last executing test programs: 52m18.83575278s ago: executing program 1 (id=77): ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0x2) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x29) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x8}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x3000002, 0x4000010, r1, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000040)="eaaf0ca28b60dd5594c82164e59d09da90f732713239798cd67cca968b35a31e329747e501c12f9f3da1433eede7e04ca768a336c697aeb75a1d8913cdc780b56e1ac5adb48ca527", 0x0, 0x48) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f00000000c0)={[0x3, 0x3, 0x401, 0x3, 0x200, 0x22de, 0x9, 0x3, 0x9, 0x8776, 0x118000000, 0x80, 0x4, 0xb76, 0x8], 0x5000}) ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000180)={0xb6, 0x0, 0xfffffffffffffff9}) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000240)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000200)=0x12}) ioctl$KVM_ARM_VCPU_FINALIZE(r1, 0x4004aec2, &(0x7f0000000280)=0x5) syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, &(0x7f00000002c0)="70e1b1d3d1bcc2d652e0fb4bfa71d8633f2a8f2b33f63ef5", 0x0, 0x18) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000300)={0x9, 0x0, [{0x2, 0x3, 0x0, 0x0, @adapter={0x6, 0x1, 0x3, 0x6, 0x2}}, {0xfff, 0x2, 0x0, 0x0, @irqchip={0x1, 0x6}}, {0x7, 0x1, 0x0, 0x0, @sint={0xcdb7, 0x8}}, {0x6, 0x3, 0x0, 0x0, @adapter={0x3ff, 0x9, 0x10001, 0x9, 0x4}}, {0xf, 0x3, 0x3135c91bf4b6c016, 0x0, @irqchip={0x7, 0x8}}, {0x9, 0x1, 0x0, 0x0, @sint={0x0, 0x5}}, {0x3, 0x3, 0x1, 0x0, @adapter={0xe5a, 0x4, 0x5, 0x6, 0x9}}, {0xfffffffd, 0x2, 0x0, 0x0, @adapter={0x40, 0x3, 0x1000, 0x0, 0x4}}, {0x4e8, 0x1, 0x0, 0x0, @irqchip={0x1, 0x613b}}]}) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r5, 0x2000000, 0x110, r4, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f00000004c0)=@x86={0x6, 0x8, 0x5, 0x0, 0x0, 0x3, 0x7, 0x0, 0x4, 0x8, 0x1, 0xe1, 0x0, 0x7f, 0x5, 0x10, 0x0, 0x1, 0x5, '\x00', 0x6, 0x10001}) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r5, 0x2000000, 0x12, r1, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r5, 0x5, 0x10, r4, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, r6, 0x3000001, 0x10010, r1, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000500)={0x7, 0x8080000}) r7 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000540)={0x0, 0x1ff}) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000580)={0x0, 0x4, 0x60000, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0x7, r7}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r3, 0x4010ae74, &(0x7f0000000640)={0x3, 0x6, 0x1}) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3d) ioctl$KVM_CAP_ARM_MTE(r8, 0x4068aea3, &(0x7f0000000680)) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r6, 0x0, 0x2010, 0xffffffffffffffff, 0x0) 52m13.484208976s ago: executing program 1 (id=79): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x2, 0x48}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r6}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x6, 0x2000, 0x0, r6}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140000, &(0x7f0000000040)=0x10000}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, 0xffffffffffffffff) 52m10.056495586s ago: executing program 0 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8, 0x0, 0x2, r2, 0x4}) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x7ffffffe}) (async) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x7ffffffe}) 52m6.146925842s ago: executing program 1 (id=81): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x69) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0)=0x7ffffff, 0xfffffd77) r7 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce4, &(0x7f0000000040)=0x2}) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x80000002, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, 0x0) 52m3.042904541s ago: executing program 0 (id=82): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x19) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x21) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r5, 0x100000d, 0x11, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x801c581f, 0xfffffffffffffffe) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9}) ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x183900, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) close(r7) ioctl$KVM_CREATE_VM(r8, 0x400454e2, 0x110c230020) 51m56.426053258s ago: executing program 0 (id=83): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r1 = ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2b) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000580)=[@its_setup={0x82, 0x28, {0x3, 0x3, 0x176}}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x4}, @code={0xa, 0x9c, {"40558bd20080b8f2210180d2a20080d2430180d2040080d2020000d4a07d92d200e0b0f2e10080d2a20180d2230080d2c40180d2020000d400a0e00d000028d5007008d5008008d50004805a008008d5c02f81d20040b8f2610080d2820080d2a30080d2240080d2020000d4a00a8dd200c0b8f2e10180d2620180d2230180d2840080d2020000d4"}}, @hvc={0x32, 0x40, {0x4000, [0x80000000, 0xffffffff, 0x8, 0x5]}}, @hvc={0x32, 0x40, {0xc4000012, [0x7, 0x9, 0x0, 0x8, 0xa571]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x1, 0x401, 0x2, 0x2}}, @msr={0x14, 0x20, {0x0, 0xffffffffffffffff}}, @mrs={0xbe, 0x18, {0x603000000013e521}}, @svc={0x122, 0x40, {0x84000011, [0x8, 0xb81, 0x1, 0x4, 0xd]}}, @svc={0x122, 0x40, {0x84000009, [0xe, 0x1800, 0x7fffffff, 0x6, 0x81]}}, @mrs={0xbe, 0x18, {0x603000000013e080}}, @smc={0x1e, 0x40, {0xc4000004, [0x2b, 0x401, 0x6, 0xd5fd, 0x7]}}, @smc={0x1e, 0x40, {0x80003fff, [0x200, 0xffffffffffffffff, 0x6, 0x9, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c01e}}, @svc={0x122, 0x40, {0xc4000012, [0x8, 0xb, 0x6, 0x811e, 0xb]}}, @irq_setup={0x46, 0x18, {0x3, 0x1af}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x80, 0x4, 0x1}}, @eret={0xe6, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x0, 0x154}}, @mrs={0xbe, 0x18, {0x603000000013df11}}, @irq_setup={0x46, 0x18, {0x3, 0x304}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x3, 0x3, 0x9, 0x4, 0x3}}], 0x414}], 0x1, 0x0, &(0x7f00000000c0)=[@featur2={0x1, 0x23}], 0x1) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_DIRTY_LOG_RING(r6, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x10000}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 51m55.512672706s ago: executing program 1 (id=84): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x6a01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xb6) r5 = eventfd2(0x1, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r5, 0x3}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 51m50.224003176s ago: executing program 1 (id=85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0x340) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x4}) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x58) 51m48.127869978s ago: executing program 0 (id=86): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) 51m44.658080312s ago: executing program 1 (id=87): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x7}}], 0x50}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34) syz_kvm_vgic_v3_setup(r7, 0x4, 0x1e0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x8, 0x8}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000240)={0x4, 0x4, 0xdddd0000, 0x2000, &(0x7f0000fa1000/0x2000)=nil, 0x400, r9}) 51m41.740742873s ago: executing program 0 (id=88): mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) r0 = eventfd2(0xc469, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r3, 0x4004aec2, &(0x7f0000000000)=0x2) write$eventfd(r0, &(0x7f0000000200)=0x8, 0x8) 51m35.726627373s ago: executing program 0 (id=89): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f00006a0000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, &(0x7f0000000140)=[@eret={0xe6, 0x18, 0x20e}, @smc={0x1e, 0x40, {0xc5000021, [0x7, 0x5, 0x7, 0x8]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x157}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013defa, 0x3}}, @svc={0x122, 0x40, {0x8400000a, [0x5, 0x1, 0xe58, 0x2, 0xf]}}, @svc={0x122, 0x40, {0x40, [0x80000000, 0x8000000000000001, 0xea, 0xfed, 0x2]}}, @code={0xa, 0x84, {"008008d5007008d540c389d20020b0f2a10180d2220080d2c30180d2240080d2020000d4007008d5202490d20000b0f2810180d2620080d2c30180d2040080d2020000d400f8b07e0000c07980c39ad20060b8f2c10180d2820180d2c30180d2040080d2020000d400b0204e000008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0xac}}, @mrs={0xbe, 0x18, {0x603000000013e660}}, @hvc={0x32, 0x40, {0x84000005, [0x3ff, 0xfff, 0x7, 0x40, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013dea3}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013c662}}, @uexit={0x0, 0x18}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xae5, 0x0, 0x7}}], 0x2cc}, &(0x7f0000000080)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 50m58.305776421s ago: executing program 32 (id=87): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0x7}}], 0x50}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x10000, 0x0, 0x100, 0x2}}], 0x50}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34) syz_kvm_vgic_v3_setup(r7, 0x4, 0x1e0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x8, 0x8}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000240)={0x4, 0x4, 0xdddd0000, 0x2000, &(0x7f0000fa1000/0x2000)=nil, 0x400, r9}) 50m48.545710923s ago: executing program 33 (id=89): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f00006a0000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, &(0x7f0000000140)=[@eret={0xe6, 0x18, 0x20e}, @smc={0x1e, 0x40, {0xc5000021, [0x7, 0x5, 0x7, 0x8]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x157}}, @uexit={0x0, 0x18, 0x5}, @msr={0x14, 0x20, {0x603000000013defa, 0x3}}, @svc={0x122, 0x40, {0x8400000a, [0x5, 0x1, 0xe58, 0x2, 0xf]}}, @svc={0x122, 0x40, {0x40, [0x80000000, 0x8000000000000001, 0xea, 0xfed, 0x2]}}, @code={0xa, 0x84, {"008008d5007008d540c389d20020b0f2a10180d2220080d2c30180d2240080d2020000d4007008d5202490d20000b0f2810180d2620080d2c30180d2040080d2020000d400f8b07e0000c07980c39ad20060b8f2c10180d2820180d2c30180d2040080d2020000d400b0204e000008d5"}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0xac}}, @mrs={0xbe, 0x18, {0x603000000013e660}}, @hvc={0x32, 0x40, {0x84000005, [0x3ff, 0xfff, 0x7, 0x40, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013dea3}}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013c662}}, @uexit={0x0, 0x18}, @memwrite={0x6e, 0x30, @generic={0x1000, 0xae5, 0x0, 0x7}}], 0x2cc}, &(0x7f0000000080)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 29m24.965201556s ago: executing program 3 (id=238): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xe) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000000000)={0x5000, 0xeeef0000, 0x3, 0x0, 0x5}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xb) ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000040)) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f00000000c0)={0xdf, 0x0, 0x15000}) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[@smc={0x1e, 0x40, {0x4000000, [0xc344, 0x8, 0x2, 0x8000000000000001, 0x7]}}, @msr={0x14, 0x20, {0x603000000013e6c7, 0x4}}, @irq_setup={0x46, 0x18, {0x1, 0x168}}, @msr={0x14, 0x20, {0x603000000013e660, 0x8001}}, @msr={0x14, 0x20, {0x2611, 0x4}}], 0xb8}, &(0x7f0000000240)=[@featur2={0x1, 0x24}], 0x1) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000280)={0x9, 0x97}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x1, 0x5, &(0x7f00000002c0)=0x87}) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000340)={0x800, 0x2}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000380)={0x26000, 0x3000}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000003c0)={0x3, 0x0, [{0xfffffaad, 0x1, 0xd2ac5ee0474a2724, 0x0, @sint={0x8, 0x8}}, {0xc52, 0x3, 0x1, 0x0, @irqchip={0x2, 0x7}}, {0x5, 0x2, 0x1, 0x0, @sint={0x6, 0x1}}]}) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f0000000480)=0xc106) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f00000004c0)={0x9, 0x9}) r5 = eventfd2(0x0, 0x0) r6 = eventfd2(0xc, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000500)={r5, 0x2, 0x2, r6}) ioctl$KVM_SET_REGS(r4, 0x4360ae82, &(0x7f0000000540)={[0x0, 0x8, 0xfffffffffffffff7, 0x9, 0x0, 0x40, 0x0, 0xe315, 0x5, 0x2, 0x6945, 0x5, 0x0, 0x3, 0x1, 0xf2e], 0x0, 0x20200}) close(r4) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x10) ioctl$KVM_PPC_ALLOCATE_HTAB(r8, 0xc004aea7, &(0x7f0000000640)=0x615a4f6b) r9 = eventfd2(0x9, 0x80000) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000680)=@attr_pmu_init) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000006c0)={0x4284, 0xf000, 0x4, r9, 0xb}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29m18.34590314s ago: executing program 2 (id=239): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@eret={0xe6, 0x18, 0xd9e9}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29m16.137377828s ago: executing program 3 (id=240): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000000)={0x30, "404b9f3ce22ff17c67d1e53a3db0f05173dbb8c857ea83f03fe789760f73d7c311de0282c416d6cb8097be35e0477a91"}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000040)={0xe4, 0x0, 0x4ef7}) r4 = ioctl$KVM_GET_STATS_FD_cpu(r3, 0xaece) ioctl$KVM_CAP_ARM_USER_IRQ(r4, 0x4068aea3, &(0x7f00000000c0)) 29m8.092479491s ago: executing program 2 (id=241): r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000afc000/0x400000)=nil) openat$kvm(0x0, 0x0, 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0x4b47, 0xfffffffffffffffe) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r6 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r5, 0x2, 0x12, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="fb016bddfb405ee52cc6a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb2070000000000000000000000c20cecfa0a97ab7800", 0x0, 0x48) r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 29m6.984931135s ago: executing program 3 (id=242): r0 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x9) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bcb000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r8, 0x4010aeb5, &(0x7f00000002c0)={0x200}) (async) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r8, 0x4010aeb5, &(0x7f00000002c0)={0x200}) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r11, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r12, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r12, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async) r13 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r13, 0x4004aec2, 0x0) 28m58.219920717s ago: executing program 2 (id=243): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x25) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f00000002c0)=@attr_other={0x0, 0x108, 0xa, 0x0}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000240)) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x8, 0x80, 0x80}}], 0x50}, 0x0, 0x0) (async) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000300)={0x2, 0x0, [{0x3, 0x3, 0x0, 0x0, @adapter={0x4, 0xb, 0x5, 0x0, 0xff}}, {0x4c6, 0x5, 0x1, 0x0, @irqchip={0x1, 0x8}}]}) (async) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (async) openat$kvm(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 64) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a86000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0xffffffffffffffa2) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100016, 0xffffffffffffffff}) (async, rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (rerun: 64) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0x1, 0x3, &(0x7f00000000c0)=0x4e8}) (async) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000000)=0xcfba}) r14 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x12) syz_kvm_vgic_v3_setup(r14, 0x0, 0x2c0) (async) r15 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_HAS_DEVICE_ATTR(r15, 0x4018aee3, 0xfffffffffffffffe) 28m52.494770997s ago: executing program 3 (id=244): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, 0x930, 0x1, 0x13, r3, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0x80086601, 0x20000000) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x4000}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000180)=@arm64_fw={0x5, &(0x7f00000000c0)=0x7}) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x12) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000140)=@arm64_bitmap={0x6030000000160000}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) 28m48.412565013s ago: executing program 2 (id=245): r0 = openat$kvm(0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000040)={0x5}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0x541b, 0xac) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, 0x0) (async) openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000040)={0x5}) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r6, 0x541b, 0xac) (async) 28m43.124008324s ago: executing program 3 (id=246): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x4a7d47b52f4e3fac, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd9) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000000)={0x2, 0x0, [{0x101, 0x4, 0x1, 0x0, @adapter={0xfc, 0x5, 0x80000000, 0x1, 0x3}}, {0x4000005, 0x5, 0x1, 0x0, @msi={0x4, 0x2002, 0x5, 0x3}}]}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x4, 0x200) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r11 = eventfd2(0x7f, 0x80000) r12 = eventfd2(0x4bb, 0x800) ioctl$KVM_IRQFD(r10, 0x4020ae76, &(0x7f0000000240)={r11, 0x8, 0x1, r12}) r13 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r13, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r15, &(0x7f00000001c0)=0x7ffffff, 0xfdef) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe5) 28m38.376981454s ago: executing program 2 (id=247): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, 0x0, 0x40000, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x2, 0x80a0000, 0x0, r4, 0x4fd0f096b459bd7b}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x101300, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000280)=0x400000080a0000}) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x48a, 0x1, 0x8000000000000000, 0x1, 0x8000400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) 28m28.872144953s ago: executing program 3 (id=248): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r6, 0x3}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r6, 0xa}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r6, 0x3}) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r10}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x1e) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) r14 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r13, 0x0) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r15, 0x8933, 0x110e227ffe) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r10}) close(r9) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r16, 0x2, 0x20000013) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) 28m28.222655705s ago: executing program 2 (id=249): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x5460, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000b4b000/0x400000)=nil) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013dcf3, &(0x7f00000000c0)=0x3}) ioctl$KVM_IOEVENTFD(r4, 0x4020ae46, &(0x7f00000000c0)={0x100, 0x1000}) 27m42.424389227s ago: executing program 34 (id=248): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100006, &(0x7f0000000100)=0xc5c5}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r6, 0x3}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r6, 0xa}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r6, 0x3}) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r10}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x1e) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) r14 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r13, 0x0) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r15, 0x8933, 0x110e227ffe) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r10}) close(r9) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r16, 0x2, 0x20000013) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) 27m39.125375952s ago: executing program 35 (id=249): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xb1) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x5460, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000b4b000/0x400000)=nil) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013dcf3, &(0x7f00000000c0)=0x3}) ioctl$KVM_IOEVENTFD(r4, 0x4020ae46, &(0x7f00000000c0)={0x100, 0x1000}) 21m12.882895072s ago: executing program 4 (id=250): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) (async) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x80000002, [0x0, 0x1, 0x2, 0x3, 0x4]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r4, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) r11 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r10, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101080, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000040)={0x4}) (async) syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, &(0x7f0000000240)="9ff90d8d766e1116fb10926dd7256de4b19d3d270a571d6c", 0x0, 0x12) (async) r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) (async) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r15, 0x80111500, 0x20000000) 20m50.497144524s ago: executing program 4 (id=252): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r2, 0x1000002, 0x30, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 20m47.933095756s ago: executing program 5 (id=251): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000080)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, 0xffffffffffffffff) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r7 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x240) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) 20m33.842720807s ago: executing program 4 (id=253): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000004, [0x80000000, 0x6, 0x3, 0x7f, 0x800]}}], 0x40}, &(0x7f0000000100)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000300)) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x2}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0xe) r11 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, 0x0}) 20m32.615080857s ago: executing program 5 (id=254): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000a26000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x6}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_DEVICE(r6, 0xc018aec0, &(0x7f00000000c0)={0x1}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 19m46.832831892s ago: executing program 36 (id=253): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000004, [0x80000000, 0x6, 0x3, 0x7f, 0x800]}}], 0x40}, &(0x7f0000000100)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000300)) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x2}) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0xe) r11 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, 0x0}) 19m39.554809939s ago: executing program 37 (id=254): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000a26000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x2, 0x7f, &(0x7f0000000340)=0x6}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_DEVICE(r6, 0xc018aec0, &(0x7f00000000c0)={0x1}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12m12.485045337s ago: executing program 7 (id=256): mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x8, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x6, 0x2000, 0x0, r2}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) 12m2.586512601s ago: executing program 6 (id=255): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b10000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, 0x0}, 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x13, r10, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x25) ioctl$KVM_CHECK_EXTENSION_VM(r12, 0xae03, 0x88) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140003, &(0x7f00000000c0)=0x5}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000000)=@attr_pmu_init) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r15, 0x400454d1, 0x110c230020) close(r1) 11m57.888612007s ago: executing program 7 (id=257): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0xffffffffffffffff}) openat$kvm(0x0, 0x0, 0xc0002, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe6) 11m39.735945685s ago: executing program 7 (id=258): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async, rerun: 32) openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) (async, rerun: 32) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x2}) (async, rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x90, &(0x7f0000000000)=0x10}) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xf3) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) 11m34.744306041s ago: executing program 6 (id=259): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eea000/0x2000)=nil, 0x0, 0x0, 0x100010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000) (async) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async, rerun: 32) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) (async, rerun: 32) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async, rerun: 64) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, 0x0, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 64) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2802, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x8, 0x3a0) 11m20.614703462s ago: executing program 7 (id=260): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x408) ioctl$KVM_CHECK_EXTENSION(r4, 0x541b, 0x20000000000000ac) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r8}) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000000)={0x6, 0x0, 0x0, r8, 0x4}) 11m16.192377839s ago: executing program 6 (id=261): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000040), 0x6002, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffffffff) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x80000000000) openat$kvm(0x0, 0x0, 0x100, 0x0) close(0x3) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x1, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xab) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) r9 = eventfd2(0x0, 0x0) close(r9) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x3a33f0, 0x1f01) write$eventfd(r9, &(0x7f00000001c0)=0x87, 0xffea) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r10, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r3, 0x108, 0x1c0) 10m59.426821852s ago: executing program 7 (id=262): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000000)) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000000)) (async) 10m51.164366185s ago: executing program 6 (id=263): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c02a, &(0x7f0000000180)}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) r6 = eventfd2(0x8, 0x80000) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xd8) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r6}) 10m40.85784061s ago: executing program 7 (id=264): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r4 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r3, 0x3, 0x11, r4, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@irq_setup={0x46, 0x18, {0x2, 0x32c}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) 10m2.944492804s ago: executing program 38 (id=263): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c02a, &(0x7f0000000180)}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) r6 = eventfd2(0x8, 0x80000) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xd8) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r6}) 9m50.125371286s ago: executing program 39 (id=264): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r4 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r3, 0x3, 0x11, r4, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@irq_setup={0x46, 0x18, {0x2, 0x32c}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1m7.144727404s ago: executing program 8 (id=265): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x5, 0x25000, 0x0, 0xffffffffffffffff, 0x1}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10010, 0x0, 0x4, 0x2}}], 0x50}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r13 = eventfd2(0xffff10c0, 0x801) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x4, r13, 0x1}) r14 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r14, 0xae80, 0x0) 50.725536493s ago: executing program 9 (id=266): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0), 0xf001) (async) write$eventfd(0xffffffffffffffff, &(0x7f00000001c0), 0xff3c) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f00000000c0)={0x836, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x801}}]}) (async) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r15, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x10000}) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r17 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000de6000/0x2000)=nil, r16, 0x3, 0x10, r17, 0x0) 18.506088822s ago: executing program 40 (id=265): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x5, 0x25000, 0x0, 0xffffffffffffffff, 0x1}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0x10010, 0x0, 0x4, 0x2}}], 0x50}, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r13 = eventfd2(0xffff10c0, 0x801) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x4, r13, 0x1}) r14 = syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r14, 0xae80, 0x0) 0s ago: executing program 41 (id=266): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0), 0xf001) (async) write$eventfd(0xffffffffffffffff, &(0x7f00000001c0), 0xff3c) openat$kvm(0x0, 0x0, 0x0, 0x0) (async) r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f00000000c0)={0x836, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x801}}]}) (async) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x12) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r15, 0x4068aea3, &(0x7f0000000200)={0xdf, 0x0, 0x10000}) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r17 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000de6000/0x2000)=nil, r16, 0x3, 0x10, r17, 0x0) kernel console output (not intermixed with test programs): [ 401.933135][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 446.431279][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:46996' (ED25519) to the list of known hosts. [ 607.297180][ T25] audit: type=1400 audit(606.520:60): avc: denied { name_bind } for pid=3334 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 608.162583][ T25] audit: type=1400 audit(607.380:61): avc: denied { execute } for pid=3335 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 608.187584][ T25] audit: type=1400 audit(607.410:62): avc: denied { execute_no_trans } for pid=3335 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 628.294256][ T25] audit: type=1400 audit(627.520:63): avc: denied { mounton } for pid=3335 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 628.351572][ T25] audit: type=1400 audit(627.570:64): avc: denied { mount } for pid=3335 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 628.439044][ T3335] cgroup: Unknown subsys name 'net' [ 628.513461][ T25] audit: type=1400 audit(627.740:65): avc: denied { unmount } for pid=3335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 628.968889][ T3335] cgroup: Unknown subsys name 'cpuset' [ 629.113437][ T3335] cgroup: Unknown subsys name 'rlimit' [ 630.493602][ T25] audit: type=1400 audit(629.720:66): avc: denied { setattr } for pid=3335 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 630.513140][ T25] audit: type=1400 audit(629.730:67): avc: denied { mounton } for pid=3335 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 630.544696][ T25] audit: type=1400 audit(629.770:68): avc: denied { mount } for pid=3335 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 631.587375][ T3339] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 631.613279][ T25] audit: type=1400 audit(630.830:69): avc: denied { relabelto } for pid=3339 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.633833][ T25] audit: type=1400 audit(630.850:70): avc: denied { write } for pid=3339 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 631.817806][ T25] audit: type=1400 audit(631.040:71): avc: denied { read } for pid=3335 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.844700][ T25] audit: type=1400 audit(631.060:72): avc: denied { open } for pid=3335 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 631.892540][ T3335] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 685.031738][ T25] audit: type=1400 audit(684.230:73): avc: denied { execmem } for pid=3340 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 689.427691][ T25] audit: type=1400 audit(688.650:74): avc: denied { read } for pid=3342 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 689.467146][ T25] audit: type=1400 audit(688.690:75): avc: denied { open } for pid=3342 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 689.580880][ T25] audit: type=1400 audit(688.790:76): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 689.834131][ T25] audit: type=1400 audit(689.060:77): avc: denied { module_request } for pid=3343 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 689.860652][ T25] audit: type=1400 audit(689.080:78): avc: denied { module_request } for pid=3342 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 690.831163][ T25] audit: type=1400 audit(690.050:79): avc: denied { sys_module } for pid=3343 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 716.782136][ T3343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.045445][ T3343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.319591][ T3342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 717.740818][ T3342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 729.019008][ T3343] hsr_slave_0: entered promiscuous mode [ 729.046805][ T3343] hsr_slave_1: entered promiscuous mode [ 729.975178][ T3342] hsr_slave_0: entered promiscuous mode [ 730.017739][ T3342] hsr_slave_1: entered promiscuous mode [ 730.052854][ T3342] debugfs: 'hsr0' already exists in 'hsr' [ 730.057214][ T3342] Cannot create hsr debugfs directory [ 735.650858][ T25] audit: type=1400 audit(734.870:80): avc: denied { create } for pid=3343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 735.700423][ T25] audit: type=1400 audit(734.920:81): avc: denied { write } for pid=3343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 735.759820][ T25] audit: type=1400 audit(734.970:82): avc: denied { read } for pid=3343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 735.885210][ T3343] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 736.276701][ T3343] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 736.614721][ T3343] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 736.931933][ T3343] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 738.314984][ T3342] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 738.436298][ T3342] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 738.584412][ T3342] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 738.747564][ T3342] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 751.437920][ T3343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 752.474512][ T3342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 804.996650][ T3343] veth0_vlan: entered promiscuous mode [ 805.647521][ T3343] veth1_vlan: entered promiscuous mode [ 806.481208][ T3342] veth0_vlan: entered promiscuous mode [ 807.286920][ T3342] veth1_vlan: entered promiscuous mode [ 808.002032][ T3343] veth0_macvtap: entered promiscuous mode [ 808.583225][ T3343] veth1_macvtap: entered promiscuous mode [ 809.556676][ T3342] veth0_macvtap: entered promiscuous mode [ 810.151057][ T3342] veth1_macvtap: entered promiscuous mode [ 810.915928][ T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.025721][ T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.031650][ T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.046779][ T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.786661][ T2118] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.793690][ T2118] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.805338][ T2118] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.820992][ T2118] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 813.792516][ T25] audit: type=1400 audit(813.010:83): avc: denied { mount } for pid=3343 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 813.994259][ T25] audit: type=1400 audit(813.220:84): avc: denied { mounton } for pid=3343 comm="syz-executor" path="/syzkaller.Oyph1A/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 814.207331][ T25] audit: type=1400 audit(813.430:85): avc: denied { mount } for pid=3343 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 814.485688][ T25] audit: type=1400 audit(813.710:86): avc: denied { mounton } for pid=3343 comm="syz-executor" path="/syzkaller.Oyph1A/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 814.679734][ T25] audit: type=1400 audit(813.890:87): avc: denied { mounton } for pid=3343 comm="syz-executor" path="/syzkaller.Oyph1A/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 815.501323][ T25] audit: type=1400 audit(814.710:88): avc: denied { unmount } for pid=3343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 815.646678][ T25] audit: type=1400 audit(814.870:89): avc: denied { mounton } for pid=3343 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 815.742715][ T25] audit: type=1400 audit(814.950:90): avc: denied { mount } for pid=3343 comm="syz-executor" name="/" dev="gadgetfs" ino=3799 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 815.897529][ T25] audit: type=1400 audit(815.120:91): avc: denied { mount } for pid=3343 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 815.934456][ T25] audit: type=1400 audit(815.160:92): avc: denied { mounton } for pid=3343 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 816.737437][ T3343] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 829.841420][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 829.843228][ T25] audit: type=1400 audit(829.060:97): avc: denied { read } for pid=3492 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 830.010553][ T25] audit: type=1400 audit(829.210:98): avc: denied { open } for pid=3492 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 830.760313][ T25] audit: type=1400 audit(829.970:99): avc: denied { ioctl } for pid=3492 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 833.167626][ T25] audit: type=1400 audit(832.390:100): avc: denied { write } for pid=3492 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 838.019057][ T25] audit: type=1400 audit(837.240:101): avc: denied { append } for pid=3493 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 848.962198][ T25] audit: type=1400 audit(848.180:102): avc: denied { execute } for pid=3501 comm="syz.0.4" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4114 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 906.687448][ T3537] kvm [3537]: Failed to find VMA for hva 0x20000000 [ 949.363641][ T3563] kvm [3563]: Failed to find VMA for hva 0x21016000 [ 949.484413][ T3562] kvm [3562]: Failed to find VMA for hva 0x21016000 [ 1053.893778][ T25] audit: type=1400 audit(1053.110:103): avc: denied { create } for pid=3623 comm="syz.0.37" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1210.670949][ T25] audit: type=1400 audit(1209.870:104): avc: denied { ioctl } for pid=3715 comm="syz.1.66" path="net:[4026532624]" dev="nsfs" ino=4026532624 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1221.543243][ T3720] kvm [3720]: Failed to find VMA for hva 0x20e51000 [ 1403.925230][ T3795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1404.221457][ T3795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1426.331896][ T3804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1426.652202][ T3804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1432.862184][ T3795] hsr_slave_0: entered promiscuous mode [ 1432.983385][ T3795] hsr_slave_1: entered promiscuous mode [ 1433.091616][ T3795] debugfs: 'hsr0' already exists in 'hsr' [ 1433.092565][ T3795] Cannot create hsr debugfs directory [ 1449.235909][ T3795] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1449.605347][ T3795] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1449.894029][ T3795] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1450.157214][ T3795] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1454.887815][ T3804] hsr_slave_0: entered promiscuous mode [ 1455.023970][ T3804] hsr_slave_1: entered promiscuous mode [ 1455.121114][ T3804] debugfs: 'hsr0' already exists in 'hsr' [ 1455.132024][ T3804] Cannot create hsr debugfs directory [ 1470.594073][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1471.637627][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1472.991848][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1473.885668][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.150773][ T3804] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1477.844130][ T3804] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1478.364026][ T3804] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1479.075988][ T3804] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1489.793729][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1490.382372][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1490.801666][ T12] bond0 (unregistering): Released all slaves [ 1492.660571][ T12] hsr_slave_0: left promiscuous mode [ 1492.760971][ T12] hsr_slave_1: left promiscuous mode [ 1493.440639][ T12] veth1_macvtap: left promiscuous mode [ 1493.444601][ T12] veth0_macvtap: left promiscuous mode [ 1493.472212][ T12] veth1_vlan: left promiscuous mode [ 1493.494307][ T12] veth0_vlan: left promiscuous mode [ 1514.946073][ T3795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1516.216535][ T3807] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1517.503743][ T3807] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1518.972445][ T3807] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1520.176578][ T3807] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1536.472296][ T3807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1536.633187][ T3807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1536.757898][ T3807] bond0 (unregistering): Released all slaves [ 1538.691753][ T3807] hsr_slave_0: left promiscuous mode [ 1538.970715][ T3807] hsr_slave_1: left promiscuous mode [ 1540.010103][ T3807] veth1_macvtap: left promiscuous mode [ 1540.011529][ T3807] veth0_macvtap: left promiscuous mode [ 1540.032686][ T3807] veth1_vlan: left promiscuous mode [ 1540.045492][ T3807] veth0_vlan: left promiscuous mode [ 1569.375045][ T3804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1631.246769][ T3795] veth0_vlan: entered promiscuous mode [ 1631.983964][ T3795] veth1_vlan: entered promiscuous mode [ 1635.175569][ T3795] veth0_macvtap: entered promiscuous mode [ 1635.855852][ T3795] veth1_macvtap: entered promiscuous mode [ 1638.801722][ T3897] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.803224][ T3897] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.839970][ T3897] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.841098][ T3897] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1641.462126][ T25] audit: type=1400 audit(1640.680:105): avc: denied { mounton } for pid=3795 comm="syz-executor" path="/syzkaller.n9vZYl/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 1655.394163][ T3804] veth0_vlan: entered promiscuous mode [ 1656.236613][ T3804] veth1_vlan: entered promiscuous mode [ 1659.145548][ T3804] veth0_macvtap: entered promiscuous mode [ 1659.735567][ T3804] veth1_macvtap: entered promiscuous mode [ 1663.193765][ T3882] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1663.205077][ T3882] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1663.327865][ T3882] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1663.340657][ T3882] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2093.496249][ T25] audit: type=1400 audit(2092.720:106): avc: denied { map } for pid=4301 comm="syz.3.148" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=12697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2093.567647][ T25] audit: type=1400 audit(2092.790:107): avc: denied { read } for pid=4301 comm="syz.3.148" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=12697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2294.440047][ T25] audit: type=1400 audit(2293.660:108): avc: denied { map } for pid=4411 comm="syz.3.176" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2346.049720][ T25] audit: type=1400 audit(2345.250:109): avc: denied { setattr } for pid=4439 comm="syz.2.186" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2485.133021][ T25] audit: type=1400 audit(2484.330:110): avc: denied { execute } for pid=4521 comm="syz.2.209" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2825.112206][ T4670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2825.456498][ T4670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2830.057783][ T4672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2830.397057][ T4672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2854.624390][ T4670] hsr_slave_0: entered promiscuous mode [ 2854.736847][ T4670] hsr_slave_1: entered promiscuous mode [ 2858.794497][ T4672] hsr_slave_0: entered promiscuous mode [ 2858.903649][ T4672] hsr_slave_1: entered promiscuous mode [ 2858.970779][ T4672] debugfs: 'hsr0' already exists in 'hsr' [ 2858.973931][ T4672] Cannot create hsr debugfs directory [ 2879.582188][ T4670] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2880.741884][ T4670] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2881.751576][ T4670] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2882.447916][ T4670] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2893.026594][ T4672] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2893.497691][ T4672] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2894.457419][ T3807] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2894.987824][ T4672] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2895.414954][ T4672] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2896.777171][ T3807] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2898.422870][ T3807] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2900.057353][ T3807] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2916.614100][ T3807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2916.752777][ T3807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2916.877033][ T3807] bond0 (unregistering): Released all slaves [ 2919.354727][ T3807] hsr_slave_0: left promiscuous mode [ 2919.634968][ T3807] hsr_slave_1: left promiscuous mode [ 2920.781210][ T3807] veth1_macvtap: left promiscuous mode [ 2920.810967][ T3807] veth0_macvtap: left promiscuous mode [ 2920.831086][ T3807] veth1_vlan: left promiscuous mode [ 2920.841016][ T3807] veth0_vlan: left promiscuous mode [ 2956.675396][ T3807] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2958.107988][ T3807] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2959.032304][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2959.491585][ T3807] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2960.734310][ T3807] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2979.944874][ T3807] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2980.092883][ T3807] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2980.167224][ T3807] bond0 (unregistering): Released all slaves [ 2981.783581][ T3807] hsr_slave_0: left promiscuous mode [ 2981.983606][ T3807] hsr_slave_1: left promiscuous mode [ 2982.847554][ T3807] veth1_macvtap: left promiscuous mode [ 2982.867049][ T3807] veth0_macvtap: left promiscuous mode [ 2982.882229][ T3807] veth1_vlan: left promiscuous mode [ 2982.921574][ T3807] veth0_vlan: left promiscuous mode [ 3010.905433][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3112.281290][ T4670] veth0_vlan: entered promiscuous mode [ 3113.412807][ T4670] veth1_vlan: entered promiscuous mode [ 3117.141955][ T4670] veth0_macvtap: entered promiscuous mode [ 3117.697827][ T4670] veth1_macvtap: entered promiscuous mode [ 3121.527788][ T4712] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3121.590620][ T4712] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3121.615260][ T4712] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3121.625211][ T4712] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3132.464849][ T4672] veth0_vlan: entered promiscuous mode [ 3133.924459][ T4672] veth1_vlan: entered promiscuous mode [ 3138.283250][ T4672] veth0_macvtap: entered promiscuous mode [ 3139.084127][ T4672] veth1_macvtap: entered promiscuous mode [ 3143.694828][ T4712] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3143.716147][ T4712] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3143.779860][ T4712] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3143.791848][ T3391] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3241.443064][ T4712] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3244.573604][ T4712] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3246.726220][ T4712] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3248.552851][ T4712] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3274.180999][ T4712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3274.442102][ T4712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3274.675212][ T4712] bond0 (unregistering): Released all slaves [ 3276.884189][ T4712] hsr_slave_0: left promiscuous mode [ 3277.370128][ T4712] hsr_slave_1: left promiscuous mode [ 3278.910232][ T4712] veth1_macvtap: left promiscuous mode [ 3278.924055][ T4712] veth0_macvtap: left promiscuous mode [ 3278.936472][ T4712] veth1_vlan: left promiscuous mode [ 3278.974237][ T4712] veth0_vlan: left promiscuous mode [ 3313.782935][ T4712] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3315.804681][ T4712] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3317.362784][ T4712] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3318.846217][ T4712] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3336.672091][ T4712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3336.856508][ T4712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3337.011497][ T4712] bond0 (unregistering): Released all slaves [ 3338.983380][ T4712] hsr_slave_0: left promiscuous mode [ 3339.123213][ T4712] hsr_slave_1: left promiscuous mode [ 3339.503252][ T4712] veth1_macvtap: left promiscuous mode [ 3339.535193][ T4712] veth0_macvtap: left promiscuous mode [ 3339.554823][ T4712] veth1_vlan: left promiscuous mode [ 3339.577011][ T4712] veth0_vlan: left promiscuous mode [ 3398.292349][ T4930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3399.257101][ T4930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3401.742617][ T4926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3402.061400][ T4926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3430.596115][ T4930] hsr_slave_0: entered promiscuous mode [ 3430.707821][ T4930] hsr_slave_1: entered promiscuous mode [ 3435.622176][ T4926] hsr_slave_0: entered promiscuous mode [ 3435.677315][ T4926] hsr_slave_1: entered promiscuous mode [ 3435.717098][ T4926] debugfs: 'hsr0' already exists in 'hsr' [ 3435.729668][ T4926] Cannot create hsr debugfs directory [ 3452.257316][ T4930] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3453.045983][ T4930] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3453.623386][ T4930] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3454.273507][ T4930] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3460.215744][ T4926] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 3460.971631][ T4926] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 3461.631176][ T4926] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 3462.085688][ T4926] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 3490.276584][ T4930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3497.742192][ T4926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3642.127467][ T4930] veth0_vlan: entered promiscuous mode [ 3643.231625][ T4930] veth1_vlan: entered promiscuous mode [ 3647.020727][ T4930] veth0_macvtap: entered promiscuous mode [ 3648.052478][ T4930] veth1_macvtap: entered promiscuous mode [ 3650.661644][ T4926] veth0_vlan: entered promiscuous mode [ 3653.202917][ T4926] veth1_vlan: entered promiscuous mode [ 3654.565245][ T4745] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3654.610328][ T4676] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3654.640035][ T4676] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3654.640933][ T4676] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3661.112090][ T4926] veth0_macvtap: entered promiscuous mode [ 3662.315803][ T4926] veth1_macvtap: entered promiscuous mode [ 3668.125293][ T3807] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3668.132427][ T3807] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3668.184709][ T3807] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3668.194027][ T3807] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3846.842144][ T3897] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3849.057550][ T3897] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3851.403187][ T3897] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3853.764747][ T3897] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3883.959829][ T3897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3884.383813][ T3897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3884.661901][ T3897] bond0 (unregistering): Released all slaves [ 3886.633351][ T3897] hsr_slave_0: left promiscuous mode [ 3886.792652][ T3897] hsr_slave_1: left promiscuous mode [ 3887.879222][ T3897] veth1_macvtap: left promiscuous mode [ 3887.880500][ T3897] veth0_macvtap: left promiscuous mode [ 3887.902479][ T3897] veth1_vlan: left promiscuous mode [ 3887.913337][ T3897] veth0_vlan: left promiscuous mode [ 3932.603088][ T3897] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3933.996992][ T3897] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3935.364587][ T3897] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3936.994468][ T3897] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3961.960453][ T3897] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3962.361528][ T3897] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3962.597555][ T3897] bond0 (unregistering): Released all slaves [ 3964.875504][ T3897] hsr_slave_0: left promiscuous mode [ 3964.989448][ T3897] hsr_slave_1: left promiscuous mode [ 3965.669495][ T3897] veth1_macvtap: left promiscuous mode [ 3965.672858][ T3897] veth0_macvtap: left promiscuous mode [ 3965.692401][ T3897] veth1_vlan: left promiscuous mode [ 3965.700330][ T3897] veth0_vlan: left promiscuous mode [ 4019.132531][ T5242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4019.534035][ T5242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4033.905204][ T5247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4034.375926][ T5247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4057.322986][ T5242] hsr_slave_0: entered promiscuous mode [ 4057.476670][ T5242] hsr_slave_1: entered promiscuous mode [ 4071.016290][ T5247] hsr_slave_0: entered promiscuous mode [ 4071.075721][ T5247] hsr_slave_1: entered promiscuous mode [ 4071.134598][ T5247] debugfs: 'hsr0' already exists in 'hsr' [ 4071.149686][ T5247] Cannot create hsr debugfs directory [ 4081.680791][ T5242] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 4083.106013][ T5242] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 4083.477290][ T5242] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 4084.737797][ T5242] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 4101.343929][ T5247] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 4101.973460][ T5247] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 4102.492516][ T5247] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 4103.092835][ T5247] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 4128.621535][ T5242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4141.132806][ T5247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4304.870807][ T5242] veth0_vlan: entered promiscuous mode [ 4305.972093][ T5242] veth1_vlan: entered promiscuous mode [ 4310.315767][ T5242] veth0_macvtap: entered promiscuous mode [ 4311.215249][ T5242] veth1_macvtap: entered promiscuous mode [ 4316.975365][ T2118] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4317.013738][ T35] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4317.072647][ T4751] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4317.084579][ T4751] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4319.096634][ T5247] veth0_vlan: entered promiscuous mode [ 4322.814378][ T5247] veth1_vlan: entered promiscuous mode [ 4330.902863][ T5247] veth0_macvtap: entered promiscuous mode [ 4332.031759][ T5247] veth1_macvtap: entered promiscuous mode [ 4337.650052][ T5424] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4337.652822][ T5424] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4337.655279][ T5424] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4337.656145][ T5424] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4561.132802][ T5513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4561.827565][ T5513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4584.195775][ T5519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4584.885948][ T5519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4626.456493][ T5513] hsr_slave_0: entered promiscuous mode [ 4626.625440][ T5513] hsr_slave_1: entered promiscuous mode [ 4626.677604][ T5513] debugfs: 'hsr0' already exists in 'hsr' [ 4626.751030][ T5513] Cannot create hsr debugfs directory [ 4656.324314][ T5519] hsr_slave_0: entered promiscuous mode [ 4656.417030][ T5519] hsr_slave_1: entered promiscuous mode [ 4656.560838][ T5519] debugfs: 'hsr0' already exists in 'hsr' [ 4656.601214][ T5519] Cannot create hsr debugfs directory [ 4704.871065][ T5513] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 4708.883068][ T5513] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 4713.250892][ T5513] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 4718.454755][ T5513] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 4735.295038][ T5519] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4735.953544][ T5519] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4736.607169][ T5519] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4737.309700][ T5519] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4774.512966][ T5513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4791.423850][ T5519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4805.746912][ T27] INFO: task syz.9.266:5500 blocked for more than 430 seconds. [ 4805.780598][ T27] Not tainted syzkaller #0 [ 4805.805995][ T27] Blocked by coredump. [ 4805.825245][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4805.833365][ T27] task:syz.9.266 state:D stack:0 pid:5500 tgid:5496 ppid:5247 task_flags:0x40044c flags:0x00000018 [ 4805.872908][ T27] Call trace: [ 4805.873458][ T27] __switch_to+0x584/0xb20 (T) [ 4805.875565][ T27] __schedule+0x1eec/0x33a4 [ 4805.876111][ T27] schedule+0xac/0x27c [ 4805.876583][ T27] schedule_timeout+0x5c/0x1e4 [ 4805.877084][ T27] do_wait_for_common+0x28c/0x444 [ 4805.877557][ T27] wait_for_completion+0x44/0x5c [ 4805.878042][ T27] __synchronize_srcu+0x2a4/0x320 SYZFAIL: failed to recv rpc [ 4806.050682][ T27] synchronize_srcu+0x3cc/0x4f0 [ 4806.079775][ T27] __mmu_notifier_release+0x424/0x614 [ 4806.080472][ T27] exit_mmap+0xbc/0xbbc [ 4806.080970][ T27] __mmput+0x10c/0x530 [ 4806.081511][ T27] mmput+0x70/0xac [ 4806.081984][ T27] exit_mm+0x158/0x258 [ 4806.082472][ T27] do_exit+0x788/0x2378 [ 4806.082972][ T27] do_group_exit+0x1d4/0x2ac [ 4806.083472][ T27] get_signal+0x1440/0x1554 [ 4806.083961][ T27] arch_do_signal_or_restart+0x23c/0x4d98 [ 4806.084493][ T27] exit_to_user_mode_loop+0x7c/0x178 [ 4806.084933][ T27] el0_svc+0x170/0x234 [ 4806.085453][ T27] el0t_64_sync_handler+0x84/0x12c [ 4806.085932][ T27] el0t_64_sync+0x198/0x19c fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4806.225862][ T27] [ 4806.225862][ T27] Showing all locks held in the system: [ 4806.243086][ T27] 1 lock held by khungtaskd/27: [ 4806.243678][ T27] #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 4806.246124][ T27] 2 locks held by kworker/u4:2/35: [ 4806.246518][ T27] #0: eaf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 4806.409968][ T27] #1: ffff80008caf7c88 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 4806.412030][ T27] 3 locks held by kworker/u4:6/2118: [ 4806.412423][ T27] 2 locks held by getty/3195: [ 4806.412722][ T27] #0: bdf00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 4806.414425][ T27] #1: 16ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 4806.416169][ T27] 1 lock held by sshd-session/3334: [ 4806.416500][ T27] 2 locks held by syz-executor/3335: [ 4806.416802][ T27] 2 locks held by kworker/u4:4/3391: [ 4806.417098][ T27] #0: eaf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 4806.581768][ T27] #1: ffff80008ff97c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 4806.583523][ T27] 3 locks held by kworker/u4:5/3392: [ 4806.583853][ T27] 3 locks held by kworker/u4:7/3807: [ 4806.584172][ T27] 2 locks held by kworker/u4:9/3882: [ 4806.584470][ T27] #0: eaf000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 4806.585987][ T27] #1: ffff80008cf07c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 4806.587635][ T27] 3 locks held by kworker/u4:1/4676: [ 4806.587954][ T27] 3 locks held by kworker/u4:3/4712: [ 4806.730398][ T27] 3 locks held by kworker/u4:10/4745: [ 4806.730873][ T27] 3 locks held by kworker/u4:0/4951: [ 4806.731271][ T27] 2 locks held by kworker/u4:14/5424: [ 4806.731592][ T27] 2 locks held by syz.8.265/5491: [ 4806.731910][ T27] 3 locks held by kworker/u4:15/5552: [ 4806.732269][ T27] 1 lock held by modprobe/5663: [ 4806.759816][ T27] [ 4806.760275][ T27] ============================================= [ 4806.760275][ T27] [ 4826.923470][ T27] INFO: task syz.9.266:5500 blocked for more than 451 seconds. [ 4826.924389][ T27] Not tainted syzkaller #0 [ 4826.925053][ T27] Blocked by coredump. [ 4826.925375][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4826.925634][ T27] task:syz.9.266 state:D stack:0 pid:5500 tgid:5496 ppid:5247 task_flags:0x40044c flags:0x00000018 [ 4826.926382][ T27] Call trace: [ 4826.926678][ T27] __switch_to+0x584/0xb20 (T) [ 4826.927223][ T27] __schedule+0x1eec/0x33a4 [ 4826.927701][ T27] schedule+0xac/0x27c [ 4827.030374][ T27] schedule_timeout+0x5c/0x1e4 [ 4827.046021][ T27] do_wait_for_common+0x28c/0x444 [ 4827.046771][ T27] wait_for_completion+0x44/0x5c [ 4827.047324][ T27] __synchronize_srcu+0x2a4/0x320 [ 4827.047849][ T27] synchronize_srcu+0x3cc/0x4f0 [ 4827.090203][ T27] __mmu_notifier_release+0x424/0x614 [ 4827.090820][ T27] exit_mmap+0xbc/0xbbc [ 4827.091313][ T27] __mmput+0x10c/0x530 [ 4827.091809][ T27] mmput+0x70/0xac [ 4827.092299][ T27] exit_mm+0x158/0x258 [ 4827.092758][ T27] do_exit+0x788/0x2378 [ 4827.093231][ T27] do_group_exit+0x1d4/0x2ac [ 4827.093692][ T27] get_signal+0x1440/0x1554 [ 4827.094198][ T27] arch_do_signal_or_restart+0x23c/0x4d98 [ 4827.094727][ T27] exit_to_user_mode_loop+0x7c/0x178 [ 4827.095209][ T27] el0_svc+0x170/0x234 [ 4827.095711][ T27] el0t_64_sync_handler+0x84/0x12c [ 4827.096223][ T27] el0t_64_sync+0x198/0x19c [ 4827.096864][ T27] [ 4827.096864][ T27] Showing all locks held in the system: [ 4827.097201][ T27] 1 lock held by khungtaskd/27: [ 4827.097522][ T27] #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 4827.251218][ T27] 2 locks held by kworker/u4:6/2118: [ 4827.251650][ T27] 1 lock held by klogd/3129: [ 4827.251966][ T27] 2 locks held by getty/3195: [ 4827.252325][ T27] #0: bdf00000120328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 4827.254121][ T27] #1: 16ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 4827.255921][ T27] 3 locks held by kworker/u4:1/4676: [ 4827.256325][ T27] 3 locks held by kworker/u4:14/5424: [ 4827.256637][ T27] 2 locks held by syz.8.265/5491: [ 4827.256964][ T27] 3 locks held by kworker/u4:16/5643: [ 4827.257349][ T27] [ 4827.257580][ T27] ============================================= [ 4827.257580][ T27]