last executing test programs: 53m18.974758628s ago: executing program 0 (id=1): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c021}}], 0x18}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x1000, &(0x7f0000ee6000/0x1000)=nil}) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@smc={0x1e, 0x40, {0x8000, [0x1, 0x4de8, 0xef23, 0x4, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x9, 0x7}}, @hvc={0x32, 0x40, {0x84000012, [0x45, 0x20000000000, 0x7, 0xd26d, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x9a, 0x4, 0x9, 0x7, 0x6, 0x2}}], 0xd8}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x2f) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r13 = eventfd2(0x5, 0x800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r13, 0x8}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r13, 0x2}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000240)={0x2, 0x5000, 0x4, r13, 0x2}) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000200)) r14 = eventfd2(0x4, 0x80801) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r14, 0x6, 0x2}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000280)={0x0, 0x4, 0x4, r14, 0x4}) 53m16.026486173s ago: executing program 1 (id=2): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x2000006, 0x8010, r4, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) syz_kvm_setup_cpu$arm64(r2, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000002c0)=[@svc={0x122, 0x40, {0xc4000003, [0x0, 0x5, 0x8, 0x48, 0x4]}}, @uexit={0x0, 0x18, 0x2}, @irq_setup={0x46, 0x18, {0x4, 0x127}}, @hvc={0x32, 0x40, {0x84000010, [0x3, 0x9, 0xfffffffffffffffd, 0x8001, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x80a0000, 0xb99, 0x9, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x15b}}, @mrs={0xbe, 0x18, {0x603000000013c2a5}}, @svc={0x122, 0x40, {0x4000, [0x9, 0x4, 0xfffffffffffffffa, 0x4, 0xb39]}}, @eret={0xe6, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x0, 0xa, 0x1}}, @irq_setup={0x46, 0x18, {0x2, 0xdc}}, @smc={0x1e, 0x40, {0x84000008, [0x40, 0x9, 0x8, 0x6, 0x7fffffff]}}, @msr={0x14, 0x20, {0x603000000013c65e, 0x81}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0xa9}}, @hvc={0x32, 0x40, {0x8000, [0x9, 0x2, 0x444, 0x14b8, 0x101]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x8, 0x2}}, @eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0x1995}, @uexit={0x0, 0x18, 0x7f5c}, @msr={0x14, 0x20, {0x603000000013df67, 0x5}}, @smc={0x1e, 0x40, {0x84000003, [0x7, 0x6, 0x8000, 0x0, 0xa]}}, @smc={0x1e, 0x40, {0x84000005, [0x100000001, 0x2, 0x3, 0x40000000000003, 0x5]}}, @hvc={0x32, 0x40, {0x84000051, [0x8000000000000001, 0xffffffffffffffff, 0x8, 0x7, 0x8000000000000001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x1, 0x6}}, @smc={0x1e, 0x40, {0x84000001, [0x0, 0x8, 0x433, 0x7, 0xcbc5]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xc0}}, @its_send_cmd={0xaa, 0x28, {0xe1785fe54bf0ae07, 0xfe, 0x4, 0x7, 0x101, 0x1, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x20000000002, 0x76}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x455}}, @mrs={0xbe, 0x18, {0x603000000013def6}}, @eret={0xe6, 0x18, 0xa}, @mrs={0xbe, 0x18, {0x603000000013e6ce}}], 0x528}], 0x1, 0x0, &(0x7f0000000040)=[@featur2], 0x1) (async) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r6, 0x8, 0x13, r5, 0x0) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) (async) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x0, 0x0, 0x79, 0x1}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) (async) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29) close(r7) (async) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x5) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r13, 0x4018aee2, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000800), 0x210480, 0x0) (async) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r13, 0x4018aee2, &(0x7f0000000280)=@attr_pmu_init) (async) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_CAP_PTP_KVM(r2, 0x4068aea3, &(0x7f0000000100)) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) 52m55.557274775s ago: executing program 1 (id=3): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x408801, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0x801c581f, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x0, 0x6000006, 0x110, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bc2000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x3) ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000500)=@x86={0x34, 0x3, 0x4, 0x0, 0x10000, 0x0, 0xfd, 0x2, 0x9, 0x3, 0x4, 0x0, 0x0, 0xfffffffc, 0x20000e, 0x3, 0x14, 0x6, 0x2a, '\x00', 0xd, 0x8000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 52m49.395851561s ago: executing program 0 (id=4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x3, 0x1, 0x0, 0x0, @adapter={0x0, 0x6a, 0x8, 0x5, 0x3}}, {0x3, 0x2, 0x0, 0x0, @msi={0x1, 0x5, 0x0, 0x7}}]}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0) 52m9.364215987s ago: executing program 32 (id=3): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x408801, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_fw={0x6030000000140000, &(0x7f0000000200)=0x10002}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0x801c581f, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x0, 0x6000006, 0x110, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bc2000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x34) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x3) ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000500)=@x86={0x34, 0x3, 0x4, 0x0, 0x10000, 0x0, 0xfd, 0x2, 0x9, 0x3, 0x4, 0x0, 0x0, 0xfffffffc, 0x20000e, 0x3, 0x14, 0x6, 0x2a, '\x00', 0xd, 0x8000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 52m4.885863547s ago: executing program 33 (id=4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)={0x2, 0x0, [{0x3, 0x1, 0x0, 0x0, @adapter={0x0, 0x6a, 0x8, 0x5, 0x3}}, {0x3, 0x2, 0x0, 0x0, @msi={0x1, 0x5, 0x0, 0x7}}]}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0xc3033, 0xffffffffffffffff, 0x0) 43m47.682739246s ago: executing program 3 (id=15): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x501202, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000200), 0x400400, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000240)=@arm64_sve_vls={0x606000000015ffff, 0x0}) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x101000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010000c, &(0x7f00000001c0)=0x7}) r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013802d, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r11, 0x1, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r14 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r14, 0x4010ae67, &(0x7f0000000000)={0x4000, 0x13000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r14, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r14, 0x4010ae68, &(0x7f00000003c0)={0x4, 0xa7e9ea20e9018807, 0x1}) r15 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r16, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r16, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 43m25.23253851s ago: executing program 3 (id=17): mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x9, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r6 = eventfd2(0x8801, 0x800) r7 = eventfd2(0x3ff, 0x0) ioctl$KVM_CAP_ARM_USER_IRQ(r1, 0x4068aea3, &(0x7f0000000240)) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r7, 0x5, 0x2, r7}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r6, 0x1, 0x2, r7}) close(0x5) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000300)}, 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x240000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20002000) ioctl$KVM_CREATE_VM(r9, 0x5761, 0x2000001c) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x301040, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r13, 0x4008ae61, &(0x7f0000000240)={0x200002f}) ioctl$KVM_CHECK_EXTENSION_VM(r11, 0xae03, 0x4000000000009) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x7, 0x4, &(0x7f0000000200)=0x8}) 43m3.539707353s ago: executing program 3 (id=19): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000180)={0x80000000, 0x6000, 0x0, 0xffffffffffffffff, 0xf}) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r7, 0x4, 0x100) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110206, 0x0}) r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) (async) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION2(r10, 0x40a0ae49, 0x0) (async) r12 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000a67000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async) r13 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0x4000000, [0x23e, 0x9, 0x2, 0x0, 0x1]}}, @irq_setup={0x46, 0x18, {0x2, 0x3af}}, @hvc={0x32, 0x40, {0x84000006, [0x1, 0x28, 0x8, 0x814, 0xf]}}, @msr={0x14, 0x20, {0x603000000013def0, 0x100000000}}, @mrs={0xbe, 0x18, {0x603000000013debc}}, @irq_setup={0x46, 0x18, {0x2, 0x266}}, @msr={0x14, 0x20, {0x603000000013deaa, 0x4}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x262}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013e101}}, @code={0xa, 0x9c, {"000028d50000c06d007008d5c0b18cd200c0b0f2e10180d2820080d2e30080d2a40080d2020000d4a00d98d20000b0f2610180d2e20080d2630180d2040180d2020000d4408b99d20020b0f2410080d2620080d2c30080d2c40080d2020000d420a698d20040b8f2c10180d2420180d2c30080d2240080d2020000d4007008d50000421e007008d5"}}, @uexit={0x0, 0x18, 0x6}, @msr={0x14, 0x20, {0x603000000013df7d, 0xfe9b}}, @uexit={0x0, 0x18, 0x62c}, @code={0xa, 0x84, {"009c007f0058284e403587d20020b0f2a10180d2420180d2430080d2440080d2020000d4000c803880f19cd200e0b8f2e10180d2a20080d2e30180d2440180d2020000d4000008d560d898d200a0b8f2810180d2c20180d2e30180d2040080d2020000d40300a0d4007008d5008008d5"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x1, 0xa}}, @code={0xa, 0x84, {"a01399d200a0b0f2c10080d2a20080d2630180d2440180d2020000d4000028d5000028d5000000fa0000002d804385d20040b0f2610180d2420180d2430180d2440080d2020000d4a0b985d200a0b8f2c10180d2e20080d2430080d2e40180d2020000d4007008d50040251e007008d5"}}, @code={0xa, 0x9c, {"a07e8bd200e0b0f2810180d2e20180d2430080d2840180d2020000d400c8307e000028d50074002f209f98d200c0b8f2210080d2820080d2630080d2840180d2020000d4e09e92d20040b8f2010080d2c20080d2630080d2e40180d2020000d4c03980d200a0b0f2410080d2820080d2630180d2240080d2020000d400e0ff0d000400fc0004002f"}}, @msr={0x14, 0x20, {0x603000000013de91, 0x7}}, @svc={0x122, 0x40, {0x0, [0xfffffffffffffff9, 0xff, 0x1, 0x4, 0xfff]}}, @irq_setup={0x46, 0x18, {0x2, 0x2b7}}, @eret={0xe6, 0x18, 0xffffffffb82d8e05}, @code={0xa, 0xb4, {"e05585d20040b0f2410180d2020180d2e30180d2440180d2020000d4007008d560b38ad200e0b0f2610180d2220080d2c30180d2a40180d2020000d4401392d200a0b0f2210180d2220180d2e30080d2440080d2020000d4000008d50000206a007008d5a0b09ed200e0b0f2810180d2220180d2c30080d2a40180d2020000d4404e83d20000b0f2e10180d2820180d2a30080d2c40080d2020000d4007008d5"}}, @uexit={0x0, 0x18, 0x10}, @svc={0x122, 0x40, {0x100, [0x3, 0x10, 0xfff, 0x6, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013e6d7}}, @hvc={0x32, 0x40, {0x100, [0xaea6, 0x3ff, 0x3, 0x2, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013df4d}}, @mrs={0xbe, 0x18, {0x603000000013c108}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0xc, 0x54, 0x8, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x6000, 0xfe1, 0x7fffffff, 0x5}}], 0x69c}, &(0x7f0000000800)=[@featur2={0x1, 0x88}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000980)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000940)={0x4, 0x0, 0x2}}) (async) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c10a, &(0x7f0000000840)}) (async) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000008c0)={0x0, &(0x7f0000000880)=[@memwrite={0x6e, 0x30, @generic={0xc000, 0x124, 0x1, 0x6}}], 0x30}, &(0x7f0000000900)=[@featur2={0x1, 0xa2da64f5c6c6f7fd}], 0x1) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x7fffffff, 0x9, &(0x7f0000000000)=0x111d8861}) 42m43.367172505s ago: executing program 3 (id=21): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x0, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 42m25.849462264s ago: executing program 3 (id=23): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000006c0)=[@hvc={0x32, 0x40, {0xc5000021, [0xfffffffffffffde5, 0x3ff, 0x1, 0x7, 0x9]}}], 0x40}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100014, &(0x7f0000000000)=0x8}) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 42m10.824566892s ago: executing program 3 (id=24): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r4, 0x2, 0x0) close(r4) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000140)=0x80000001}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10}) r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2c) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010002a, 0x0}) 41m19.087640449s ago: executing program 34 (id=24): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r4, 0x2, 0x0) close(r4) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000140)=0x80000001}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x2, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x88, &(0x7f0000000000)=0x10}) r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2c) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010002a, 0x0}) 20m47.523036118s ago: executing program 4 (id=122): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = eventfd2(0xffff10c0, 0x0) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x0, r4}) r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x1, 0x2, 0x0}) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) 20m29.487981025s ago: executing program 4 (id=123): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x800, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x603000000010004a, &(0x7f0000000000)=0x7f1}) ioctl$KVM_CREATE_VM(r0, 0x401c5820, 0x20000000) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000180)=0xa53) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[], 0x80}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CAP_ARM_MTE(r2, 0x4068aea3, &(0x7f00000000c0)) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, 0xffffffffffffffff) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x95) 20m11.808597225s ago: executing program 4 (id=125): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bc2000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f00000000c0)=0x5}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 19m53.417592196s ago: executing program 4 (id=127): mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000040)={0x10101, 0x10001}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x8924, 0x110c23000a) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000002000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x9}) r8 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 19m25.008120769s ago: executing program 4 (id=129): ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000000)={0x5, 0x0, &(0x7f0000ffd000/0x2000)=nil}) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x26) r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000080)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0xaa34, 0xfffffffd}}) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000100)=@arm64_ccsidr={0x602000000011000a, &(0x7f00000000c0)=0x30e}) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0xcb, 0xff, &(0x7f0000000140)=0x6}) ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f00000001c0)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_SREGS(r2, 0x4000ae84, &(0x7f0000000240)={{0x80a0000, 0xe000, 0x8, 0x0, 0x1, 0xf8, 0xc, 0x4, 0x4, 0x2, 0x3, 0x10}, {0xeeef0000, 0x7000, 0xb, 0x8, 0xa, 0x4, 0x3, 0x69, 0x2, 0x2, 0x80, 0x5}, {0x30000, 0x50000, 0xb, 0x6, 0x0, 0x9, 0x2, 0x9, 0x12, 0x1, 0x3, 0x44}, {0x10000, 0xffff1000, 0x3, 0xf, 0x7, 0x5, 0x0, 0xf4, 0x5, 0x3, 0x0, 0xf8}, {0x26000, 0xfec00000, 0x4, 0x8, 0x81, 0xdc, 0xff, 0x2, 0x8, 0x1, 0x9}, {0xa000, 0x80ef000, 0xe, 0x5, 0x4, 0x0, 0x4, 0x3, 0x4, 0x4, 0xd8, 0x4}, {0xdddd1000, 0x1a000, 0x9, 0x8, 0x40, 0xff, 0x1, 0xff, 0x2, 0xff, 0x1, 0x3}, {0x13e000, 0xe000, 0x5, 0x0, 0x1, 0x5, 0x8d, 0x34, 0x0, 0x1c, 0x25, 0x5}, {0x0, 0xfb5c}, {0xeeef0000, 0xda}, 0x6004000b, 0x0, 0xa000, 0x22680, 0x2, 0x400, 0xa000, [0x8000000000000000, 0x2, 0x4, 0x1]}) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) r5 = syz_kvm_vgic_v3_setup(r1, 0x0, 0x300) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000003c0)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000380)=0x6}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fe, 0x4, 0x7000, 0x2000, &(0x7f0000ea4000/0x2000)=nil}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000440)={0x40000, 0x1000}) syz_kvm_vgic_v3_setup(r4, 0x2, 0x100) syz_kvm_vgic_v3_setup(r1, 0x3, 0x100) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000480)={0xdf, 0x0, 0xc000}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x180, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x9) r7 = mmap$KVM_VCPU(&(0x7f0000ca8000/0x4000)=nil, 0x0, 0x4, 0x10, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000540)="8a8fa47f13d3e1cea64977a15765ba77c732780f29b1a100c64f9019bb4bc37687e7032a8814b51b256bf88d0631798bdfeca7d2f200e643ce3a534b4078c0a598b9e4f720d557d3", 0x0, 0x48) ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f00000005c0)) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000a00)={0x0, &(0x7f0000000640)=[@eret={0xe6, 0x18, 0x8000000000000000}, @irq_setup={0x46, 0x18, {0x1, 0x184}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x34f}}, @mrs={0xbe, 0x18, {0x603000000013df72}}, @code={0xa, 0x84, {"0068217e000d94d200a0b8f2810180d2420080d2630080d2840180d2020000d4003c0013007008d50004000f007008d5000040f9c07b95d20020b8f2610080d2a20080d2430080d2640080d2020000d4c0ca97d20080b0f2e10080d2420080d2c30080d2c40180d2020000d4007008d5"}}, @msr={0x14, 0x20, {0x6030000000138006, 0x566}}, @svc={0x122, 0x40, {0x31000000, [0x8, 0x68ff69de, 0x1, 0x100000000, 0x8]}}, @smc={0x1e, 0x40, {0x80008000, [0x3ff, 0x3, 0x8, 0x4, 0x8]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x12f}}, @uexit={0x0, 0x18, 0x8000000000000001}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x8, 0xc}}, @code={0xa, 0x84, {"40a494d200a0b8f2610080d2420080d2030080d2e40080d2020000d480b285d200a0b0f2610080d2a20080d2430080d2040180d2020000d4000000100000202a0038000e000028d5403484d20060b0f2610180d2020080d2c30180d2440180d2020000d4007008d5007008d5007008d5"}}, @hvc={0x32, 0x40, {0x80007fff, [0xffff, 0x8, 0xe06a, 0xfffffffffffffff8, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013e6de}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0xe, 0x2, 0xfffff800, 0x4}}, @irq_setup={0x46, 0x18, {0x3, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x1, 0x8, 0x9, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x2f1}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1e4}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x7, 0x5, 0x252, 0x1}}], 0x3b0}, &(0x7f0000000a40)=[@featur2], 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r8, 0x4, 0x100010, r9, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000a80)={0x9, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x202840, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000b40)=@attr_other={0x0, 0x7, 0x7, &(0x7f0000000b00)=0x4621a53b}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 19m14.926032937s ago: executing program 4 (id=131): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x183001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f00000002c0)={0x200}) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) 18m27.922861686s ago: executing program 35 (id=131): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x183001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r4, 0x4010aeb5, &(0x7f00000002c0)={0x200}) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) 16m58.483986678s ago: executing program 2 (id=139): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a) ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) r2 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x11, r2, 0x0) ioctl$KVM_CREATE_VM(r0, 0x80087601, 0x0) 16m49.904332454s ago: executing program 2 (id=140): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0x541b, 0x1) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0x801c581f, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4360ae82, &(0x7f00000000c0)={[0xa9, 0x2, 0x3, 0x401, 0x1, 0x2, 0xffffffffffff6eab, 0x1, 0x8, 0x9, 0x5, 0x7f, 0x0, 0x4, 0x0, 0x2], 0x10000, 0x40}) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, r8, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000540)={0x0, 0x0}, &(0x7f00000001c0)=[@featur2={0x1, 0x10}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r12, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) 16m32.427332868s ago: executing program 2 (id=141): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2c0b80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r4, 0x1}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r4, 0x3}) mmap$KVM_VCPU(&(0x7f0000842000/0x1000)=nil, 0x930, 0x1000005, 0x5c1fd1b6164b3f1, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x1, r4, 0xf}) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x86000001, [0x1, 0x401, 0x5, 0x1, 0x2]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 16m21.236097111s ago: executing program 2 (id=142): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x17) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000c03000/0x3000)=nil, r4, 0x3, 0x12, r5, 0x0) r6 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce5, 0x7fff}}, @msr={0x14, 0x20, {0x603000000013dce8, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) 16m6.614730239s ago: executing program 2 (id=143): r0 = openat$kvm(0x0, &(0x7f0000000040), 0xe0000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0xa1}], 0x1) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r6 = ioctl$KVM_CREATE_VM(r5, 0x894c, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0x8004b707, 0x0) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000003, [0x5, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) 15m50.710501179s ago: executing program 2 (id=144): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013c006}}, @hvc={0x32, 0x40, {0xc4000005, [0x7fffffffffffffff, 0x80, 0x0, 0xb, 0x5]}}, @uexit={0x0, 0x18, 0xfffffffffffffff9}], 0x70}], 0x1, 0x0, &(0x7f0000000280)=[@featur2={0x1, 0x30}], 0x1) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r9, 0x4018aee2, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0xeffaa89edee5ef88, 0x0}) r10 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 15m1.442260466s ago: executing program 36 (id=144): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000240)=[{0x0, &(0x7f0000000180)=[@mrs={0xbe, 0x18, {0x603000000013c006}}, @hvc={0x32, 0x40, {0xc4000005, [0x7fffffffffffffff, 0x80, 0x0, 0xb, 0x5]}}, @uexit={0x0, 0x18, 0xfffffffffffffff9}], 0x70}], 0x1, 0x0, &(0x7f0000000280)=[@featur2={0x1, 0x30}], 0x1) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r9, 0x4018aee2, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0xeffaa89edee5ef88, 0x0}) r10 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 3m16.360137787s ago: executing program 6 (id=164): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000bf3000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur2={0x1, 0x90}], 0x11e) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_ccsidr={0x6020000000110004, &(0x7f0000000200)=0xfffffffffffffffc}) r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f0000000540)=[@irq_setup={0x46, 0x18, {0x4, 0x341}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x7, 0x7ff, 0x1, 0x2}}, @hvc={0x32, 0x40, {0xc5000021, [0x3, 0x100000000, 0x10000, 0x400, 0x4]}}, @svc={0x122, 0x40, {0xc4000014, [0x8000000000000000, 0xf, 0x6, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013801e}}, @svc={0x122, 0x40, {0xc4000014, [0xa, 0x7ff, 0xd, 0x3, 0x3]}}, @hvc={0x32, 0x40, {0x80000000, [0x10000, 0x5, 0x6, 0x100, 0x8]}}, @smc={0x1e, 0x40, {0x32000000, [0x72c, 0x9, 0xe4c, 0x7, 0xfffffffffffffffa]}}, @eret={0xe6, 0x18, 0x6}, @code={0xa, 0x84, {"0054200e0000df0d803493d20000b0f2410180d2e20180d2c30080d2a40080d2020000d4007008d5209190d20040b0f2e10180d2c20080d2430080d2440180d2020000d40000e00d0068200ec0f49cd20000b0f2410080d2620080d2c30080d2240080d2020000d4000008d500a4202e"}}, @mrs={0xbe, 0x18, {0x603000000013801c}}], 0x24c}, &(0x7f0000000140)=[@featur1={0x1, 0x92}], 0x1) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xe6) openat$kvm(0x0, &(0x7f0000000080), 0x202501, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0x801c581f, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r7, 0x400000c, 0x30, r4, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r7, 0xf, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2e) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x9}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r9, 0x4068aea3, &(0x7f00000001c0)={0xdf, 0x0, 0x8000}) 2m33.579651815s ago: executing program 6 (id=166): openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x0, 0xf000, 0x1, 0xffffffffffffffff, 0x20}) 2m33.579079015s ago: executing program 5 (id=167): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f0000000000)={[0xf9e, 0xb, 0x5, 0x1, 0x1ff, 0x5, 0xfffffffffffffffe, 0x9, 0x9, 0x0, 0xca8d, 0x0, 0x1, 0x100, 0x101, 0x27de], 0xeeee0000}) (async) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f00000000c0)={{0xd000, 0x26000, 0x4, 0x8, 0x8, 0x4, 0x1, 0x4, 0x7, 0x81, 0xf2, 0x9}, {0xdddd1000, 0x80a0000, 0xa, 0xda, 0x6, 0x40, 0xc, 0x9, 0x1, 0x81, 0x8, 0x3}, {0xe000, 0x4, 0x3, 0xf1, 0x7, 0xa, 0x7, 0x8, 0x6, 0x4, 0x8, 0xb}, {0x25000, 0xeeee8000, 0x1c7536c9cd91d925, 0x0, 0x8, 0x81, 0x0, 0xac, 0x66, 0x3, 0x4, 0xf8}, {0xffffffff, 0x2000, 0x10, 0x1, 0xa, 0x4, 0x5, 0x4b, 0x6, 0x8, 0x7, 0x10}, {0x8080000, 0x7000, 0xd, 0x10, 0x6, 0x1c, 0x8, 0xf, 0x1, 0x6, 0x5, 0x1d}, {0x40000, 0xffff1000, 0xa, 0x3, 0x1, 0xc6, 0x2, 0x4, 0x6c, 0x25, 0x3, 0xc}, {0xe000, 0xfec00000, 0x10, 0x5, 0x6, 0x4, 0x7f, 0x2, 0x93, 0xab, 0x6, 0x7}, {0xf000}, {0x200000, 0x4}, 0x6, 0x0, 0x80a0000, 0x102180, 0x6, 0x8101, 0x60000, [0x1, 0x9, 0x7f, 0x4]}) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000200)=@arm64) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f0000000240)={0xe4, 0x0, 0x1}) (async) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_GET_REGS(r1, 0x8360ae81, &(0x7f00000002c0)) (async) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000380)=0x4) (async) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000400)=@riscv64_sbi_fwft={0x803000000a010000, &(0x7f00000003c0)}) (async) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000440)={0x6, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000004c0)=@attr_other={0x0, 0x1c3f, 0x9, &(0x7f0000000480)=0x5}) (async) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000500)={0x3, 0x7e5}) (async) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x1ff) (async) ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, &(0x7f0000000540)={0x0, 0x82}) (async) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r3, 0x0, 0x8010, r1, 0x0) (async) syz_kvm_vgic_v3_setup(r0, 0x2, 0x200) openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x400000, 0x0) (async) ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f00000005c0)) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000600)="e59e515b408a8b7d51b7cd8ffca6756d70240ef274000499d402a9dda3ea5f16fc4e4df68a2fcf1bde7ad7c29ed49417a4bd8063cefb8a55cdcd23d39de5cfbbd05d8fbba7a76390", 0x0, 0x48) r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r3, 0xf, 0x10, r5, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_GET_REG_LIST(r6, 0xc008aeb0, &(0x7f00000006c0)={0x1, [0x6]}) (async) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000cc0)={0x0, &(0x7f0000000700)=[@uexit={0x0, 0x18, 0x80000000}, @irq_setup={0x46, 0x18, {0x2, 0x33}}, @uexit={0x0, 0x18, 0x8a}, @svc={0x122, 0x40, {0x86000001, [0x9, 0x3fd2af62, 0x7, 0x6]}}, @svc={0x122, 0x40, {0x84000051, [0x8a, 0x4, 0x401, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0x3, 0x6f, 0x1, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c012}}, @hvc={0x32, 0x40, {0x19, [0x8, 0xddf, 0x943, 0x3, 0xb50]}}, @svc={0x122, 0x40, {0x80003fff, [0x0, 0x7, 0x6, 0x6631cfcc, 0x8]}}, @code={0xa, 0x3c, {"007008d5008008d5000008d5007008d500c0202e008008d5000008d50000261e0048214e00008092"}}, @svc={0x122, 0x40, {0x8400000a, [0x5, 0x2, 0x401, 0x1, 0x4]}}, @hvc={0x32, 0x40, {0xc400000d, [0x9, 0x0, 0x7, 0xc00000000, 0x4]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0xa}}, @irq_setup={0x46, 0x18, {0x2, 0x5d}}, @msr={0x14, 0x20, {0x603000000013c648, 0x2}}, @eret={0xe6, 0x18, 0x9}, @hvc={0x32, 0x40, {0x80, [0x7, 0xa56, 0x800, 0xd45, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013deaf}}, @hvc={0x32, 0x40, {0x40, [0x7fffffffffffffff, 0x5, 0x8, 0x2, 0xfffffffffffffff7]}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x1, 0x3, 0x7, 0x2, 0x0, 0x1}}, @code={0xa, 0x84, {"007008d50000691e0000309e00809f0d408b84d20040b0f2010180d2420180d2e30080d2a40180d2020000d4000028d50000201fc06d8ed20060b0f2c10080d2620080d2c30080d2040180d2020000d4007008d5c0c399d20080b8f2610080d2a20080d2430080d2040180d2020000d4"}}, @code={0xa, 0x84, {"000008d500c0231e00269ed20020b0f2810080d2220180d2630180d2840180d2020000d4008008d5007008d50040800c203c9cd20040b8f2010080d2820180d2230080d2240080d2020000d4007008d5a05c92d200e0b8f2e10180d2020080d2e30180d2640180d2020000d40004201e"}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0xd, 0x2, 0x58d, 0x4}}, @hvc={0x32, 0x40, {0x84000005, [0x4, 0x0, 0x3, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013df6e}}, @mrs={0xbe, 0x18, {0x603000000013f200}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x0, 0xe, 0x1, 0xfffffff7, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x4, 0xb, 0x5, 0x0, 0x3}}, @smc={0x1e, 0x40, {0x80000000, [0x0, 0x6, 0x2ac3, 0x3, 0x6]}}], 0x5ac}, &(0x7f0000000d00)=[@featur1={0x1, 0x72}], 0x1) ioctl$KVM_SET_SIGNAL_MASK(r7, 0x4004ae8b, &(0x7f0000000d40)={0xcf, "120f5e3bc831ecf1e4cd4e40befd4126a11d4d987188f7351fc4382fb6189fcb4afa90831571e13e27d107d94eb25df37bc1b1faf3f8c9afd6057930fd12fbed99105c611f6e698cd4f6ccf7634030421ca141b77e28664fdc65401e36f8bacd95529f71a1f165f38bbbc7c3f2355bb78591128dd12506c17cae031d373a2611aee800d8984e6ebc3c9b06b55573406aaad3cc130037aac788af7e4580864e9b708d0005e1d170a2f2b07ffa42f3722cfa54efe8549db9cbc6ddc56a630e4105a2480edbfbf63df26d4870ae51afbe"}) ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000000e40)={[0x8, 0x3, 0x0, 0x6, 0xe, 0x2, 0x4, 0x7, 0x5, 0x0, 0x8000, 0x0, 0x1000, 0xffffffffffff13ff, 0x3ff, 0xcbb5], 0x9000, 0x2}) (async) ioctl$KVM_CAP_PTP_KVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000f00)) 2m19.006819886s ago: executing program 5 (id=168): openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b}) 2m8.718743734s ago: executing program 6 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x40) (async, rerun: 64) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0xa) (async) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece) openat$kvm(0xffffffffffffff9c, 0x0, 0x8001, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="5af600f6b34e08c180f948c13e2727ba279cacc033d6bd28118e0e1e50390ff2f8a1aa8366bb4c33115d61c97d9387dac1b147ed1b515c14bcb89051301caef704371680ab057973", 0x0, 0x48) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) (async, rerun: 64) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r9 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) close(r8) (async, rerun: 64) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async, rerun: 64) r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) (async) ioctl$KVM_SET_USER_MEMORY_REGION2(r11, 0x40a0ae49, 0x0) (async) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000a67000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f0000000080)=@arm64_sys={0x603000000013c807}) (async) close(0x4) (async, rerun: 32) close(0x5) (async, rerun: 32) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r11, 0x4010ae42, 0x0) 1m58.755853639s ago: executing program 5 (id=170): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000040)={0x1fd, 0x2, 0xffff1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x1ff}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x701480, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000180)="f30138dd56bf00e2004b584bd92e00000f00000000000100010000020000000083f402000000235acbd98700000000000200", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x40305839, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x100000000000000, 0x0}) r10 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1m50.514687622s ago: executing program 6 (id=171): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000b80)=[@its_setup={0x82, 0x28, {0x4, 0x4, 0x340}}, @irq_setup={0x46, 0x18, {0x2, 0x165}}, @svc={0x122, 0x4, {0x20, [0xd3f7, 0x0, 0x100000001, 0x9add, 0x9]}}, @code={0xa, 0x84, {"0020400ca01998d20040b0f2610080d2e20080d2230080d2c40180d2020000d440ac86d200a0b0f2a10080d2620080d2030080d2440180d2020000d4007008d5a0e382d200e0b8f2a10080d2820180d2630180d2240080d2020000d400f8a12e008008d500682038007008d5007008d5"}}, @hvc={0x32, 0x40, {0x31000000, [0x8000000000000001, 0x3, 0x8000000000000001, 0x3]}}, @smc={0x1e, 0x40, {0x5000000, [0x301, 0x4, 0x6, 0x0, 0x9]}}, @svc={0x122, 0x40, {0x86000001, [0xffffffffffffff00, 0x8, 0x0, 0x7, 0x800000000]}}, @code={0xa, 0x84, {"00ab9ad20080b8f2c10080d2020180d2e30080d2e40180d2020000d4008008d500000028007008d500c88fd20020b0f2c10180d2c20180d2830080d2640180d2020000d4001ca00e00808088007008d50068214ea0499ed200c0b8f2410180d2e20080d2e30180d2040080d2020000d4"}}, @irq_setup={0x46, 0x18, {0x0, 0x26c}}, @mrs={0xbe, 0x18, {0x603000000013c804}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x300, 0xe1d5, 0x5}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x116}}, @irq_setup={0x46, 0x18, {0x1001, 0x254}}, @smc={0x1e, 0x40, {0x1, [0x101, 0xc7b, 0x6, 0x258392e2, 0x9]}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x252}}, @hvc={0x32, 0x40, {0x84000011, [0x80000000, 0xbb, 0xdb94, 0x3, 0xe8]}}, @eret={0xe6, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x2, 0x126}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x10040, 0x80000000d9fb, 0x5}}, @hvc={0x32, 0x40, {0x84000001, [0x2, 0x36, 0x1, 0xfff, 0xfffffffffffff053]}}, @mrs={0xbe, 0x18, {0x603000000013c804}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x2, 0x5, 0x0, 0x3, 0x3}}, @hvc={0x32, 0x40, {0x84000005, [0x9, 0x5, 0x2, 0x10005d88afe0000, 0x2]}}], 0x4b0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df12, &(0x7f0000000000)=0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) r8 = eventfd2(0x6f, 0x0) write$eventfd(r8, &(0x7f0000000080)=0x49f3, 0x8) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 1m29.872573803s ago: executing program 5 (id=172): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xd) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000000)={0x2, 0xe49d}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000140)={0x2710, 0x4, 0x41000, 0x1000, &(0x7f0000e8e000/0x1000)=nil, 0x53e9, r2}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_sve={0x6080000000150439, 0x0}) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2) r7 = syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, &(0x7f0000000380)=0x40000000000495}) 1m24.696863769s ago: executing program 6 (id=173): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000178000/0x400000)=nil) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000540)=[@eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x84000002, [0x9, 0x6, 0x2, 0x4cf, 0x10000]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0x31, 0xb}}, @msr={0x14, 0x20, {0x603000000013e5ce, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x365}}, @code={0xa, 0x84, {"0024c01a609f90d20020b0f2e10180d2c20080d2e30080d2440080d2020000d4000440fc007008d5007008d500d8a10e007008d5006a89d200a0b0f2e10080d2e20180d2c30080d2840080d2020000d4007008d540828ad20060b0f2c10180d2c20080d2030180d2840080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0xa, 0x9, 0x1, 0x2}}, @svc={0x122, 0x40, {0x84000012, [0xe, 0xa820, 0x41, 0x0, 0x74]}}, @uexit={0x0, 0x18, 0x7}, @smc={0x1e, 0x40, {0x5000000, [0x4, 0x1, 0x3, 0x2, 0x7]}}, @hvc={0x32, 0x40, {0xc400000e, [0xfffffffffffffffd, 0xe, 0x0, 0x10000, 0x6]}}, @hvc={0x32, 0x40, {0x84000009, [0x7, 0x8869, 0xffffffff80000000, 0x4, 0x3]}}, @svc={0x122, 0x40, {0x80000001, [0x8, 0x80000000, 0x8001, 0x3, 0x7f]}}, @irq_setup={0x46, 0x18, {0x0, 0x38d}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x31f}}], 0x314}, &(0x7f00000000c0)=[@featur2={0x1, 0x2}], 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x2710, 0x1, 0x10000, 0x2000, &(0x7f0000000000/0x2000)=nil}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 1m8.690252901s ago: executing program 5 (id=174): openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b}) 1m4.258508975s ago: executing program 6 (id=175): r0 = openat$kvm(0x0, &(0x7f0000000340), 0x357a02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000240)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x9, 0x6a23, 0x1}}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8840, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c) r6 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1b) ioctl$KVM_RUN(r3, 0xae80, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34) r10 = ioctl$KVM_CREATE_GUEST_MEMFD(r9, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x1000, &(0x7f0000eb0000/0x1000)=nil, 0x100000000000000, r10}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3, 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r14, 0x4030582b, 0x0) r15 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1) r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000e8d000/0x3000)=nil, 0x0, 0x1, 0x11, r16, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x8001, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 52.885850339s ago: executing program 5 (id=176): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x4, 0x1e7}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000}) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000000)={0xe1, 0x300}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2c) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000200), 0x220400, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000180)="f3011813013c36000000004ee28398f8964346cbd98700000001908b9463d139887a01002e25000000000000ffff00", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, 0x0) r16 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil) 15.83397628s ago: executing program 37 (id=175): r0 = openat$kvm(0x0, &(0x7f0000000340), 0x357a02, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000240)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x9, 0x6a23, 0x1}}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8840, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0x80111500, 0x20000000) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CREATE_VM(r5, 0x5760, 0x2000001c) r6 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1b) ioctl$KVM_RUN(r3, 0xae80, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x34) r10 = ioctl$KVM_CREATE_GUEST_MEMFD(r9, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0x1000, &(0x7f0000eb0000/0x1000)=nil, 0x100000000000000, r10}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x3, 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r14, 0x4030582b, 0x0) r15 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x1) r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000e8d000/0x3000)=nil, 0x0, 0x1, 0x11, r16, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x8001, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 38 (id=176): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x4, 0x1e7}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000}) ioctl$KVM_CAP_HALT_POLL(r4, 0x4068aea3, &(0x7f0000000000)={0xe1, 0x300}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2c) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000200), 0x220400, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000180)="f3011813013c36000000004ee28398f8964346cbd98700000001908b9463d139887a01002e25000000000000ffff00", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x40305839, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, 0x0) r16 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil) kernel console output (not intermixed with test programs): [ 491.115454][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:15274' (ED25519) to the list of known hosts. [ 711.599833][ T25] audit: type=1400 audit(710.760:60): avc: denied { name_bind } for pid=3332 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 713.408609][ T25] audit: type=1400 audit(712.590:61): avc: denied { execute } for pid=3333 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 713.432003][ T25] audit: type=1400 audit(712.610:62): avc: denied { execute_no_trans } for pid=3333 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 740.129003][ T25] audit: type=1400 audit(739.310:63): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 740.189895][ T25] audit: type=1400 audit(739.360:64): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 740.288313][ T3333] cgroup: Unknown subsys name 'net' [ 740.369082][ T25] audit: type=1400 audit(739.550:65): avc: denied { unmount } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 740.937367][ T3333] cgroup: Unknown subsys name 'cpuset' [ 741.100046][ T3333] cgroup: Unknown subsys name 'rlimit' [ 742.195901][ T25] audit: type=1400 audit(741.370:66): avc: denied { setattr } for pid=3333 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 742.225661][ T25] audit: type=1400 audit(741.390:67): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 742.240791][ T25] audit: type=1400 audit(741.420:68): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 743.431535][ T3337] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 743.458632][ T25] audit: type=1400 audit(742.630:69): avc: denied { relabelto } for pid=3337 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 743.488744][ T25] audit: type=1400 audit(742.670:70): avc: denied { write } for pid=3337 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 743.700229][ T25] audit: type=1400 audit(742.880:71): avc: denied { read } for pid=3333 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 743.720574][ T25] audit: type=1400 audit(742.900:72): avc: denied { open } for pid=3333 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 743.771420][ T3333] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 806.150439][ T25] audit: type=1400 audit(805.330:73): avc: denied { execmem } for pid=3338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 810.468212][ T25] audit: type=1400 audit(809.650:74): avc: denied { read } for pid=3340 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 810.496121][ T25] audit: type=1400 audit(809.660:75): avc: denied { open } for pid=3340 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 810.577415][ T25] audit: type=1400 audit(809.740:76): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 810.831717][ T25] audit: type=1400 audit(810.010:77): avc: denied { module_request } for pid=3340 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 810.880515][ T25] audit: type=1400 audit(810.060:78): avc: denied { module_request } for pid=3341 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 811.976189][ T25] audit: type=1400 audit(811.150:79): avc: denied { sys_module } for pid=3340 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 843.689047][ T3341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 843.996422][ T3341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 844.070620][ T3340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 844.547098][ T3340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 857.335621][ T3341] hsr_slave_0: entered promiscuous mode [ 857.365788][ T3341] hsr_slave_1: entered promiscuous mode [ 858.452165][ T3340] hsr_slave_0: entered promiscuous mode [ 858.507709][ T3340] hsr_slave_1: entered promiscuous mode [ 858.532583][ T3340] debugfs: 'hsr0' already exists in 'hsr' [ 858.555727][ T3340] Cannot create hsr debugfs directory [ 869.602077][ T25] audit: type=1400 audit(868.770:80): avc: denied { create } for pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 869.656082][ T25] audit: type=1400 audit(868.830:81): avc: denied { write } for pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 869.737962][ T25] audit: type=1400 audit(868.920:82): avc: denied { read } for pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 869.906842][ T3341] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 870.298450][ T3341] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 870.655522][ T3341] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 871.208941][ T3341] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 872.820795][ T3340] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 872.951211][ T3340] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 873.167185][ T3340] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 873.388512][ T3340] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 890.808692][ T3341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 893.340171][ T3340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 960.222387][ T3341] veth0_vlan: entered promiscuous mode [ 961.118240][ T3341] veth1_vlan: entered promiscuous mode [ 963.727789][ T3340] veth0_vlan: entered promiscuous mode [ 965.150105][ T3340] veth1_vlan: entered promiscuous mode [ 965.547098][ T3341] veth0_macvtap: entered promiscuous mode [ 966.263624][ T3341] veth1_macvtap: entered promiscuous mode [ 969.519955][ T3340] veth0_macvtap: entered promiscuous mode [ 970.147250][ T2153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.279944][ T2153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.285308][ T2153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.300937][ T2153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 970.426247][ T3340] veth1_macvtap: entered promiscuous mode [ 973.489689][ T25] audit: type=1400 audit(972.590:83): avc: denied { mount } for pid=3341 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 973.775763][ T25] audit: type=1400 audit(972.840:84): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/syzkaller.I22Om0/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 973.942571][ T25] audit: type=1400 audit(973.080:85): avc: denied { mount } for pid=3341 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 974.037520][ T32] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.064828][ T3425] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.068734][ T3425] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.084850][ T3425] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.415217][ T25] audit: type=1400 audit(973.590:86): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/syzkaller.I22Om0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 974.645123][ T25] audit: type=1400 audit(973.820:87): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/syzkaller.I22Om0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 975.687087][ T25] audit: type=1400 audit(974.840:88): avc: denied { unmount } for pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 975.910056][ T25] audit: type=1400 audit(975.020:89): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 976.100103][ T25] audit: type=1400 audit(975.280:90): avc: denied { mount } for pid=3341 comm="syz-executor" name="/" dev="gadgetfs" ino=3794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 976.460850][ T25] audit: type=1400 audit(975.640:91): avc: denied { mount } for pid=3341 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 976.790157][ T25] audit: type=1400 audit(975.750:92): avc: denied { mounton } for pid=3341 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 977.857495][ T3341] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 979.235891][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 979.251369][ T25] audit: type=1400 audit(978.310:94): avc: denied { read write } for pid=3341 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 979.265991][ T25] audit: type=1400 audit(978.420:95): avc: denied { open } for pid=3341 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 979.356577][ T25] audit: type=1400 audit(978.510:96): avc: denied { ioctl } for pid=3341 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 989.489115][ T25] audit: type=1400 audit(988.620:97): avc: denied { read } for pid=3494 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 989.538962][ T25] audit: type=1400 audit(988.720:98): avc: denied { open } for pid=3494 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 990.288047][ T25] audit: type=1400 audit(989.450:99): avc: denied { ioctl } for pid=3494 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 992.748496][ T25] audit: type=1400 audit(991.930:100): avc: denied { write } for pid=3496 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 993.735100][ T25] audit: type=1400 audit(992.910:101): avc: denied { map } for pid=3496 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 993.921467][ T25] audit: type=1400 audit(993.090:102): avc: denied { execute } for pid=3496 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1129.960523][ T3511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1130.418408][ T3511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1136.058982][ T3514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1136.381714][ T3514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1164.210513][ T3511] hsr_slave_0: entered promiscuous mode [ 1164.328408][ T3511] hsr_slave_1: entered promiscuous mode [ 1164.427003][ T3511] debugfs: 'hsr0' already exists in 'hsr' [ 1164.436797][ T3511] Cannot create hsr debugfs directory [ 1169.352043][ T3514] hsr_slave_0: entered promiscuous mode [ 1169.418407][ T3514] hsr_slave_1: entered promiscuous mode [ 1169.446217][ T3514] debugfs: 'hsr0' already exists in 'hsr' [ 1169.454656][ T3514] Cannot create hsr debugfs directory [ 1185.309765][ T3511] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1186.147587][ T3511] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1186.937683][ T3511] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1187.690153][ T3511] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1195.368189][ T3514] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1195.789926][ T3514] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1196.537690][ T3514] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1197.157416][ T3514] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1230.802022][ T3511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1237.089362][ T3514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1302.862619][ T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1304.129135][ T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1305.399944][ T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.349733][ T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1331.768886][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1332.130054][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1332.275808][ T50] bond0 (unregistering): Released all slaves [ 1336.042460][ T50] hsr_slave_0: left promiscuous mode [ 1336.348516][ T50] hsr_slave_1: left promiscuous mode [ 1337.666761][ T50] veth1_macvtap: left promiscuous mode [ 1337.676113][ T50] veth0_macvtap: left promiscuous mode [ 1337.709206][ T50] veth1_vlan: left promiscuous mode [ 1337.728145][ T50] veth0_vlan: left promiscuous mode [ 1367.791840][ T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1369.826943][ T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1371.890533][ T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1373.580363][ T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1397.476220][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1397.749706][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1398.017496][ T50] bond0 (unregistering): Released all slaves [ 1400.969694][ T50] hsr_slave_0: left promiscuous mode [ 1401.240592][ T50] hsr_slave_1: left promiscuous mode [ 1402.276459][ T50] veth1_macvtap: left promiscuous mode [ 1402.280120][ T50] veth0_macvtap: left promiscuous mode [ 1402.308296][ T50] veth1_vlan: left promiscuous mode [ 1402.335497][ T50] veth0_vlan: left promiscuous mode [ 1446.175326][ T3511] veth0_vlan: entered promiscuous mode [ 1448.137838][ T3511] veth1_vlan: entered promiscuous mode [ 1449.856013][ T3514] veth0_vlan: entered promiscuous mode [ 1451.249514][ T3514] veth1_vlan: entered promiscuous mode [ 1454.428543][ T3511] veth0_macvtap: entered promiscuous mode [ 1455.305989][ T3511] veth1_macvtap: entered promiscuous mode [ 1457.261170][ T3514] veth0_macvtap: entered promiscuous mode [ 1458.311198][ T3514] veth1_macvtap: entered promiscuous mode [ 1461.288463][ T2153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.306495][ T3594] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.341349][ T3594] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1461.734044][ T2153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1463.880558][ T2153] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1464.041862][ T2153] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1464.074986][ T3383] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1464.076365][ T3383] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1483.286115][ T25] audit: type=1400 audit(1482.450:103): avc: denied { append } for pid=3699 comm="syz.2.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1518.976508][ T25] audit: type=1400 audit(1518.150:104): avc: denied { execute } for pid=3720 comm="syz.2.10" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=5738 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1570.665174][ T25] audit: type=1400 audit(1569.510:105): avc: denied { create } for pid=3751 comm="syz.2.16" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1718.991800][ T25] audit: type=1400 audit(1718.170:106): avc: denied { module_request } for pid=3821 comm="syz-executor" kmod="netdev-nr4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1731.598661][ T3425] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1734.389868][ T3425] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1736.937113][ T3425] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1739.056448][ T3425] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1771.534528][ T3425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1772.042384][ T3425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1772.568636][ T3425] bond0 (unregistering): Released all slaves [ 1775.469838][ T3425] hsr_slave_0: left promiscuous mode [ 1775.598208][ T3425] hsr_slave_1: left promiscuous mode [ 1777.060387][ T3425] veth1_macvtap: left promiscuous mode [ 1777.077876][ T3425] veth0_macvtap: left promiscuous mode [ 1777.089554][ T3425] veth1_vlan: left promiscuous mode [ 1777.135701][ T3425] veth0_vlan: left promiscuous mode [ 1899.260094][ T3821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1899.766256][ T3821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1904.906148][ T3915] kvm [3914]: Unsupported guest access at: eeef0000 [ 1904.906148][ T3915] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1947.365969][ T3821] hsr_slave_0: entered promiscuous mode [ 1947.550217][ T3821] hsr_slave_1: entered promiscuous mode [ 1975.038922][ T3821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1975.737521][ T3821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1976.361891][ T3821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1977.227822][ T3821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2022.046045][ T3821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2212.548023][ T3821] veth0_vlan: entered promiscuous mode [ 2213.988819][ T3821] veth1_vlan: entered promiscuous mode [ 2219.312283][ T3821] veth0_macvtap: entered promiscuous mode [ 2220.400474][ T3821] veth1_macvtap: entered promiscuous mode [ 2225.751025][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2225.897926][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2226.057688][ T4078] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2226.240076][ T4078] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2276.335908][ T25] audit: type=1400 audit(2275.390:107): avc: denied { map } for pid=4127 comm="syz.4.59" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=9321 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2276.354972][ T25] audit: type=1400 audit(2275.520:108): avc: denied { read } for pid=4127 comm="syz.4.59" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=9321 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 2802.820989][ T4365] kvm [4365]: Failed to find VMA for hva 0x20c01000 [ 2981.140055][ T25] audit: type=1400 audit(2980.260:109): avc: denied { setattr } for pid=4441 comm="syz.2.126" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3103.987708][ T43] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3106.121604][ T43] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3108.412655][ T43] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3110.542544][ T43] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3142.399425][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3143.006295][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3143.549775][ T43] bond0 (unregistering): Released all slaves [ 3146.861272][ T43] hsr_slave_0: left promiscuous mode [ 3147.088394][ T43] hsr_slave_1: left promiscuous mode [ 3148.214639][ T43] veth1_macvtap: left promiscuous mode [ 3148.231588][ T43] veth0_macvtap: left promiscuous mode [ 3148.256988][ T43] veth1_vlan: left promiscuous mode [ 3148.275860][ T43] veth0_vlan: left promiscuous mode [ 3271.775944][ T4471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3272.222180][ T4471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3322.491110][ T4511] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3325.441144][ T4511] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3328.559393][ T4511] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3330.036200][ T4471] hsr_slave_0: entered promiscuous mode [ 3330.131488][ T4471] hsr_slave_1: entered promiscuous mode [ 3331.068617][ T4511] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3363.319737][ T4511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3363.741645][ T4511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3363.956337][ T4511] bond0 (unregistering): Released all slaves [ 3366.265319][ T4511] hsr_slave_0: left promiscuous mode [ 3366.365839][ T4511] hsr_slave_1: left promiscuous mode [ 3367.095967][ T4511] veth1_macvtap: left promiscuous mode [ 3367.101433][ T4511] veth0_macvtap: left promiscuous mode [ 3367.126838][ T4511] veth1_vlan: left promiscuous mode [ 3367.131024][ T4511] veth0_vlan: left promiscuous mode [ 3404.300583][ T4471] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 3404.846953][ T4471] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 3405.275706][ T4471] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 3405.752428][ T4471] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 3441.279695][ T4471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3452.925530][ T4560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3453.408579][ T4560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3497.995985][ T4560] hsr_slave_0: entered promiscuous mode [ 3498.089125][ T4560] hsr_slave_1: entered promiscuous mode [ 3498.227901][ T4560] debugfs: 'hsr0' already exists in 'hsr' [ 3498.234550][ T4560] Cannot create hsr debugfs directory [ 3525.286581][ T4560] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 3525.902307][ T4560] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 3526.476734][ T4560] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 3527.118144][ T4560] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 3569.392702][ T4560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3628.819751][ T4471] veth0_vlan: entered promiscuous mode [ 3630.388622][ T4471] veth1_vlan: entered promiscuous mode [ 3636.512105][ T4471] veth0_macvtap: entered promiscuous mode [ 3637.510959][ T4471] veth1_macvtap: entered promiscuous mode [ 3643.136609][ T4511] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3643.364204][ T4511] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3643.365800][ T4511] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3643.560616][ T50] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3790.059726][ T4560] veth0_vlan: entered promiscuous mode [ 3792.017922][ T4560] veth1_vlan: entered promiscuous mode [ 3798.239423][ T4560] veth0_macvtap: entered promiscuous mode [ 3799.301380][ T4560] veth1_macvtap: entered promiscuous mode [ 3805.837699][ T4424] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3805.982384][ T4424] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3806.057790][ T4078] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3806.064083][ T4078] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4321.879341][ T4965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4322.477595][ T4965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4334.467643][ T4968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4335.008491][ T4968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4380.747675][ T4965] hsr_slave_0: entered promiscuous mode [ 4380.930902][ T4965] hsr_slave_1: entered promiscuous mode [ 4381.187125][ T4965] debugfs: 'hsr0' already exists in 'hsr' [ 4381.206214][ T4965] Cannot create hsr debugfs directory [ 4396.181183][ T4968] hsr_slave_0: entered promiscuous mode [ 4396.415350][ T4968] hsr_slave_1: entered promiscuous mode [ 4396.537697][ T4968] debugfs: 'hsr0' already exists in 'hsr' [ 4396.561491][ T4968] Cannot create hsr debugfs directory [ 4437.440076][ T4965] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 4439.166633][ T4965] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 4440.209235][ T4965] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 4442.005858][ T4965] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 4455.170794][ T4968] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 4456.082339][ T4968] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 4456.940239][ T4968] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 4458.019550][ T4968] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 4508.330749][ T4965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4520.005980][ T4968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4590.129591][ T27] INFO: task syz.5.176:4953 blocked for more than 430 seconds. [ 4590.186226][ T27] Not tainted syzkaller #0 [ 4590.217952][ T27] Blocked by coredump. [ 4590.218438][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4590.218988][ T27] task:syz.5.176 state:D stack:0 pid:4953 tgid:4949 ppid:4471 task_flags:0x40044c flags:0x00000011 [ 4590.220525][ T27] Call trace: [ 4590.221022][ T27] __switch_to+0x584/0xb00 (T) [ 4590.360459][ T27] __schedule+0x200c/0x3428 [ 4590.388471][ T27] schedule+0xac/0x27c [ 4590.405357][ T27] schedule_timeout+0x68/0x1ec [ 4590.406144][ T27] do_wait_for_common+0x28c/0x440 [ 4590.406730][ T27] wait_for_completion+0x44/0x5c [ 4590.407252][ T27] __synchronize_srcu+0x2a4/0x320 [ 4590.407847][ T27] synchronize_srcu+0x3d0/0x4f8 [ 4590.408391][ T27] __mmu_notifier_release+0x424/0x614 [ 4590.408946][ T27] exit_mmap+0xbc/0xb8c [ 4590.409496][ T27] __mmput+0x10c/0x528 [ 4590.410030][ T27] mmput+0x70/0xa8 [ 4590.410580][ T27] exit_mm+0x158/0x248 [ 4590.411095][ T27] do_exit+0x790/0x2378 [ 4590.412131][ T27] do_group_exit+0x1d4/0x2ac [ 4590.412691][ T27] get_signal+0x1440/0x154c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4590.586588][ T27] arch_do_signal_or_restart+0x23c/0x4bac [ 4590.587381][ T27] exit_to_user_mode_loop+0x88/0x188 [ 4590.587924][ T27] el0_svc+0x17c/0x238 [ 4590.588490][ T27] el0t_64_sync_handler+0x84/0x12c [ 4590.589044][ T27] el0t_64_sync+0x198/0x19c [ 4590.590763][ T27] [ 4590.590763][ T27] Showing all locks held in the system: [ 4590.591273][ T27] 1 lock held by khungtaskd/27: [ 4590.591701][ T27] #0: ffff800087a86d08 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 4590.800224][ T27] 3 locks held by kworker/u4:3/43: [ 4590.800798][ T27] 3 locks held by kworker/u4:4/50: [ 4590.801297][ T27] 2 locks held by getty/3199: [ 4590.801686][ T27] #0: ecf00000123628a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 4590.911168][ T27] #1: a0ff80008c80b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234 [ 4590.957441][ T27] 2 locks held by syz-executor/3333: [ 4590.999950][ T27] 3 locks held by kworker/u4:5/3383: [ 4591.033947][ T27] 3 locks held by kworker/u4:8/3436: [ 4591.034538][ T27] 3 locks held by kworker/u4:1/4424: [ 4591.035015][ T27] 2 locks held by syz.6.175/4944: [ 4591.035407][ T27] 3 locks held by kworker/u4:0/4973: [ 4591.035775][ T27] 2 locks held by kworker/u4:12/5043: [ 4591.036103][ T27] #0: 86f000000cc26948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a10 [ 4591.038277][ T27] #1: ffff80008fd57c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a10 [ 4591.040166][ T27] 2 locks held by kworker/u4:15/5060: [ 4591.040544][ T27] 3 locks held by kworker/u4:16/5077: [ 4591.041103][ T27] [ 4591.041402][ T27] ============================================= [ 4591.041402][ T27] [ 4591.042350][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 4591.054754][ T27] CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 4591.056197][ T27] Hardware name: linux,dummy-virt (DT) [ 4591.058970][ T27] Call trace: [ 4591.059832][ T27] show_stack+0x2c/0x3c (C) [ 4591.060863][ T27] __dump_stack+0x30/0x40 [ 4591.061846][ T27] dump_stack_lvl+0x30/0x12c [ 4591.062831][ T27] dump_stack+0x1c/0x28 [ 4591.063766][ T27] vpanic+0x1d4/0x4e4 [ 4591.064596][ T27] vpanic+0x0/0x4e4 [ 4591.065356][ T27] hung_task_panic+0x0/0x2c [ 4591.066322][ T27] kthread+0x794/0x99c [ 4591.067249][ T27] ret_from_fork+0x10/0x20 [ 4591.069175][ T27] Kernel Offset: disabled [ 4591.069939][ T27] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 4591.071082][ T27] Memory Limit: none [ 4591.073350][ T27] Rebooting in 86400 seconds..