 2 locks held by kworker/u4:9/3423: [ 3886.783380][ T27] 3 locks held by kworker/u4:4/3813: [ 3886.783712][ T27] 3 locks held by kworker/u4:5/3865: [ 3886.784024][ T27] 3 locks held by kworker/u4:7/3894: [ 3886.784341][ T27] 2 locks held by kworker/u4:11/4590: [ 3886.784703][ T27] 2 locks held by syz.9.134/4887: [ 3886.785019][ T27] 1 lock held by syz-executor/4909: [ 3886.785346][ T27] #0: ffff800087b92fc0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 3886.787176][ T27] [ 3886.787448][ T27] ============================================= [ 3886.787448][ T27] fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3902.733721][ T4906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3907.197094][ T27] INFO: task syz.8.135:4884 blocked for more than 451 seconds. [ 3907.224331][ T27] Not tainted syzkaller #0 [ 3907.260961][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3907.261581][ T27] task:syz.8.135 state:D stack:0 pid:4884 tgid:4884 ppid:4577 task_flags:0x400040 flags:0x00000019 [ 3907.262353][ T27] Call trace: [ 3907.262634][ T27] __switch_to+0x584/0xb20 (T) [ 3907.263190][ T27] __schedule+0x1eec/0x33a4 [ 3907.263695][ T27] schedule+0xac/0x27c [ 3907.264169][ T27] schedule_timeout+0x5c/0x1e4 [ 3907.264596][ T27] do_wait_for_common+0x28c/0x444 [ 3907.264993][ T27] wait_for_completion+0x44/0x5c [ 3907.265518][ T27] __synchronize_srcu+0x2a4/0x320 [ 3907.266013][ T27] synchronize_srcu+0x3cc/0x4f0 [ 3907.266465][ T27] mmu_notifier_unregister+0x320/0x42c [ 3907.266957][ T27] kvm_put_kvm+0x6a0/0xfa8 [ 3907.267354][ T27] kvm_vm_release+0x58/0x78 [ 3907.267825][ T27] __fput+0x4ac/0x980 [ 3907.268219][ T27] ____fput+0x20/0x58 [ 3907.268617][ T27] task_work_run+0x1bc/0x254 [ 3907.269023][ T27] do_notify_resume+0x1bc/0x270 [ 3907.421189][ T27] el0_svc+0xb8/0x164 [ 3907.421824][ T27] el0t_64_sync_handler+0x84/0x12c [ 3907.422272][ T27] el0t_64_sync+0x198/0x19c [ 3907.422983][ T27] [ 3907.422983][ T27] Showing all locks held in the system: [ 3907.423295][ T27] 1 lock held by khungtaskd/27: [ 3907.423631][ T27] #0: ffff800087876d18 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 3907.425396][ T27] 1 lock held by klogd/3120: [ 3907.425778][ T27] 2 locks held by getty/3185: [ 3907.426082][ T27] #0: 5ff0000011c4a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 3907.427714][ T27] #1: 77ff80008c5cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 3907.538243][ T27] 2 locks held by kworker/u4:0/3308: [ 3907.538724][ T27] 3 locks held by kworker/u4:7/3894: [ 3907.601976][ T27] 3 locks held by kworker/u4:11/4590: [ 3907.620632][ T27] 3 locks held by kworker/u4:14/4591: [ 3907.621193][ T27] 2 locks held by syz.9.134/4887: [ 3907.621559][ T27] 2 locks held by syz-executor/4906: [ 3907.621891][ T27] 2 locks held by syz-executor/4909: [ 3907.622207][ T27] 3 locks held by kworker/u4:16/4979: [ 3907.622616][ T27] [ 3907.622859][ T27] ============================================= [ 3907.622859][ T27] VM DIAGNOSIS: 01:12:09 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800e2fac X00=ffff80008c4f7cf0 X01=ffff800080007578 X02=ffff80008c4f7cf0 X03=0000000000000010 X04=0000000000000001 X05=0000000000000000 X06=0000000000000000 X07=ffff80008534d3c0 X08=66f000000d9b9d80 X09=0000000000000000 X10=0000000000007fd8 X11=ffff800080010000 X12=ffff800080010e0c X13=ffff800080010e0c X14=ffff800080010e2c X15=ffff800080007708 X16=ffff800080010e20 X17=00000000000000f0 X18=00000000000000ff X19=0000000000000003 X20=66f000000d9b9d80 X21=0000000000000000 X22=00000000f6e6ac0c X23=0000000000000000 X24=fff0000071e060c0 X25=000000000000000e X26=0000000000000000 X27=00000000000000ff X28=0000000000000000 X29=ffff8000800075c0 X30=ffff8000865a4a38 SP=ffff8000800075f0 PSTATE=40402009 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=306974765f367069:00306974765f7069 Z01=0000000000000000:ff00000000000000 Z02=0000000000000000:00000000f0000000 Z03=ffffffffffff0000:00ff000000000000 Z04=0000000000000000:ffffff000f000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=43788d6f07084f17:4508b00c6052a10f Z17=6b69be1163cb6500:a4ac85c293540e63 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000