last executing test programs: 1h6m11.37238075s ago: executing program 0 (id=174): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r1, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x19, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x1, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x100001, 0x12c, 0x0, 0x3, 0xa, 0x28, '\x00', 0x1, 0x80000000}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x7, 0xffffffffffffffff}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100016, &(0x7f0000000000)=0xe}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x3, &(0x7f0000000000)=0x400000000}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000100)=0x8010000000000001}) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) write$eventfd(r4, &(0x7f00000001c0)=0x3, 0x8e80) 1h6m10.761784855s ago: executing program 1 (id=175): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x4) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) r2 = syz_kvm_vgic_v3_setup(r0, 0x3, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000040)=@attr_riscv64=@attr_addr={0x0, 0x1, @imsic=0x5, &(0x7f0000000000)=0xffffffffffffffff}) r3 = eventfd2(0x7, 0x80002) write$eventfd(r3, &(0x7f0000000080)=0x5, 0x8) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x0) eventfd2(0x9ab7, 0x1) ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f00000000c0)={0x1, 0xffffffffffff7fff}) r4 = eventfd2(0x81, 0x81001) write$eventfd(r4, &(0x7f0000000100)=0x5, 0x8) r5 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x4) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x2, 0x2, &(0x7f0000000140)=0x4}) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000480)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df78, 0x10000}}, @uexit={0x0, 0x18, 0x3}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0x84000004, [0x5, 0x0, 0x20000000, 0xf, 0x1]}}, @eret={0xe6, 0x18, 0x2122490b}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x34d}}, @mrs={0xbe, 0x18, {0x603000000013c3a0}}, @memwrite={0x6e, 0x30, @generic={0x60000, 0x711, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013e518}}, @eret={0xe6, 0x18, 0x8}, @smc={0x1e, 0x40, {0xc4000014, [0x4, 0x6, 0x4, 0x9, 0x5]}}, @svc={0x122, 0x40, {0x10, [0x2, 0x9, 0xffffffffffffffff, 0x6]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x16a}}, @uexit={0x0, 0x18, 0x7}, @svc={0x122, 0x40, {0x80007fff, [0x101, 0xec, 0x8, 0x0, 0xc8]}}, @smc={0x1e, 0x40, {0x4000, [0x8, 0x7, 0x7, 0xff, 0xffffffffffffffff]}}], 0x288}, &(0x7f00000004c0)=[@featur2={0x1, 0xa9}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2d) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000a40)={0x0, &(0x7f0000000500)=[@eret={0xe6, 0x18, 0xb}, @uexit={0x0, 0x18, 0x5}, @hvc={0x32, 0x40, {0x40000000, [0x6, 0x2, 0x7, 0x1418000000000000]}}, @uexit={0x0, 0x18, 0xfff}, @mrs={0xbe, 0x18, {0x603000000013deb1}}, @hvc={0x32, 0x40, {0x84000050, [0x81, 0x100000000, 0x1, 0x0, 0x4]}}, @memwrite={0x6e, 0x30, @generic={0x2, 0xb1b, 0x5, 0x6}}, @mrs={0xbe, 0x18, {0x603000000013c4f6}}, @msr={0x14, 0x20, {0x603000000013c602, 0xac}}, @irq_setup={0x46, 0x18, {0x0, 0x3ad}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x1, 0xf, 0x3d46, 0x7}}, @msr={0x14, 0x20, {0x603000000013c02d, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x6, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0xfffffffffffffe00}}, @msr={0x14, 0x20, {0x603000000013c2a0}}, @hvc={0x32, 0x40, {0x46000001, [0x858, 0xd, 0xffffffffffffffff, 0x1253, 0x5]}}, @svc={0x122, 0x40, {0xc700ff70, [0x6, 0x51a, 0x7, 0x8000000000000000, 0x6]}}, @svc={0x122, 0x40, {0x84000005, [0x3, 0x8001, 0x6, 0x6, 0xffffffff]}}, @hvc={0x32, 0x40, {0x18f000080, [0xfffffffffffffffb, 0x9, 0x7, 0x0, 0x100]}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x381}}, @smc={0x1e, 0x40, {0x84008005, [0xfffffffffffffffa, 0x200, 0x4, 0x7]}}, @irq_setup={0x46, 0x18, {0x0, 0x216}}, @hvc={0x32, 0x40, {0xc5000021, [0xe, 0xa4b1, 0x3ff, 0x6, 0x80]}}, @hvc={0x32, 0x40, {0x32000000, [0x7ff, 0x10000000000000, 0x9, 0x2, 0xbe]}}, @code={0xa, 0x9c, {"809b96d20080b8f2a10180d2820080d2830180d2a40180d2020000d4c0b696d200a0b0f2010180d2020180d2430080d2240180d2020000d4007008d50020c09a007008d5007008d5000008d560769bd200a0b8f2810180d2220180d2630080d2040180d2020000d4008008d5208496d20020b0f2a10080d2220080d2630080d2e40080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013bce5, 0x8}}, @msr={0x14, 0x20, {0x603000000013c64a, 0x2}}], 0x504}, &(0x7f0000000a80)=[@featur2={0x1, 0x54}], 0x1) r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000ac0)={0x66e8, 0xfff}) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000b00)={0x4, 0x1, 0x58000, 0x2000, &(0x7f0000f81000/0x2000)=nil, 0x10001, r9}) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) r10 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f0000000bc0)={0xa, 0x0, [{0x0, 0x3, 0x1, 0x0, @sint={0xa, 0x7}}, {0x7ff0000, 0x3, 0x1, 0x0, @irqchip={0x9, 0x9}}, {0x6, 0x5, 0x0, 0x0, @irqchip={0x3, 0x5}}, {0x2, 0x5, 0x0, 0x0, @irqchip={0x17cd39c7, 0xfffffaa3}}, {0x8, 0x3, 0x0, 0x0, @adapter={0x100000000, 0x2, 0x0, 0x7, 0x800}}, {0x1, 0x3, 0x0, 0x0, @msi={0x8000, 0x0, 0x7, 0x3}}, {0x101, 0x2, 0x0, 0x0, @sint={0x5, 0x5}}, {0x7, 0x2, 0x0, 0x0, @sint={0x1000}}, {0x8000, 0x2, 0x1, 0x0, @adapter={0xf683, 0x6, 0x1cd36433, 0x400, 0xd}}, {0x1, 0x2, 0x0, 0x0, @msi={0x2, 0xdb0, 0x52, 0x6}}]}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000dc0)={0x5, 0x6000, 0x8, r5, 0x5}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000e40)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x1, &(0x7f0000000e00)=0x8}) 1h6m1.745152202s ago: executing program 1 (id=176): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x80000000000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xa) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r5, 0x400454ca, 0x110c23001c) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f0000000040)={0xfffffffd, 0x101, 0xffff}) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000240)=@attr_other={0x0, 0x3, 0x7fff, &(0x7f0000000180)=0x800000000000}) ioctl$KVM_CREATE_VM(r8, 0x401054d5, 0x10000000000000) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r11, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000300)={0x8001, 0x55e}}) r12 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffd}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x717323a3d33cf0cd, 0x0) ioctl$KVM_SET_MP_STATE(r14, 0x4004ae99, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x2, 0x8, 0x200000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) 1h5m57.36494014s ago: executing program 0 (id=177): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x2, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_ccsidr={0x60a0000000110007, &(0x7f0000000240)=0x9}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, r6, 0x1, 0x2012, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013dce6}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0xb0}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2c) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r14, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010004a, 0x0}) r15 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) r17 = syz_kvm_setup_syzos_vm$arm64(r16, &(0x7f0000c00000/0x400000)=nil) r18 = syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r18, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000940)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000000980)=[@featur2={0x1, 0x10}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1h5m49.552515554s ago: executing program 1 (id=178): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) syz_kvm_setup_cpu$arm64(r1, 0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r3 = eventfd2(0x7, 0x80000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1ff, 0x2, 0x30000, 0x2000, &(0x7f0000000000/0x2000)=nil}) close(r3) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x4, 0x1, 0x0}) 1h5m46.804167919s ago: executing program 0 (id=179): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r6 = syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_other={0x0, 0x5, 0x78, &(0x7f00000003c0)=0x5}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x19, 0x9b, 0xf, 0x0, 0x5, 0x8, 0x82, 0x1, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x100001, 0x12c, 0x0, 0x3, 0xa, 0x28, '\x00', 0x1, 0x80000000}) write$eventfd(r7, &(0x7f00000001c0)=0x3, 0x8e80) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f0000000080)=[@mrs={0xbe, 0x18, {0x6030000000138032}}], 0x18}, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x200, 0x0) r14 = ioctl$KVM_CREATE_GUEST_MEMFD(r13, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r13, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x100000000000000, r14}) close(r13) close(r14) ioctl$KVM_RUN(r11, 0xae80, 0x0) 1h5m41.640630772s ago: executing program 1 (id=180): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000b7b000/0x400000)=nil) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x26) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000b7b000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013e66a, &(0x7f00000003c0)=0x1101001001111110}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfe000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x7fffd, 0x10000, 0x20, 0x0, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000240)={0xb, 0xffffffffffffffff}) r9 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) r12 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f0000000300)="fb4149dd033b8986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67525673312b01040000000000002627e7000000000000000200", 0x0, 0xfffffffffffffe73) mmap$KVM_VCPU(&(0x7f0000fa2000/0x2000)=nil, 0x0, 0x2, 0x80010, r11, 0x0) r13 = eventfd2(0x2, 0x80001) close(r13) r14 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000840)=[@hvc={0x32, 0x40, {0xc4000014, [0x0, 0x8c, 0x7, 0xfffffffffffffffc, 0x7]}}, @hvc={0x32, 0x40, {0x84000002, [0x1, 0x14, 0x7ff000000000, 0x2ab, 0x8]}}, @eret={0xe6, 0x18, 0x4}, @hvc={0x32, 0x40, {0x84000014, [0x8001, 0x9, 0x0, 0x6, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x2, 0x8, 0x0, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0x4, 0xfffffffd, 0x4, 0x4}}, @svc={0x122, 0x40, {0x84000001, [0xffffffff, 0xf81, 0x2a1eb6bc, 0x6, 0xfffffffffffffff6]}}, @irq_setup={0x46, 0x18, {0x4, 0x3d1}}, @irq_setup={0x46, 0x18, {0x3, 0x366}}, @smc={0x1e, 0x40, {0x20, [0x9, 0x7, 0xfffffffffffffbff, 0x7, 0x2]}}, @msr={0x14, 0x20, {0x603000000013def9, 0x2}}, @code={0xa, 0x54, {"000028d5007008d50040671e001ce00e007008d500c0271e004c207e000028d50084ff0d80388ed20040b0f2a10180d2a20180d2e30180d2a40180d2020000d4"}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x32}}, @irq_setup={0x46, 0x18, {0x3, 0x22d}}, @svc={0x122, 0x40, {0x3000000, [0x800, 0x2, 0x7f, 0x7c2592ec, 0x2]}}, @smc={0x1e, 0x40, {0x80000000, [0x80000001, 0x1, 0x7fffffff, 0x9, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0x16, 0x0, 0x0, 0x8, 0x401, 0x8, 0x3}}, @its_send_cmd={0xaa, 0x0, {0x5, 0x0, 0x2, 0x10, 0x80000001, 0x5, 0x2}}, @eret={0xe6, 0x18, 0x2}, @eret={0xe6, 0x18, 0x3}, @uexit={0x0, 0x18, 0x5}, @code={0xa, 0x6c, {"000000a8e0aa83d20000b8f2810180d2e20180d2630080d2040180d2020000d4007008d5203f9cd20040b0f2e10080d2020080d2e30180d2640080d2020000d4000080920080401f007008d5000028d5000028d5007008d5"}}, @mrs={0xbe, 0x18, {0x6030000000138065}}], 0x428}, 0x0, 0x34) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0) mmap$KVM_VCPU(&(0x7f0000e7b000/0x4000)=nil, r15, 0x0, 0x10, r4, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) write$eventfd(r13, &(0x7f0000000000)=0x8000000000000, 0x8) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1h5m35.555109719s ago: executing program 0 (id=181): mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x810, r4, 0x0) ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f00000000c0)={0x3765, 0x3}) r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0x8400000f, [0x101, 0x2, 0x7, 0x6, 0x6]}}], 0x40}, &(0x7f0000000080)=[@featur2={0x1, 0xa}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x25) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) 1h5m26.958357999s ago: executing program 1 (id=182): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x163800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c0c000/0x2000)=nil, 0x930, 0x1000002, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r4, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) 1h5m21.934913671s ago: executing program 0 (id=183): munmap$KVM_VCPU(0x0, 0x1000000000) (async) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x40) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) r5 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800009, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb04c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000180)={0x101ff, 0x4, 0x6000, 0x1000, &(0x7f0000dbe000/0x1000)=nil, 0x100000000000000}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f00000002c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xfffffffffffffffb}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r4, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0x801c581f, 0x0) (async) r12 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000cbd000/0x1000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async) ioctl$KVM_SET_SIGNAL_MASK(r12, 0x4004ae8b, &(0x7f0000000000)) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000180)=@attr_riscv64=@attr_aplic={0x0, 0x1, @valid=0x100, &(0x7f0000000100)=0xb2}) (async) ioctl$KVM_CREATE_DEVICE(r14, 0xc00caee0, 0x0) 1h5m18.30020024s ago: executing program 1 (id=184): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r5, 0x1, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r5, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async) 1h5m15.503130364s ago: executing program 0 (id=185): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x161681, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8000000000) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000b00)=[@hvc={0x32, 0x40, {0x40000005, [0x6, 0x9c5c00000000000, 0xa5, 0x8000000000000000, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xb0, 0x7, 0x3}}, @uexit={0x0, 0x18, 0x9}, @code={0xa, 0xb4, {"0080800800ef94d20000b0f2c10080d2220180d2030180d2240180d2020000d4000040b820e595d20060b8f2410080d2c20180d2430180d2840080d2020000d40000601f005887d20060b0f2410180d2a20080d2830180d2240080d2020000d4003799d20060b0f2010180d2620080d2830080d2440080d2020000d4e01f92d20040b8f2810180d2820080d2430080d2840080d2020000d400d8210e007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x3, 0xfffffff8, 0x2, 0x2}}, @smc={0x1e, 0x40, {0xc4000003, [0x1ff, 0x37a0, 0x2, 0x96, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x1, 0x0, 0x8, 0x4}}, @msr={0x14, 0x20, {0x6030000000138055, 0x3ff}}, @hvc={0x32, 0x40, {0x84000007, [0x2, 0x4, 0x80000001, 0x8, 0xaa9]}}, @uexit={0x0, 0x18, 0x10001}, @irq_setup={0x46, 0x18, {0x3, 0xf5}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x332}}, @hvc={0x32, 0x40, {0x80000000, [0x8, 0x7, 0x80, 0x4cfa, 0x9]}}, @smc={0x1e, 0x40, {0x2000000, [0x6, 0xffffffffffffffe6, 0xffffffffffffffff, 0xc, 0x9]}}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x7}, @svc={0x122, 0x40, {0x8400000e, [0x40, 0x2, 0x7, 0x5d, 0x5]}}, @mrs={0xbe, 0x18}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x8f, 0x6, 0xc}}, @eret={0xe6, 0x18, 0x10000}], 0x3ec}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_fw={0x6030000000140003, &(0x7f0000000280)=0x9}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) (async) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xeeee8000, 0xe58, 0x2, 0x4}}], 0x58}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000140)={0x41000, 0xd000, 0x5, 0x1, 0x2f5}) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x7, &(0x7f0000000340)=0x8}) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x8000000000000000) ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x7}) ioctl$KVM_PPC_ALLOCATE_HTAB(r8, 0xc004aea7, &(0x7f0000000240)=0x6) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1h4m31.744472967s ago: executing program 32 (id=184): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r5, 0x1, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r5, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async) 1h4m28.162542358s ago: executing program 33 (id=185): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x161681, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8000000000) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000b00)=[@hvc={0x32, 0x40, {0x40000005, [0x6, 0x9c5c00000000000, 0xa5, 0x8000000000000000, 0x8]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xb0, 0x7, 0x3}}, @uexit={0x0, 0x18, 0x9}, @code={0xa, 0xb4, {"0080800800ef94d20000b0f2c10080d2220180d2030180d2240180d2020000d4000040b820e595d20060b8f2410080d2c20180d2430180d2840080d2020000d40000601f005887d20060b0f2410180d2a20080d2830180d2240080d2020000d4003799d20060b0f2010180d2620080d2830080d2440080d2020000d4e01f92d20040b8f2810180d2820080d2430080d2840080d2020000d400d8210e007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x3, 0xfffffff8, 0x2, 0x2}}, @smc={0x1e, 0x40, {0xc4000003, [0x1ff, 0x37a0, 0x2, 0x96, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x1, 0x0, 0x8, 0x4}}, @msr={0x14, 0x20, {0x6030000000138055, 0x3ff}}, @hvc={0x32, 0x40, {0x84000007, [0x2, 0x4, 0x80000001, 0x8, 0xaa9]}}, @uexit={0x0, 0x18, 0x10001}, @irq_setup={0x46, 0x18, {0x3, 0xf5}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x332}}, @hvc={0x32, 0x40, {0x80000000, [0x8, 0x7, 0x80, 0x4cfa, 0x9]}}, @smc={0x1e, 0x40, {0x2000000, [0x6, 0xffffffffffffffe6, 0xffffffffffffffff, 0xc, 0x9]}}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18}, @uexit={0x0, 0x18, 0x7}, @svc={0x122, 0x40, {0x8400000e, [0x40, 0x2, 0x7, 0x5d, 0x5]}}, @mrs={0xbe, 0x18}, @memwrite={0x6e, 0x30, @generic={0xeeef0000, 0x8f, 0x6, 0xc}}, @eret={0xe6, 0x18, 0x10000}], 0x3ec}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_fw={0x6030000000140003, &(0x7f0000000280)=0x9}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) (async) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xeeee8000, 0xe58, 0x2, 0x4}}], 0x58}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000140)={0x41000, 0xd000, 0x5, 0x1, 0x2f5}) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0x7, &(0x7f0000000340)=0x8}) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x8000000000000000) ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x8, &(0x7f00000000c0)=0x7}) ioctl$KVM_PPC_ALLOCATE_HTAB(r8, 0xc004aea7, &(0x7f0000000240)=0x6) ioctl$KVM_RUN(r10, 0xae80, 0x0) 10m5.968226233s ago: executing program 2 (id=588): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r7 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000340)={0x1a64afb6, 0x8000000, 0x4, r7, 0x5}) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013df61, 0x7}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x2000, &(0x7f0000ecf000/0x2000)=nil}) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 10m2.59583669s ago: executing program 3 (id=589): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x220720, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0xc1, 0xf, 0x0, 0x5, 0x6, 0x86, 0xfe, 0x0, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x93c, 0x23, 0x3, 0x4, 0x8, '\x00', 0x3, 0x8093}) (async) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0xc1, 0xf, 0x0, 0x5, 0x6, 0x86, 0xfe, 0x0, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x93c, 0x23, 0x3, 0x4, 0x8, '\x00', 0x3, 0x8093}) write$eventfd(r8, &(0x7f00000001c0)=0x3, 0xfdef) syz_kvm_setup_cpu$arm64(r7, r6, &(0x7f0000ad3000/0x400000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x33}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0x0) 9m51.735555542s ago: executing program 2 (id=590): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x80) (async, rerun: 32) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3c) (rerun: 32) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240000, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x80111500, 0x800000000039) ioctl$KVM_CREATE_VM(r3, 0x5761, 0x2000001c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x4000000000009) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) (async) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000040)=0xe0a7}) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x23) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x5) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x10003, 0x4, 0xffff1000, 0x2000, &(0x7f0000d7a000/0x2000)=nil}) (async, rerun: 64) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000ff1000/0x3000)=nil, r11, 0x7, 0x40010, r9, 0x0) (async, rerun: 32) ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110e02ffff) (rerun: 32) 9m49.742275127s ago: executing program 3 (id=591): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x9000000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x6, 0x4, &(0x7f0000000000)=0x6}) ioctl$KVM_SET_SREGS(r3, 0x4000ae84, 0xffffffffffffffff) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 9m34.635843684s ago: executing program 3 (id=592): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xb701, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xb701, 0xfffffffffffffffe) (async) ioctl$KVM_CREATE_VCPU(r4, 0xb701, 0xfffffffffffffffe) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f00000002c0)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x4, 0x397}}, @eret={0xe6, 0x18, 0xd3b}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0x2, 0x80000001, 0x101}}, @code={0xa, 0x6c, {"007008d500a8215e0040611ec02a94d20060b0f2c10180d2020080d2630180d2a40180d2020000d4007008d50000409b000008d5007008d520c495d20000b0f2810180d2220080d2e30180d2a40180d2020000d400c8217e"}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x1a0}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x326}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x80, 0x8, 0xc}}], 0x144}, &(0x7f0000000300)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013c000}) 9m33.562651661s ago: executing program 2 (id=593): openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x5, 0xffffffffffffffff, 0x1}) (async, rerun: 32) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 32) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async, rerun: 64) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (rerun: 64) syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000b80)={0x0, &(0x7f0000000080)=[@hvc={0x32, 0x0, {0x84000001, [0x9, 0x8, 0x5, 0x603c8354, 0x200]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000000)={0x0, 0x100}) (async) ioctl$KVM_RUN(r10, 0xae80, 0x0) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) (async, rerun: 32) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) (rerun: 32) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8}) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x10}) (async) eventfd2(0x0, 0x0) 9m20.894689849s ago: executing program 3 (id=594): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x5, 0xe, 0x0, 0x20000080, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000200)={0x3, "e0b52f"}) (async) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x7}) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) write$eventfd(0xffffffffffffffff, &(0x7f0000000280)=0x59f, 0x8) r8 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x1, 0x3, 0x8, 0x6}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x0, 0xf, 0x1, 0x6, 0x2}}, @msr={0x14, 0x20, {0x603000000013c208, 0x9}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x2, 0x9, 0xff, 0x6, 0x4}}, @uexit={0x0, 0x18, 0x599}], 0xb0}, 0x0, 0x0) (async, rerun: 32) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) (rerun: 32) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x11) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}, 0x0, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r15, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x2, 0x8000000, 0x2000, &(0x7f0000ecf000/0x2000)=nil}) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 9m13.436531403s ago: executing program 2 (id=595): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r3, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r7, 0x5452, 0x2000fdfd) r8 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r4, r8, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000b4a000/0x2000)=nil, 0x930, 0x280000f, 0x11, r9, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r3, r6, 0xfffffffffffffffe) 9m0.733107875s ago: executing program 3 (id=596): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x25) r4 = eventfd2(0x1, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4, 0xb, 0x2, r4}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000380)}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) eventfd2(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000300)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000580)={0x2, 0x1}) 9m0.385265293s ago: executing program 2 (id=597): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x468400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) (async, rerun: 64) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) (rerun: 64) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bfe000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xb0, 0x0, 0x5}}], 0x30}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2a) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_other={0x0, 0x56, 0x2, &(0x7f0000000140)=0x8}) r11 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r12, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) (async) ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0xf3) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) write$eventfd(r1, &(0x7f0000000000), 0xfffffdef) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x100000f, 0x4010, 0xffffffffffffffff, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0) 8m49.561640906s ago: executing program 3 (id=598): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2c2200, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x2, 0x80010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="2559c47b2738e56145ef377f5a5ed843d2aa68e0e74c6240b65bfd2f2e85fe1851da61b449248fd8b88e6a3042b7dca719df20f5d37d51dcc8c4f198ed36329994fd01b853b8f69c", 0x0, 0x48) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x30) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x5, 0x4, 0x3000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000700)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x0, 0x21c}}, @code={0xa, 0xe4, {"1820201e203b8dd200a0b8f2c10180d2820180d2e30080d2240180d2020000d4c0ae9dd20060b8f2a10180d2620180d2230080d2c40180d2020000d4c0a98ed200e0b0f2610080d2620080d2430180d2040180d2020000d4000008d580948bd200c0b8f2e10080d2c20180d2430180d2840080d2020000d40084006f00b092d20020b0f2a10180d2c20180d2a30080d2640180d2020000d460368dd200c0b0f2810180d2420080d2630180d2840080d2020000d4a0489ed200c0b8f2610180d2c20180d2030080d2e40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x200, 0x100000000, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0xa, 0xf, 0x1000, 0x4}}, @code={0xa, 0x9c, {"205996d200e0b8f2e10080d2c20180d2430080d2a40180d2020000d45f2003d5401098d20060b0f2210180d2620080d2230080d2a40180d2020000d4e0519dd200e0b8f2e10180d2020180d2e30080d2640180d2020000d4405796d20020b8f2410180d2220080d2e30180d2040180d2020000d400dc202e0060200e0024007f000c202e0008a038"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x6, 0x8}}, @uexit={0x0, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013e609, 0x40}}, @hvc={0x32, 0x40, {0xc5000020, [0x80000001, 0xaf0, 0x0, 0x1, 0x2]}}, @irq_setup={0x46, 0x18, {0x3, 0xcd}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0xfffffffc, 0x1, 0x2}}, @smc={0x1e, 0x40, {0x84000051, [0x3, 0x80000000, 0x4, 0xca, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x3, 0x1}}, @hvc={0x32, 0x40, {0xc4000005, [0x0, 0xfffffffffffffffc, 0x3, 0x1, 0x4]}}, @eret={0xe6, 0x18, 0x100000001}, @code={0xa, 0x84, {"007008d50000581e007008d5a01281d20060b0f2810180d2e20080d2630180d2e40180d2020000d4007008d540e98dd20040b0f2c10080d2c20080d2a30080d2040180d2020000d41f000031007008d5000008d5a00593d20020b0f2a10180d2e20180d2030080d2c40180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x3, 0x10, 0x4, 0x7, 0x4}}, @svc={0x122, 0x40, {0xffff, [0xfffffffffffffff0, 0x100, 0x2, 0x100000000, 0x90db]}}, @uexit={0x0, 0x18, 0xfffffffffffffd1a}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x0, 0xfffffffffffffff4, 0x1}}, @smc={0x1e, 0x40, {0x84000013, [0x5, 0x4, 0x0, 0x200, 0x6]}}, @smc={0x1e, 0x40, {0x400, [0x5, 0x100, 0xc54, 0x94, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xa000, 0x52d, 0x7, 0x2}}], 0x5b4}, &(0x7f0000000740)=[@featur1={0x1, 0x30}], 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async, rerun: 64) syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000900)=[{0x0, &(0x7f0000000780)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x2, 0xe44, 0x2, 0xf}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x1fa}}, @uexit={0x0, 0x18, 0x1}, @code={0xa, 0x54, {"007008d50000206b007008d500fc009b007008d50070204e607b95d200e0b8f2410080d2820180d2830080d2640180d2020000d4000008d51004201e00006088"}}, @svc={0x122, 0x40, {0xc4000053, [0x8001, 0x2000000000000, 0x3a, 0x4, 0x7]}}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013dea3, 0x1}}], 0x16c}], 0x1, 0x0, &(0x7f0000000940)=[@featur2={0x1, 0xe9}], 0x1) (async, rerun: 64) r8 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece) mmap$KVM_VCPU(&(0x7f0000ec8000/0x9000)=nil, r7, 0x1000000, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000980)="af5fab380786f25957447fb34c653a5efc199a86e6328b941c4b3af98b69901894d6bf5e2772df191343b0e520c9280e4e354022dd0236491b293ce6bd671fc50918277b2d446287", 0x0, 0x48) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000a00)={0x5, 0xffffffffffffffff, 0x1}) (async, rerun: 64) ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000a40)={0x80, 0x1}) (async) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async, rerun: 64) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000ac0)=@riscv64_smstateen_csr={0x0, &(0x7f0000000a80)=0x51}) (async, rerun: 64) openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x10881, 0x0) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000b40), 0x200, 0x0) (rerun: 32) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000b80)={0x1, 0x0, [{0x6, 0x4, 0x0, 0x0, @msi={0x3ff, 0xa, 0xf2, 0x8}}]}) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000bc0)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, &(0x7f0000000c00)=@attr_pmu_init) (async) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r11 = ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece) mmap$KVM_VCPU(&(0x7f0000c5f000/0x4000)=nil, r1, 0x4, 0x10, r11, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000c80)=@attr_arm64={0x0, 0x2, 0x5, &(0x7f0000000c40)=0x7}) (async) r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1b) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) 8m43.597156542s ago: executing program 2 (id=599): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f0000000080)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0x4000ae8d, 0x0) 8m2.73301363s ago: executing program 34 (id=598): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2c2200, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r1, 0x2, 0x80010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="2559c47b2738e56145ef377f5a5ed843d2aa68e0e74c6240b65bfd2f2e85fe1851da61b449248fd8b88e6a3042b7dca719df20f5d37d51dcc8c4f198ed36329994fd01b853b8f69c", 0x0, 0x48) (async) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x30) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x5, 0x4, 0x3000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000700)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x0, 0x21c}}, @code={0xa, 0xe4, {"1820201e203b8dd200a0b8f2c10180d2820180d2e30080d2240180d2020000d4c0ae9dd20060b8f2a10180d2620180d2230080d2c40180d2020000d4c0a98ed200e0b0f2610080d2620080d2430180d2040180d2020000d4000008d580948bd200c0b8f2e10080d2c20180d2430180d2840080d2020000d40084006f00b092d20020b0f2a10180d2c20180d2a30080d2640180d2020000d460368dd200c0b0f2810180d2420080d2630180d2840080d2020000d4a0489ed200c0b8f2610180d2c20180d2030080d2e40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x200, 0x100000000, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x1, 0xa, 0xf, 0x1000, 0x4}}, @code={0xa, 0x9c, {"205996d200e0b8f2e10080d2c20180d2430080d2a40180d2020000d45f2003d5401098d20060b0f2210180d2620080d2230080d2a40180d2020000d4e0519dd200e0b8f2e10180d2020180d2e30080d2640180d2020000d4405796d20020b8f2410180d2220080d2e30180d2040180d2020000d400dc202e0060200e0024007f000c202e0008a038"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff8, 0x6, 0x8}}, @uexit={0x0, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013e609, 0x40}}, @hvc={0x32, 0x40, {0xc5000020, [0x80000001, 0xaf0, 0x0, 0x1, 0x2]}}, @irq_setup={0x46, 0x18, {0x3, 0xcd}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x6, 0xfffffffc, 0x1, 0x2}}, @smc={0x1e, 0x40, {0x84000051, [0x3, 0x80000000, 0x4, 0xca, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0x3, 0x1}}, @hvc={0x32, 0x40, {0xc4000005, [0x0, 0xfffffffffffffffc, 0x3, 0x1, 0x4]}}, @eret={0xe6, 0x18, 0x100000001}, @code={0xa, 0x84, {"007008d50000581e007008d5a01281d20060b0f2810180d2e20080d2630180d2e40180d2020000d4007008d540e98dd20040b0f2c10080d2c20080d2a30080d2040180d2020000d41f000031007008d5000008d5a00593d20020b0f2a10180d2e20180d2030080d2c40180d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x3, 0x10, 0x4, 0x7, 0x4}}, @svc={0x122, 0x40, {0xffff, [0xfffffffffffffff0, 0x100, 0x2, 0x100000000, 0x90db]}}, @uexit={0x0, 0x18, 0xfffffffffffffd1a}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x0, 0xfffffffffffffff4, 0x1}}, @smc={0x1e, 0x40, {0x84000013, [0x5, 0x4, 0x0, 0x200, 0x6]}}, @smc={0x1e, 0x40, {0x400, [0x5, 0x100, 0xc54, 0x94, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0xa000, 0x52d, 0x7, 0x2}}], 0x5b4}, &(0x7f0000000740)=[@featur1={0x1, 0x30}], 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async, rerun: 64) syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000900)=[{0x0, &(0x7f0000000780)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x2, 0xe44, 0x2, 0xf}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x1fa}}, @uexit={0x0, 0x18, 0x1}, @code={0xa, 0x54, {"007008d50000206b007008d500fc009b007008d50070204e607b95d200e0b8f2410080d2820180d2830080d2640180d2020000d4000008d51004201e00006088"}}, @svc={0x122, 0x40, {0xc4000053, [0x8001, 0x2000000000000, 0x3a, 0x4, 0x7]}}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013dea3, 0x1}}], 0x16c}], 0x1, 0x0, &(0x7f0000000940)=[@featur2={0x1, 0xe9}], 0x1) (async, rerun: 64) r8 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece) mmap$KVM_VCPU(&(0x7f0000ec8000/0x9000)=nil, r7, 0x1000000, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000980)="af5fab380786f25957447fb34c653a5efc199a86e6328b941c4b3af98b69901894d6bf5e2772df191343b0e520c9280e4e354022dd0236491b293ce6bd671fc50918277b2d446287", 0x0, 0x48) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000a00)={0x5, 0xffffffffffffffff, 0x1}) (async, rerun: 64) ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000a40)={0x80, 0x1}) (async) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async, rerun: 64) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000ac0)=@riscv64_smstateen_csr={0x0, &(0x7f0000000a80)=0x51}) (async, rerun: 64) openat$kvm(0xffffffffffffff9c, &(0x7f0000000b00), 0x10881, 0x0) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000b40), 0x200, 0x0) (rerun: 32) ioctl$KVM_SET_GSI_ROUTING(r4, 0x4008ae6a, &(0x7f0000000b80)={0x1, 0x0, [{0x6, 0x4, 0x0, 0x0, @msi={0x3ff, 0xa, 0xf2, 0x8}}]}) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000bc0)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, &(0x7f0000000c00)=@attr_pmu_init) (async) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r11 = ioctl$KVM_GET_STATS_FD_vm(r9, 0xaece) mmap$KVM_VCPU(&(0x7f0000c5f000/0x4000)=nil, r1, 0x4, 0x10, r11, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000c80)=@attr_arm64={0x0, 0x2, 0x5, &(0x7f0000000c40)=0x7}) (async) r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1b) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) 7m54.845667529s ago: executing program 35 (id=599): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x29) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f0000000080)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0x4000ae8d, 0x0) 1m4.651790198s ago: executing program 4 (id=600): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve={0x6080000000150120, 0x0}) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x10}) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x40000000000001, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x80000, 0xf, 0x0, 0x9, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x80) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, &(0x7f0000000000)=@attr_pmu_init) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000240)=0x8080000}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap$KVM_VCPU(0x0, 0x1000000000) ioctl$KVM_RUN(r9, 0xae80, 0x0) 51.811996017s ago: executing program 5 (id=601): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x19) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x7}) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x0, 0x6000, 0x0, r3}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x8}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000000)={0x6000, 0x0, 0x0, 0x1, 0x20000000}) r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f00000007c0)=@riscv64_smstateen_csr={0x8030000003020000, &(0x7f0000000780)=0x6}) r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000aa8000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000700)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x7, 0xc0, 0x3, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c288}}, @irq_setup={0x46, 0x18, {0x3, 0x227}}, @uexit={0x0, 0x18, 0x100000000}, @eret={0xe6, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0x1fa}}, @svc={0x122, 0x40, {0x1000, [0x5c0, 0x2, 0xffffffff8a17fd62, 0x904, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0x5, 0x42c, 0xffffffff, 0x2}}, @hvc={0x32, 0x40, {0xc4000003, [0x40, 0x8232, 0x9, 0x71, 0xfe24]}}, @mrs={0xbe, 0x18, {0x603000000013dea1}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x301}}, @code={0xa, 0xb4, {"002c8dd20020b8f2810080d2420180d2830180d2a40080d2020000d40040201ee0079f1a00c8217e007008d5c0188bd200a0b0f2010180d2c20180d2030180d2440080d2020000d400a783d20040b0f2210080d2e20080d2830080d2c40180d2020000d400d882d200e0b8f2a10080d2820080d2230080d2a40080d2020000d4000028d580d780d200a0b8f2210180d2220080d2e30080d2040180d2020000d4"}}, @hvc={0x32, 0x40, {0x8000, [0x1, 0x81, 0x4, 0x7, 0x7f]}}, @svc={0x122, 0x40, {0x800, [0x2, 0xfffffffffffffff8, 0x8, 0x1, 0x7]}}, @hvc={0x32, 0x40, {0x40000000, [0x8, 0x0, 0x2, 0x8, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x2be}}, @eret={0xe6, 0x18, 0x200}, @smc={0x1e, 0x40, {0x8600ff01, [0xf, 0x5, 0x100000000, 0xe, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013df56}}, @irq_setup={0x46, 0x18, {0x2, 0x225}}, @msr={0x14, 0x20, {0x603000000013def6, 0xa}}, @msr={0x14, 0x20, {0x603000000013c288, 0x4}}, @hvc={0x32, 0x40, {0x3f000000, [0x0, 0x8, 0x0, 0xaf, 0x8b67]}}, @hvc={0x32, 0x40, {0xc400000d, [0x9d0, 0x8000, 0xb, 0x13, 0x8]}}, @hvc={0x32, 0x40, {0x10, [0x6, 0x9, 0x9, 0x1, 0x6]}}, @hvc={0x32, 0x40, {0x50, [0x7, 0x400, 0xffff, 0xfffffffffffffffd, 0x6]}}, @hvc={0x32, 0x40, {0x400, [0x65ada271, 0x9, 0x1, 0x0, 0x80]}}], 0x56c}, &(0x7f0000000740)=[@featur2={0x1, 0x52}], 0x1) 15.152871218s ago: executing program 36 (id=600): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve={0x6080000000150120, 0x0}) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x4) ioctl$KVM_ARM_VCPU_INIT(r8, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0x10}) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x40000000000001, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x80000, 0xf, 0x0, 0x9, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x80) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, &(0x7f0000000000)=@attr_pmu_init) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000240)=0x8080000}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap$KVM_VCPU(0x0, 0x1000000000) ioctl$KVM_RUN(r9, 0xae80, 0x0) 0s ago: executing program 37 (id=601): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x19) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x7}) r3 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x0, 0x6000, 0x0, r3}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x8}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000000)={0x6000, 0x0, 0x0, 0x1, 0x20000000}) r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f00000007c0)=@riscv64_smstateen_csr={0x8030000003020000, &(0x7f0000000780)=0x6}) r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000aa8000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000700)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x7, 0xc0, 0x3, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c288}}, @irq_setup={0x46, 0x18, {0x3, 0x227}}, @uexit={0x0, 0x18, 0x100000000}, @eret={0xe6, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x3}}, @irq_setup={0x46, 0x18, {0x1, 0x1fa}}, @svc={0x122, 0x40, {0x1000, [0x5c0, 0x2, 0xffffffff8a17fd62, 0x904, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x4, 0x5, 0x42c, 0xffffffff, 0x2}}, @hvc={0x32, 0x40, {0xc4000003, [0x40, 0x8232, 0x9, 0x71, 0xfe24]}}, @mrs={0xbe, 0x18, {0x603000000013dea1}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x301}}, @code={0xa, 0xb4, {"002c8dd20020b8f2810080d2420180d2830180d2a40080d2020000d40040201ee0079f1a00c8217e007008d5c0188bd200a0b0f2010180d2c20180d2030180d2440080d2020000d400a783d20040b0f2210080d2e20080d2830080d2c40180d2020000d400d882d200e0b8f2a10080d2820080d2230080d2a40080d2020000d4000028d580d780d200a0b8f2210180d2220080d2e30080d2040180d2020000d4"}}, @hvc={0x32, 0x40, {0x8000, [0x1, 0x81, 0x4, 0x7, 0x7f]}}, @svc={0x122, 0x40, {0x800, [0x2, 0xfffffffffffffff8, 0x8, 0x1, 0x7]}}, @hvc={0x32, 0x40, {0x40000000, [0x8, 0x0, 0x2, 0x8, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x2be}}, @eret={0xe6, 0x18, 0x200}, @smc={0x1e, 0x40, {0x8600ff01, [0xf, 0x5, 0x100000000, 0xe, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013df56}}, @irq_setup={0x46, 0x18, {0x2, 0x225}}, @msr={0x14, 0x20, {0x603000000013def6, 0xa}}, @msr={0x14, 0x20, {0x603000000013c288, 0x4}}, @hvc={0x32, 0x40, {0x3f000000, [0x0, 0x8, 0x0, 0xaf, 0x8b67]}}, @hvc={0x32, 0x40, {0xc400000d, [0x9d0, 0x8000, 0xb, 0x13, 0x8]}}, @hvc={0x32, 0x40, {0x10, [0x6, 0x9, 0x9, 0x1, 0x6]}}, @hvc={0x32, 0x40, {0x50, [0x7, 0x400, 0xffff, 0xfffffffffffffffd, 0x6]}}, @hvc={0x32, 0x40, {0x400, [0x65ada271, 0x9, 0x1, 0x0, 0x80]}}], 0x56c}, &(0x7f0000000740)=[@featur2={0x1, 0x52}], 0x1) kernel console output (not intermixed with test programs): [ 369.016449][ T24] audit: type=1400 audit(368.200:75): avc: denied { write } for pid=3263 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 371.606926][ T3206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.458280][ T24] audit: type=1400 audit(377.640:76): avc: denied { write } for pid=3270 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 382.724430][ T24] audit: type=1400 audit(381.890:77): avc: denied { write } for pid=3274 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 396.025043][ T24] audit: type=1400 audit(395.170:78): avc: denied { write } for pid=3278 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 400.379876][ T24] audit: type=1400 audit(399.560:79): avc: denied { write } for pid=3281 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 411.853071][ T24] audit: type=1400 audit(411.030:80): avc: denied { write } for pid=3286 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 415.573876][ T24] audit: type=1400 audit(414.720:81): avc: denied { write } for pid=3289 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 418.069979][ T3206] eql: remember to turn off Van-Jacobson compression on your slave devices [ 427.505854][ T24] audit: type=1400 audit(426.690:82): avc: denied { write } for pid=3295 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 431.200769][ T24] audit: type=1400 audit(430.380:83): avc: denied { write } for pid=3298 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 445.313506][ T24] audit: type=1400 audit(444.490:84): avc: denied { write } for pid=3305 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 450.312598][ T24] audit: type=1400 audit(449.490:85): avc: denied { write } for pid=3308 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 459.776401][ T24] audit: type=1400 audit(458.960:86): avc: denied { write } for pid=3311 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 463.463950][ T24] audit: type=1400 audit(462.630:87): avc: denied { write } for pid=3314 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 469.054596][ T24] audit: type=1400 audit(468.200:88): avc: denied { write } for pid=3317 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 472.734770][ T24] audit: type=1400 audit(471.890:89): avc: denied { write } for pid=3320 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 481.823220][ T24] audit: type=1400 audit(481.000:90): avc: denied { write } for pid=3324 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 485.474508][ T24] audit: type=1400 audit(484.630:91): avc: denied { write } for pid=3327 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 503.722425][ T24] audit: type=1400 audit(502.890:92): avc: denied { write } for pid=3336 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 508.152636][ T24] audit: type=1400 audit(507.330:93): avc: denied { write } for pid=3339 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 522.913025][ T24] audit: type=1400 audit(522.050:94): avc: denied { write } for pid=3345 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 526.622712][ T24] audit: type=1400 audit(525.800:95): avc: denied { write } for pid=3348 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 538.393711][ T24] audit: type=1400 audit(537.570:96): avc: denied { write } for pid=3352 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 542.046505][ T24] audit: type=1400 audit(541.230:97): avc: denied { write } for pid=3355 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '[localhost]:14939' (ED25519) to the list of known hosts. [ 586.068041][ T24] audit: type=1400 audit(585.240:98): avc: denied { name_bind } for pid=3360 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 586.899469][ T24] audit: type=1400 audit(586.080:99): avc: denied { execute } for pid=3361 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 586.928242][ T24] audit: type=1400 audit(586.100:100): avc: denied { execute_no_trans } for pid=3361 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 596.147957][ T24] audit: type=1400 audit(595.330:101): avc: denied { write } for pid=3362 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 598.416568][ T24] audit: type=1400 audit(597.600:102): avc: denied { write } for pid=3365 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 614.200916][ T24] audit: type=1400 audit(613.380:103): avc: denied { mounton } for pid=3361 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 614.240086][ T24] audit: type=1400 audit(613.420:104): avc: denied { mount } for pid=3361 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 614.329283][ T3361] cgroup: Unknown subsys name 'net' [ 614.388663][ T24] audit: type=1400 audit(613.570:105): avc: denied { unmount } for pid=3361 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 614.804720][ T3361] cgroup: Unknown subsys name 'cpuset' [ 614.918735][ T3361] cgroup: Unknown subsys name 'rlimit' [ 615.306052][ T24] audit: type=1400 audit(614.480:106): avc: denied { setattr } for pid=3361 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 615.329287][ T24] audit: type=1400 audit(614.500:107): avc: denied { mounton } for pid=3361 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 615.345734][ T24] audit: type=1400 audit(614.530:108): avc: denied { mount } for pid=3361 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 616.378127][ T3369] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 616.398288][ T24] audit: type=1400 audit(615.580:109): avc: denied { relabelto } for pid=3369 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.417448][ T24] audit: type=1400 audit(615.600:110): avc: denied { write } for pid=3369 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 616.596182][ T24] audit: type=1400 audit(615.780:111): avc: denied { read } for pid=3361 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.610097][ T24] audit: type=1400 audit(615.790:112): avc: denied { open } for pid=3361 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 616.659151][ T3361] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 675.266444][ T24] audit: type=1400 audit(674.450:113): avc: denied { execmem } for pid=3370 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 679.792724][ T24] audit: type=1400 audit(678.970:114): avc: denied { read } for pid=3373 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 679.826904][ T24] audit: type=1400 audit(679.010:115): avc: denied { open } for pid=3372 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 679.881023][ T24] audit: type=1400 audit(679.060:116): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 680.110243][ T24] audit: type=1400 audit(679.290:117): avc: denied { module_request } for pid=3373 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 680.130363][ T24] audit: type=1400 audit(679.310:118): avc: denied { module_request } for pid=3372 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 681.094521][ T24] audit: type=1400 audit(680.270:119): avc: denied { sys_module } for pid=3373 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 705.927599][ T3373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.279451][ T3373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.385230][ T3372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.635246][ T3372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 717.786405][ T3373] hsr_slave_0: entered promiscuous mode [ 717.815331][ T3373] hsr_slave_1: entered promiscuous mode [ 718.717906][ T3372] hsr_slave_0: entered promiscuous mode [ 718.749697][ T3372] hsr_slave_1: entered promiscuous mode [ 718.778371][ T3372] debugfs: 'hsr0' already exists in 'hsr' [ 718.794023][ T3372] Cannot create hsr debugfs directory [ 724.333469][ T24] audit: type=1400 audit(723.510:120): avc: denied { create } for pid=3373 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.398075][ T24] audit: type=1400 audit(723.530:121): avc: denied { write } for pid=3373 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.447267][ T24] audit: type=1400 audit(723.630:122): avc: denied { read } for pid=3373 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 724.560108][ T3373] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 724.857023][ T3373] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 724.996573][ T3373] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 725.218097][ T3373] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 725.289431][ T3373] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 725.434728][ T3373] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 725.623604][ T3373] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 725.689335][ T3373] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 726.944026][ T3372] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 727.035690][ T3372] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 727.114542][ T3372] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 727.206649][ T3372] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 727.314261][ T3372] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 727.369664][ T3372] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 727.516766][ T3372] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 727.733480][ T3372] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 739.550564][ T3373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 741.230520][ T3372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 791.587521][ T3373] veth0_vlan: entered promiscuous mode [ 792.140150][ T3373] veth1_vlan: entered promiscuous mode [ 793.303991][ T3372] veth0_vlan: entered promiscuous mode [ 794.169732][ T3372] veth1_vlan: entered promiscuous mode [ 794.498815][ T3373] veth0_macvtap: entered promiscuous mode [ 794.988228][ T3373] veth1_macvtap: entered promiscuous mode [ 797.098870][ T3372] veth0_macvtap: entered promiscuous mode [ 797.400565][ T3392] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.419106][ T3392] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.434050][ T3392] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.437907][ T3392] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.748707][ T3372] veth1_macvtap: entered promiscuous mode [ 800.133959][ T24] audit: type=1400 audit(799.300:123): avc: denied { mount } for pid=3373 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 800.424815][ T24] audit: type=1400 audit(799.580:124): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/syzkaller.3YNrlS/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 800.544315][ T24] audit: type=1400 audit(799.700:125): avc: denied { mount } for pid=3373 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 800.614303][ T3475] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.618828][ T3475] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.635484][ T3475] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.656513][ T3475] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.850249][ T24] audit: type=1400 audit(800.030:126): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/syzkaller.3YNrlS/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 800.987035][ T24] audit: type=1400 audit(800.170:127): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/syzkaller.3YNrlS/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 801.635684][ T24] audit: type=1400 audit(800.770:128): avc: denied { unmount } for pid=3373 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 802.044209][ T24] audit: type=1400 audit(801.210:129): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 802.163749][ T24] audit: type=1400 audit(801.340:130): avc: denied { mount } for pid=3373 comm="syz-executor" name="/" dev="gadgetfs" ino=3771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 802.617133][ T24] audit: type=1400 audit(801.790:131): avc: denied { mount } for pid=3373 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 802.670163][ T24] audit: type=1400 audit(801.850:132): avc: denied { mounton } for pid=3373 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 803.655141][ T3373] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 814.452387][ T24] kauditd_printk_skb: 4 callbacks suppressed [ 814.460068][ T24] audit: type=1400 audit(813.630:137): avc: denied { read } for pid=3525 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 814.507212][ T24] audit: type=1400 audit(813.680:138): avc: denied { open } for pid=3525 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 815.307344][ T24] audit: type=1400 audit(814.490:139): avc: denied { ioctl } for pid=3525 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 830.219743][ T24] audit: type=1400 audit(829.400:140): avc: denied { append } for pid=3534 comm="syz.1.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 833.793640][ T24] audit: type=1400 audit(832.970:141): avc: denied { write } for pid=3536 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 888.199138][ T24] audit: type=1400 audit(887.380:142): avc: denied { execute } for pid=3570 comm="syz.1.14" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4554 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 889.440130][ T24] audit: type=1400 audit(888.620:143): avc: denied { write } for pid=3568 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 898.866664][ T24] audit: type=1400 audit(898.020:144): avc: denied { write } for pid=3576 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 984.496974][ T3633] kvm [3633]: Failed to find VMA for hva 0x20000000 [ 1049.439678][ T24] audit: type=1400 audit(1048.570:145): avc: denied { create } for pid=3668 comm="syz.1.44" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1141.339884][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.473874][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.487126][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.528698][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.647455][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.670396][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.743590][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.790372][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.818702][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.896331][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.955056][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1141.967930][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.007903][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.037911][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.166759][ T3715] kvm [3715]: Failed to find VMA for hva 0x20d8d000 [ 1142.226421][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.344060][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.378415][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.478551][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.490825][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.599542][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.639479][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.700816][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.818309][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.846179][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.879029][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1142.996236][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1143.027104][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1143.070889][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1143.138878][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1143.208209][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1143.296598][ T3715] kvm [3715]: Failed to find VMA for hva 0x20c01000 [ 1148.117822][ T3719] FAULT_INJECTION: forcing a failure. [ 1148.117822][ T3719] name failslab, interval 1, probability 0, space 0, times 1 [ 1148.166279][ T3719] CPU: 0 UID: 0 PID: 3719 Comm: syz.1.63 Not tainted syzkaller #0 PREEMPT [ 1148.166966][ T3719] Hardware name: linux,dummy-virt (DT) [ 1148.167456][ T3719] Call trace: [ 1148.167867][ T3719] show_stack+0x2c/0x3c (C) [ 1148.171825][ T3719] __dump_stack+0x30/0x40 [ 1148.172242][ T3719] dump_stack_lvl+0xd8/0x12c [ 1148.172566][ T3719] dump_stack+0x1c/0x28 [ 1148.172875][ T3719] should_fail_ex+0x56c/0x6d8 [ 1148.173120][ T3719] should_failslab+0xb8/0xec [ 1148.173390][ T3719] __kmalloc_noprof+0xe8/0x598 [ 1148.173624][ T3719] tomoyo_realpath_from_path+0xdc/0x640 [ 1148.173888][ T3719] tomoyo_path_number_perm+0x13c/0x33c [ 1148.174220][ T3719] tomoyo_file_ioctl+0x2c/0x3c [ 1148.174472][ T3719] security_file_ioctl+0xe0/0x2cc [ 1148.174724][ T3719] __arm64_sys_ioctl+0xd0/0x244 [ 1148.175054][ T3719] invoke_syscall+0x94/0x1ec [ 1148.175395][ T3719] el0_svc_common+0x120/0x2f4 [ 1148.175695][ T3719] do_el0_svc+0x58/0x74 [ 1148.176011][ T3719] el0_svc+0x60/0x238 [ 1148.176272][ T3719] el0t_64_sync_handler+0x84/0x12c [ 1148.176528][ T3719] el0t_64_sync+0x198/0x19c [ 1148.312899][ T3719] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1206.334753][ T24] audit: type=1400 audit(1205.450:146): avc: denied { map } for pid=3749 comm="syz.0.74" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7407 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1206.357627][ T24] audit: type=1400 audit(1205.540:147): avc: denied { read } for pid=3749 comm="syz.0.74" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7407 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1238.659287][ T24] audit: type=1400 audit(1237.840:148): avc: denied { write } for pid=3764 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1248.277609][ T24] audit: type=1400 audit(1247.440:149): avc: denied { write } for pid=3774 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1272.989222][ T24] audit: type=1400 audit(1272.170:150): avc: denied { map } for pid=3788 comm="syz.1.85" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1336.647689][ T24] audit: type=1400 audit(1335.830:151): avc: denied { ioctl } for pid=3819 comm="syz.0.95" path="net:[4026532628]" dev="nsfs" ino=4026532628 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1418.304713][ T24] audit: type=1400 audit(1417.450:152): avc: denied { execute } for pid=3863 comm="syz.1.109" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1454.233380][ T24] audit: type=1400 audit(1453.410:153): avc: denied { execute } for pid=3887 comm="syz.0.115" path=2F35362F10FBFF67525673312B0104 dev="tmpfs" ino=299 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1620.059912][ T3978] kvm [3978]: Failed to find VMA for hva 0x20d8d000 [ 1708.682401][ T24] audit: type=1400 audit(1707.840:154): avc: denied { write } for pid=4020 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1716.602379][ T24] audit: type=1400 audit(1715.760:155): avc: denied { write } for pid=4030 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1805.665235][ T4079] kvm [4079]: Failed to find VMA for hva 0x20c01000 [ 1836.458482][ T4098] kvm [4098]: Failed to find VMA for hva 0x21016000 [ 1836.496736][ T4102] kvm [4102]: Failed to find VMA for hva 0x21016000 [ 1939.516666][ T4107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1939.757159][ T4107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1942.585372][ T4110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1942.815042][ T4110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1965.535687][ T3425] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1967.789099][ T3425] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1970.223973][ T3425] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1970.750655][ T4107] hsr_slave_0: entered promiscuous mode [ 1970.796451][ T4107] hsr_slave_1: entered promiscuous mode [ 1970.829871][ T4107] debugfs: 'hsr0' already exists in 'hsr' [ 1970.852703][ T4107] Cannot create hsr debugfs directory [ 1971.764594][ T3425] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1974.638110][ T4110] hsr_slave_0: entered promiscuous mode [ 1974.689610][ T4110] hsr_slave_1: entered promiscuous mode [ 1974.744102][ T4110] debugfs: 'hsr0' already exists in 'hsr' [ 1974.755606][ T4110] Cannot create hsr debugfs directory [ 1987.085950][ T3425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1987.304227][ T3425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1987.460767][ T3425] bond0 (unregistering): Released all slaves [ 1988.304378][ T3425] hsr_slave_0: left promiscuous mode [ 1988.343454][ T3425] hsr_slave_1: left promiscuous mode [ 1988.514232][ T3425] veth1_macvtap: left promiscuous mode [ 1988.518223][ T3425] veth0_macvtap: left promiscuous mode [ 1988.528530][ T3425] veth1_vlan: left promiscuous mode [ 1988.551783][ T3425] veth0_vlan: left promiscuous mode [ 2004.483356][ T3425] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2005.540477][ T3425] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2005.919379][ T4107] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2006.257307][ T4107] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2006.959440][ T3425] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2007.317452][ T4107] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2007.525564][ T4107] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2008.237602][ T3425] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2008.586560][ T4107] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2008.818278][ T4107] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2009.206152][ T4107] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2009.440249][ T4107] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2011.264793][ T24] audit: type=1400 audit(2010.440:156): avc: denied { write } for pid=4182 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2012.922934][ T4110] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2013.077502][ T4110] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 2013.209855][ T4110] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2013.539167][ T4110] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 2014.036609][ T4110] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2014.319527][ T4110] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 2014.674398][ T4110] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2015.083690][ T4110] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 2018.093174][ T24] audit: type=1400 audit(2017.240:157): avc: denied { write } for pid=4193 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2026.644128][ T3425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2027.117040][ T3425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2027.275424][ T3425] bond0 (unregistering): Released all slaves [ 2028.067662][ T3206] 8021q: adding VLAN 0 to HW filter on device eth1 [ 2028.694621][ T3425] hsr_slave_0: left promiscuous mode [ 2028.817620][ T3425] hsr_slave_1: left promiscuous mode [ 2029.303258][ T3425] veth1_macvtap: left promiscuous mode [ 2029.305590][ T3425] veth0_macvtap: left promiscuous mode [ 2029.325067][ T3425] veth1_vlan: left promiscuous mode [ 2029.333595][ T3425] veth0_vlan: left promiscuous mode [ 2055.368079][ T4107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2058.553543][ T24] audit: type=1400 audit(2057.730:158): avc: denied { write } for pid=4214 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2064.483281][ T24] audit: type=1400 audit(2063.660:159): avc: denied { write } for pid=4223 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2065.818259][ T4110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2068.790262][ T3206] 8021q: adding VLAN 0 to HW filter on device eth2 [ 2081.248884][ T24] audit: type=1400 audit(2080.420:160): avc: denied { write } for pid=4235 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2089.843273][ T24] audit: type=1400 audit(2089.020:161): avc: denied { write } for pid=4243 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2094.780042][ T3206] 8021q: adding VLAN 0 to HW filter on device eth3 [ 2108.596179][ T24] audit: type=1400 audit(2107.780:162): avc: denied { write } for pid=4259 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2114.303924][ T24] audit: type=1400 audit(2113.470:163): avc: denied { write } for pid=4268 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2118.197528][ T3206] 8021q: adding VLAN 0 to HW filter on device eth4 [ 2130.057329][ T24] audit: type=1400 audit(2129.240:164): avc: denied { write } for pid=4284 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2136.410127][ T24] audit: type=1400 audit(2135.590:165): avc: denied { write } for pid=4293 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2136.685100][ T4107] veth0_vlan: entered promiscuous mode [ 2137.467578][ T4107] veth1_vlan: entered promiscuous mode [ 2140.077860][ T4107] veth0_macvtap: entered promiscuous mode [ 2140.440322][ T4107] veth1_macvtap: entered promiscuous mode [ 2141.850017][ T3206] 8021q: adding VLAN 0 to HW filter on device eth5 [ 2143.532837][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2143.534786][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2143.626291][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2143.640168][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2148.087468][ T24] audit: type=1400 audit(2147.250:166): avc: denied { unmount } for pid=4107 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 2150.848620][ T4110] veth0_vlan: entered promiscuous mode [ 2151.639602][ T4110] veth1_vlan: entered promiscuous mode [ 2155.616848][ T4110] veth0_macvtap: entered promiscuous mode [ 2156.283725][ T4110] veth1_macvtap: entered promiscuous mode [ 2160.169949][ T3425] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2160.205961][ T3425] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2160.332716][ T4039] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2160.333861][ T4039] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2162.593124][ T24] audit: type=1400 audit(2161.760:167): avc: denied { write } for pid=4302 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2173.296106][ T24] audit: type=1400 audit(2172.460:168): avc: denied { write } for pid=4309 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2179.769934][ T3206] 8021q: adding VLAN 0 to HW filter on device eth6 [ 2188.273795][ T24] audit: type=1400 audit(2187.430:169): avc: denied { write } for pid=4318 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2197.522247][ T24] audit: type=1400 audit(2196.640:170): avc: denied { write } for pid=4326 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2224.402320][ T24] audit: type=1400 audit(2223.570:171): avc: denied { write } for pid=4337 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2234.494522][ T24] audit: type=1400 audit(2233.630:172): avc: denied { write } for pid=4345 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2240.440937][ T3206] 8021q: adding VLAN 0 to HW filter on device eth7 [ 2265.043437][ T24] audit: type=1400 audit(2264.170:173): avc: denied { write } for pid=4363 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2277.262506][ T24] audit: type=1400 audit(2276.420:174): avc: denied { write } for pid=4369 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2285.436120][ T3206] 8021q: adding VLAN 0 to HW filter on device eth8 [ 2331.360534][ T24] audit: type=1400 audit(2330.530:175): avc: denied { write } for pid=4396 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2341.993879][ T24] audit: type=1400 audit(2341.170:176): avc: denied { write } for pid=4405 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2371.815517][ T24] audit: type=1400 audit(2370.990:177): avc: denied { write } for pid=4421 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2381.112502][ T24] audit: type=1400 audit(2380.270:178): avc: denied { write } for pid=4429 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2409.352847][ T24] audit: type=1400 audit(2408.530:179): avc: denied { write } for pid=4443 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2419.483515][ T24] audit: type=1400 audit(2418.600:180): avc: denied { write } for pid=4449 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2437.637889][ T24] audit: type=1400 audit(2436.820:181): avc: denied { write } for pid=4459 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2448.870000][ T24] audit: type=1400 audit(2448.040:182): avc: denied { write } for pid=4469 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2486.985124][ T24] audit: type=1400 audit(2486.110:183): avc: denied { write } for pid=4489 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2495.808316][ T24] audit: type=1400 audit(2494.990:184): avc: denied { write } for pid=4500 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2515.005713][ T24] audit: type=1400 audit(2514.180:185): avc: denied { write } for pid=4513 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2525.464407][ T24] audit: type=1400 audit(2524.580:186): avc: denied { write } for pid=4520 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2548.145024][ T24] audit: type=1400 audit(2547.290:187): avc: denied { write } for pid=4533 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2557.094975][ T24] audit: type=1400 audit(2556.270:188): avc: denied { write } for pid=4538 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2573.902666][ T24] audit: type=1400 audit(2573.080:189): avc: denied { write } for pid=4550 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2585.369889][ T24] audit: type=1400 audit(2584.550:190): avc: denied { write } for pid=4559 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2666.746600][ T24] audit: type=1400 audit(2665.920:191): avc: denied { write } for pid=4596 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2676.484760][ T24] audit: type=1400 audit(2675.630:192): avc: denied { write } for pid=4606 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3092.105143][ T24] audit: type=1400 audit(3091.280:193): avc: denied { write } for pid=4801 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3101.323691][ T24] audit: type=1400 audit(3100.490:194): avc: denied { write } for pid=4810 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3538.613511][ T24] audit: type=1400 audit(3537.780:195): avc: denied { write } for pid=5032 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3548.166405][ T24] audit: type=1400 audit(3547.340:196): avc: denied { write } for pid=5041 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3574.275321][ T5048] kvm [5048]: Failed to find VMA for hva 0x20c79000 [ 3705.160033][ T24] audit: type=1400 audit(3704.340:197): avc: denied { execute } for pid=5106 comm="syz.3.389" path="/sys/kernel/debug/kcov" dev="debugfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 3857.092781][ T24] audit: type=1400 audit(3856.260:198): avc: denied { setattr } for pid=5190 comm="syz.2.409" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3868.907765][ T24] audit: type=1400 audit(3868.040:199): avc: denied { map } for pid=5199 comm="syz.3.412" path="pipe:[13229]" dev="pipefs" ino=13229 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3930.696507][ T24] audit: type=1400 audit(3929.870:200): avc: denied { write } for pid=5227 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 3940.223947][ T24] audit: type=1400 audit(3939.370:201): avc: denied { write } for pid=5239 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4172.376045][ T5353] kvm [5352]: Unsupported guest access at: eeef0000 [ 4172.376045][ T5353] { Op0( 2), Op1( 0), CRn( 0), CRm( 6), Op2( 2), func_read }, [ 4200.382941][ T24] audit: type=1400 audit(4199.450:202): avc: denied { write } for pid=5361 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4212.411098][ T24] audit: type=1400 audit(4211.580:203): avc: denied { write } for pid=5368 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4489.443098][ T24] audit: type=1400 audit(4488.540:204): avc: denied { write } for pid=5494 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4500.292710][ T24] audit: type=1400 audit(4499.470:205): avc: denied { write } for pid=5500 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 4568.806498][ T5537] kvm [5537]: Failed to find VMA for hva 0x20c01000 [ 4647.635712][ T5572] kvm [5572]: Failed to find VMA for hva 0x20de6000 [ 4664.134798][ T5583] kvm [5583]: Failed to find VMA for hva 0x20c79000 [ 5058.489100][ T24] audit: type=1400 audit(5057.670:206): avc: denied { write } for pid=5761 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5067.936825][ T24] audit: type=1400 audit(5067.050:207): avc: denied { write } for pid=5769 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5340.753447][ T24] audit: type=1400 audit(5339.930:208): avc: denied { write } for pid=5903 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5345.844037][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5346.346336][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5350.902516][ T24] audit: type=1400 audit(5349.990:209): avc: denied { write } for pid=5913 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5357.777871][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5358.186652][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5377.918815][ T5865] hsr_slave_0: entered promiscuous mode [ 5378.036902][ T5865] hsr_slave_1: entered promiscuous mode [ 5386.854341][ T5871] hsr_slave_0: entered promiscuous mode [ 5386.903787][ T5871] hsr_slave_1: entered promiscuous mode [ 5386.929445][ T5871] debugfs: 'hsr0' already exists in 'hsr' [ 5386.986845][ T5871] Cannot create hsr debugfs directory [ 5402.802694][ T5865] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 5403.354407][ T5865] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5403.430856][ T5865] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 5403.826473][ T5865] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5404.726143][ T5865] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 5405.126104][ T5865] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5407.133079][ T5865] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 5407.865655][ T5865] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5420.038890][ T5871] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 5420.567549][ T5871] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5420.676919][ T5871] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 5421.117299][ T5871] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5422.190152][ T3802] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5422.660181][ T5871] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 5422.925726][ T5871] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5422.990515][ T5871] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 5423.198969][ T5871] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5424.379686][ T3802] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5425.889013][ T3802] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5427.909609][ T3802] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5449.604760][ T3802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5449.797435][ T3802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5449.964439][ T3802] bond0 (unregistering): Released all slaves [ 5453.057721][ T3802] hsr_slave_0: left promiscuous mode [ 5453.462943][ T3802] hsr_slave_1: left promiscuous mode [ 5454.328194][ T3802] veth1_macvtap: left promiscuous mode [ 5454.395225][ T3802] veth0_macvtap: left promiscuous mode [ 5454.433816][ T3802] veth1_vlan: left promiscuous mode [ 5454.445698][ T3802] veth0_vlan: left promiscuous mode [ 5494.136369][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5503.650428][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5508.935982][ T24] audit: type=1400 audit(5508.120:210): avc: denied { write } for pid=5973 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5519.404477][ T24] audit: type=1400 audit(5518.570:211): avc: denied { write } for pid=5982 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5528.125724][ T3206] 8021q: adding VLAN 0 to HW filter on device eth9 [ 5552.605953][ T24] audit: type=1400 audit(5551.720:212): avc: denied { write } for pid=5997 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5562.153419][ T24] audit: type=1400 audit(5561.310:213): avc: denied { write } for pid=6006 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5568.558024][ T3206] 8021q: adding VLAN 0 to HW filter on device eth10 [ 5597.512951][ T24] audit: type=1400 audit(5596.680:214): avc: denied { write } for pid=6025 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5608.723068][ T24] audit: type=1400 audit(5607.870:215): avc: denied { write } for pid=6036 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5615.123631][ T3206] 8021q: adding VLAN 0 to HW filter on device eth11 [ 5639.970055][ T24] audit: type=1400 audit(5639.050:216): avc: denied { write } for pid=6053 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5651.388891][ T24] audit: type=1400 audit(5650.540:217): avc: denied { write } for pid=6064 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5652.674447][ T5865] veth0_vlan: entered promiscuous mode [ 5654.178349][ T5865] veth1_vlan: entered promiscuous mode [ 5658.710476][ T5865] veth0_macvtap: entered promiscuous mode [ 5659.520664][ T5865] veth1_macvtap: entered promiscuous mode [ 5660.850951][ T3206] 8021q: adding VLAN 0 to HW filter on device eth12 [ 5666.239347][ T3424] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5666.272954][ T3424] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5666.278113][ T5991] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5666.293424][ T5991] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5667.627988][ T5871] veth0_vlan: entered promiscuous mode [ 5670.828067][ T5871] veth1_vlan: entered promiscuous mode [ 5676.996060][ T5871] veth0_macvtap: entered promiscuous mode [ 5677.846740][ T5871] veth1_macvtap: entered promiscuous mode [ 5682.488006][ T5991] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5682.489606][ T5991] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5682.530156][ T5991] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5682.554722][ T5991] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5695.105020][ T24] audit: type=1400 audit(5694.260:218): avc: denied { write } for pid=6075 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5709.824768][ T24] audit: type=1400 audit(5708.990:219): avc: denied { write } for pid=6087 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5743.272569][ T24] audit: type=1400 audit(5742.450:220): avc: denied { write } for pid=6100 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5752.140388][ T24] audit: type=1400 audit(5751.280:221): avc: denied { write } for pid=6104 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5776.275431][ T24] audit: type=1400 audit(5775.350:222): avc: denied { write } for pid=6112 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5788.282866][ T24] audit: type=1400 audit(5787.450:223): avc: denied { write } for pid=6122 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5808.062751][ T24] audit: type=1400 audit(5807.230:224): avc: denied { write } for pid=6131 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5818.488687][ T24] audit: type=1400 audit(5817.610:225): avc: denied { write } for pid=6138 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5838.654758][ T24] audit: type=1400 audit(5837.830:226): avc: denied { write } for pid=6146 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5850.363391][ T24] audit: type=1400 audit(5849.490:227): avc: denied { write } for pid=6156 comm="rm" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 5861.997233][ T6105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5862.460745][ T6105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5874.675959][ T6114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5875.225489][ T6114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5902.288347][ T6105] hsr_slave_0: entered promiscuous mode [ 5902.378399][ T6105] hsr_slave_1: entered promiscuous mode [ 5902.505417][ T6105] debugfs: 'hsr0' already exists in 'hsr' [ 5902.523393][ T6105] Cannot create hsr debugfs directory [ 5916.359279][ T6114] hsr_slave_0: entered promiscuous mode [ 5916.399880][ T6114] hsr_slave_1: entered promiscuous mode [ 5916.455743][ T6114] debugfs: 'hsr0' already exists in 'hsr' [ 5916.468720][ T6114] Cannot create hsr debugfs directory [ 5927.453792][ T6105] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 5928.020376][ T6105] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5928.842871][ T6105] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 5929.050845][ T6105] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5929.893332][ T6105] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 5930.206676][ T6105] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5930.715148][ T6105] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 5930.950950][ T6105] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5947.838651][ T6114] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 5948.508767][ T6114] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 5948.670617][ T6114] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 5949.336549][ T6114] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 5949.534634][ T6114] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 5950.038428][ T6114] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 5950.190513][ T6114] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 5950.737067][ T6114] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 5978.757991][ T6105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5990.797336][ T6114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6133.272810][ T24] audit: type=1400 audit(6132.400:228): avc: denied { write } for pid=6272 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=111 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6143.414954][ T26] INFO: task syz.4.600:6077 blocked for more than 430 seconds. [ 6143.419277][ T26] Not tainted syzkaller #0 [ 6143.437642][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 6143.438298][ T26] task:syz.4.600 state:D stack:0 pid:6077 tgid:6077 ppid:5865 task_flags:0x400040 flags:0x00000011 [ 6143.439472][ T26] Call trace: [ 6143.439849][ T26] __switch_to+0x5e0/0xb70 (T) [ 6143.440417][ T26] __schedule+0x2554/0x3828 [ 6143.440846][ T26] schedule+0xac/0x278 [ 6143.585078][ T26] schedule_timeout+0x68/0x1ec [ 6143.589303][ T26] do_wait_for_common+0x270/0x428 [ 6143.589895][ T26] wait_for_completion+0x44/0x5c [ 6143.590345][ T26] __synchronize_srcu+0x1b4/0x1f4 [ 6143.590867][ T26] synchronize_srcu+0x668/0x8dc [ 6143.653496][ T26] mmu_notifier_unregister+0x320/0x428 [ 6143.654179][ T26] kvm_put_kvm+0x69c/0xbbc [ 6143.654608][ T26] kvm_vm_release+0x58/0x78 [ 6143.655122][ T26] __fput+0x4ac/0x978 [ 6143.655571][ T26] ____fput+0x20/0x30 [ 6143.656019][ T26] task_work_run+0x1b8/0x250 [ 6143.656467][ T26] exit_to_user_mode_loop+0x110/0x188 [ 6143.656950][ T26] el0_svc+0x184/0x238 [ 6143.657411][ T26] el0t_64_sync_handler+0x84/0x12c [ 6143.657885][ T26] el0t_64_sync+0x198/0x19c [ 6143.659438][ T26] [ 6143.659438][ T26] Showing all locks held in the system: [ 6143.659962][ T26] 1 lock held by khungtaskd/26: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 6143.660343][ T26] #0: ffff800087db4518 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 6143.828443][ T26] 1 lock held by klogd/3169: [ 6143.828848][ T26] 2 locks held by getty/3234: [ 6143.829192][ T26] #0: 98f000001276a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 6143.830839][ T26] #1: 4cff80008cb4b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x314/0x1214 [ 6143.996190][ T26] 2 locks held by syz-executor/3361: [ 6143.996531][ T26] 3 locks held by kworker/u4:2/3802: [ 6143.996881][ T26] 3 locks held by kworker/u4:0/4564: [ 6143.997196][ T26] 3 locks held by kworker/u4:1/4733: [ 6143.997488][ T26] 2 locks held by kworker/0:2/4987: [ 6143.997769][ T26] 2 locks held by kworker/u4:8/5093: [ 6143.998091][ T26] #0: 13f000000d036540 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x804/0x1d5c [ 6144.000607][ T26] #1: ffff80008f427cb8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x890/0x1d5c [ 6144.134639][ T26] 2 locks held by syz.3.598/5854: [ 6144.135024][ T26] 2 locks held by kworker/u4:5/5867: [ 6144.135405][ T26] 3 locks held by kworker/u4:10/5945: [ 6144.135717][ T26] 3 locks held by kworker/u4:13/6066: [ 6144.136096][ T26] 2 locks held by kworker/u4:11/6206: [ 6144.136384][ T26] #0: 13f000000d036540 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x804/0x1d5c [ 6144.138163][ T26] #1: ffff80008f3e7cb8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x890/0x1d5c [ 6144.139751][ T26] 1 lock held by modprobe/6281: [ 6144.140084][ T26] 3 locks held by rm/6282: [ 6144.267451][ T26] [ 6144.268071][ T26] ============================================= [ 6144.268071][ T26] [ 6144.269074][ T26] Kernel panic - not syncing: hung_task: blocked tasks [ 6144.273819][ T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 6144.275313][ T26] Hardware name: linux,dummy-virt (DT) [ 6144.276206][ T26] Call trace: [ 6144.276897][ T26] show_stack+0x2c/0x3c (C) [ 6144.277979][ T26] __dump_stack+0x30/0x40 [ 6144.278950][ T26] dump_stack_lvl+0x30/0x12c [ 6144.279964][ T26] dump_stack+0x1c/0x28 [ 6144.280883][ T26] vpanic+0x4cc/0x844 [ 6144.281792][ T26] vpanic+0x0/0x844 [ 6144.282671][ T26] hung_task_panic+0x0/0x2c [ 6144.283701][ T26] kthread+0x4d4/0x51c [ 6144.284624][ T26] ret_from_fork+0x10/0x20 [ 6144.286486][ T26] Kernel Offset: disabled [ 6144.287268][ T26] CPU features: 0x00000000,0034600b,f7c647a1,057ffe1f [ 6144.288402][ T26] Memory Limit: none [ 6144.290657][ T26] Rebooting in 86400 seconds..