last executing test programs: 48m41.19836614s ago: executing program 1 (id=63): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0}) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x4}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x80, 0x0}) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000080)=@arm64_ccsidr={0x602000000011000d, &(0x7f00000000c0)=0x8}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x15) 48m29.161464439s ago: executing program 1 (id=65): mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 32) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) (async, rerun: 32) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) (async) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) (async) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async, rerun: 64) r9 = eventfd2(0xd, 0x1) (rerun: 64) close(r9) (async) ioctl$KVM_CAP_ARM_USER_IRQ(r3, 0x4068aea3, &(0x7f0000000100)) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async, rerun: 32) write$eventfd(r9, 0x0, 0x0) (async, rerun: 32) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) (async) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0xfffffffffffffffe, 0x0, 0xfffffffffffffee9) ioctl$KVM_HAS_DEVICE_ATTR_vm(r10, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x1, 0x0, 0x1}}) 48m16.302203092s ago: executing program 1 (id=67): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0xa5) r5 = eventfd2(0xffff10c0, 0x801) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x0, r5}) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) 48m7.654045323s ago: executing program 1 (id=69): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e1d000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xdf) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 48m1.331595244s ago: executing program 1 (id=71): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000c22000/0x4000)=nil, r4, 0x1000002, 0x4010, r5, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x4, 0x3, 0x0}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur1={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) 47m49.544936219s ago: executing program 1 (id=72): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x4}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_CREATE_VM(r4, 0x400454ce, 0x110c230008) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x4}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000180)) (async) ioctl$KVM_CREATE_VM(r4, 0x400454ce, 0x110c230008) (async) 47m1.7558779s ago: executing program 32 (id=72): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x4}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000180)) ioctl$KVM_CREATE_VM(r4, 0x400454ce, 0x110c230008) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x4}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000180)) (async) ioctl$KVM_CREATE_VM(r4, 0x400454ce, 0x110c230008) (async) 24m12.794037222s ago: executing program 0 (id=272): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r3, 0x2, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x0, 0x1, 0x110, r6, 0x40000) close(r3) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r11, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x24) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r15, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r15, 0x0) syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0xfffffffffffffef1) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) 24m11.193925259s ago: executing program 2 (id=273): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@svc={0x122, 0x40, {0x84000009, [0x9, 0x7, 0x3, 0x8001, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013c00b}}, @irq_setup={0x46, 0x18, {0x0, 0x198}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x309}}, @hvc={0x32, 0x40, {0x86000000, [0x5a, 0x8, 0xf3, 0x7, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013f601}}, @mrs={0xbe, 0x18, {0x6030000000138027}}, @smc={0x1e, 0x40, {0x84000013, [0x7, 0x6, 0x2, 0x2, 0x40]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x2, 0xf, 0x7fff, 0x2, 0x3}}, @hvc={0x32, 0x40, {0xc5000820, [0xffffffffffffffff, 0x3ff, 0x100000000, 0xc61, 0x80000001]}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x6, 0x90fa, 0x6, 0x4}}, @smc={0x1e, 0x40, {0x4000, [0xffff, 0x1fffffffe00000, 0xc82, 0x6, 0x47]}}, @hvc={0x32, 0x40, {0x800, [0x6, 0xa3a, 0xfbd, 0x0, 0x4]}}], 0x258}, &(0x7f0000000040)=[@featur1={0x1, 0xc8}], 0x1) mmap$KVM_VCPU(&(0x7f00007dc000/0x10000)=nil, r1, 0x200000e, 0x16831, r2, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r1, 0x6000002, 0x4d832, 0xffffffffffffffff, 0x0) 24m3.391598869s ago: executing program 2 (id=274): r0 = mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r0, 0x20, &(0x7f0000000000)="4d3ab1304046db9adbbc38c30004d80e26c6c14ce1b238ad", 0x0, 0x18) (async) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000180)={0x0, 0x10}) (async) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000001c0)={0xb6, 0x0, 0x81}) (async) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)=@x86={0x79, 0x2, 0xed, 0x0, 0x8, 0x3c, 0x6, 0x1, 0x2, 0x8, 0xfc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x6, 0x6, 0x35, '\x00', 0x7, 0xde3e}) (async) r9 = syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x6, 0x4, 0x0}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x7, 0x1, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 23m59.083975735s ago: executing program 0 (id=275): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x141543, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x2, 0x100) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r3, 0x400454d0, 0x2d) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8200, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r10, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000002"]) r11 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x3b) r12 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r13, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000040)={0x1, 0xffffffffffffffff, 0x1}) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) 23m56.408526319s ago: executing program 2 (id=276): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3d) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x7}) 23m50.384357513s ago: executing program 2 (id=277): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100018, &(0x7f0000000000)=0x7fffffffffffffff}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3) ioctl$KVM_CREATE_VM(r4, 0x40049409, 0x13) close(r1) 23m41.333892927s ago: executing program 0 (id=278): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x4, 0x0}) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x0, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x4, 0x0}) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) 23m40.131214965s ago: executing program 2 (id=279): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0xfffffffffffffffe) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x408400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000000, 0x20010, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x15) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r8, 0xc018aec0, &(0x7f00000000c0)={0x1}) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2d) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000140)=@arm64_extra={0x603000000013c034, &(0x7f0000000180)=0x2}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x202) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r12, 0x800454cf, 0x200000000000000) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0xfffffffffffffffa}) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x0, 0x2000009, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000011000/0x1000)=nil, 0x1000) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1e) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) 23m34.550229437s ago: executing program 0 (id=280): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x603000000010001e, &(0x7f0000000180)=0x2}) (async) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000380)=[{0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0x8}], 0x18}], 0x1, 0x0, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x8000}}], 0x40}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_GET_STATS_FD_vm(r5, 0xaece) 23m25.023881977s ago: executing program 2 (id=281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df19, &(0x7f0000000280)=0x1}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_other={0x0, 0x2, 0x287, 0x0}) r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r5, 0x41, 0x100) 23m24.370300162s ago: executing program 0 (id=282): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, r2, 0x4, 0x80010, 0xffffffffffffffff, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r4, 0x603000000013df11, 0x8000) 23m13.918175994s ago: executing program 0 (id=283): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x151400, 0x0) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000001c0)=@other={0x8, 0x0}) 22m38.203736444s ago: executing program 33 (id=281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df19, &(0x7f0000000280)=0x1}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_other={0x0, 0x2, 0x287, 0x0}) r12 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r5, 0x41, 0x100) 22m26.052308645s ago: executing program 34 (id=283): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x151400, 0x0) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000001c0)=@other={0x8, 0x0}) 57.344440998s ago: executing program 4 (id=394): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x111081, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000240)={0x200002f}) 49.060029192s ago: executing program 4 (id=396): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x1000}) 46.830776627s ago: executing program 3 (id=397): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20e0c0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r3, 0x4018aee3, &(0x7f0000000100)=@attr_pmu_init) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x2000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 40.705315673s ago: executing program 4 (id=398): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) r5 = eventfd2(0x8, 0x80800) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000000c0)={r5, 0x3}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r5, 0x9, 0x3, r5}) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r6, 0x280000b, 0x20010, r2, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000020000/0x400000)=nil) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 37.13010789s ago: executing program 3 (id=399): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x84000013, [0xbc0, 0x8, 0x6, 0x80000001, 0x6]}}, @hvc={0x32, 0x40, {0x8400000c, [0x1, 0x3, 0xd, 0x8b3, 0xa680]}}, @uexit={0x0, 0x18, 0x100000001}, @svc={0x122, 0x40, {0xc4000014, [0x3, 0x9, 0x1, 0x1, 0x495]}}, @irq_setup={0x46, 0x18, {0x1, 0x9}}, @smc={0x1e, 0x40, {0x8400000d, [0x1, 0x0, 0x2, 0x9, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x123}}, @uexit={0x0, 0x18, 0x8000}, @svc={0x122, 0x40, {0x8400000a, [0x5, 0x30, 0xb8d5, 0x61c, 0x1]}}, @uexit={0x0, 0x18, 0x7cb}, @uexit={0x0, 0x18, 0x10001}], 0x1e0}, &(0x7f0000000240)=[@featur1={0x1, 0x10}], 0x1) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000600)=[{0x0, &(0x7f0000000280)=[@svc={0x122, 0x40, {0x0, [0x1ff, 0x8, 0x3, 0x9, 0x4]}}, @smc={0x1e, 0x40, {0x3000000, [0x7, 0x8001, 0xbc54, 0x1, 0x4]}}, @eret={0xe6, 0x18, 0x6}, @irq_setup={0x46, 0x18, {0x2, 0x2ee}}, @smc={0x1e, 0x40, {0x1000, [0x5, 0x2, 0x4, 0x140000, 0xfffffffffffffff9]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x100, 0x5, 0x4}}, @uexit={0x0, 0x18, 0x239}, @msr={0x14, 0x20, {0x603000000013e6cc, 0xb}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x100, 0x5dad, 0x2}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x3f0}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x8400000e, [0x2, 0x261, 0x0, 0xfffffffffffffffb, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x3a0}}, @irq_setup={0x46, 0x18, {0x4, 0x361}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x95}}, @hvc={0x32, 0x40, {0x84000013, [0xb, 0x200, 0x8001, 0x6, 0x7]}}, @msr={0x14, 0x20, {0x603000000013e609, 0x8001}}, @hvc={0x32, 0x40, {0x84000001, [0x7, 0x7, 0x5, 0x2, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x29e}}, @uexit={0x0, 0x18, 0x3}, @uexit={0x0, 0x18, 0x10001}], 0x368}], 0x1, 0x0, &(0x7f0000000640)=[@featur2={0x1, 0x4}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000000680)=@attr_pvtime_ipa) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000006c0)={0x5, 0x1, 0x25000, 0x1000, &(0x7f0000dcd000/0x1000)=nil, 0x6}) ioctl$KVM_ARM_PREFERRED_TARGET(r1, 0x8020aeaf, &(0x7f0000000780)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r2, 0x4018aee3, &(0x7f0000000800)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f00000007c0)=0x1f}) ioctl$KVM_GET_REGS(r0, 0x8360ae81, &(0x7f0000000840)) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000940)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000900)={0x2, 0x0, 0x1}}) ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, &(0x7f00000009c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000980)={0xf0, 0x5, 0x2}}) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000a00)=0xcb08) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000a80)=@attr_arm64={0x0, 0x6, 0x3, &(0x7f0000000a40)=0x3b09}) ioctl$KVM_ARM_VCPU_INIT(r1, 0x4020aeae, &(0x7f0000000ac0)={0x0, 0x50}) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001040)={0x0, &(0x7f0000000b00)=[@hvc={0x32, 0x40, {0x200, [0x5, 0x5, 0x1, 0x0, 0x100000000]}}, @msr={0x14, 0x20, {0x4889, 0x40}}, @mrs={0xbe, 0x18, {0x603000000013c510}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x10, 0x7, 0x1, 0x2}}, @eret={0xe6, 0x18, 0x5}, @hvc={0x32, 0x40, {0xc4000004, [0xad0000000000000, 0x2, 0x100, 0x5, 0x7]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x3db}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x3, 0x10, 0x2, 0x10000, 0x1}}, @smc={0x1e, 0x40, {0xc4000012, [0x3a6, 0x6, 0x75, 0xb, 0xa45]}}, @svc={0x122, 0x40, {0x2, [0x3, 0xa, 0x3, 0x5, 0x3c7d]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x0, 0x1a}}, @smc={0x1e, 0x40, {0x4, [0x800, 0x1, 0x0, 0x9, 0x8]}}, @eret={0xe6, 0x18, 0x6}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x3, 0xb, 0x800, 0x10001, 0x3}}, @code={0xa, 0x9c, {"000028d5406799d200a0b8f2410080d2820180d2c30080d2c40180d2020000d400004039608d92d20080b8f2810180d2820180d2230080d2040080d2020000d4000008d5001c600e40cd83d20000b0f2410180d2e20180d2830080d2e40180d2020000d40000c02c003d9ad20040b0f2a10180d2e20180d2c30080d2040080d2020000d400a8200e"}}, @mrs={0xbe, 0x18, {0x603000000013df45}}, @eret={0xe6, 0x18, 0x7f}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x3, 0x0, 0x7}}, @smc={0x1e, 0x40, {0x80000001, [0x477, 0x9, 0x7, 0x5da, 0x9]}}, @irq_setup={0x46, 0x18, {0x4, 0x132}}, @code={0xa, 0x9c, {"007008d560fc8fd20000b8f2810180d2020180d2630080d2240080d2020000d4008008d5807181d200c0b0f2a10180d2a20080d2830180d2a40180d2020000d4007008d50090200e00fc205e803b9ad20080b8f2a10180d2820180d2230080d2640080d2020000d4a08496d200e0b0f2a10080d2220180d2630080d2840080d2020000d4000028d5"}}, @eret={0xe6, 0x18, 0x6}, @svc={0x122, 0x40, {0x86000000, [0x2, 0x401, 0xfffffffffffffffe, 0x80, 0x10001]}}, @irq_setup={0x46, 0x18, {0x0, 0x45}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x36e}}, @uexit={0x0, 0x18, 0x8}], 0x510}, &(0x7f0000001080)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_GUEST_DEBUG_arm64(r3, 0x4208ae9b, &(0x7f00000010c0)={0x20000, 0x0, {[0x5, 0x5e44, 0x80000000, 0x4f, 0x741a, 0x8c31, 0x2, 0x80000000, 0xd17, 0x100, 0x7, 0x1a, 0xc, 0x9, 0x3, 0x1e02], [0x4c, 0x2, 0x80000001, 0x1, 0x7ff, 0x101, 0x1, 0x6021cb18, 0x9, 0x1, 0x817, 0x80000001, 0x5, 0x4, 0xf, 0x8001], [0xfffffffffffff984, 0x8, 0x0, 0x7, 0x2, 0xb, 0x7ff, 0xe3d, 0x7, 0x9, 0x200, 0x2, 0x1, 0x1, 0xe, 0x6], [0x9, 0x5, 0x20000000, 0x8, 0xc4ac, 0x1, 0x2fb6, 0x9, 0x7f, 0x580b, 0x7fffffffffffffff, 0x9, 0x2, 0xffffffffffff8000, 0x7, 0x200]}}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000001340)=@attr_other={0x0, 0xffffffff, 0x4, &(0x7f0000001300)=0x50000000000000}) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000001380)={0x8, 0x2}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000001400)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000013c0)=0x8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001440), 0x101000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) munmap(&(0x7f0000e10000/0x3000)=nil, 0x3000) r5 = eventfd2(0x5f46, 0x80802) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000001480)={0x5000, 0x8000, 0x1}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4360ae82, &(0x7f00000014c0)={[0x6, 0xd, 0xffffffff, 0x7f, 0xc3, 0x807b, 0xfffffffffffffffe, 0xfffffffffffffffc, 0x2, 0xa, 0xd562, 0x31, 0x1c, 0x8, 0xfa92, 0x5], 0x80a0000, 0x14402}) ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000001580)={0x2, [0xb7, 0x40]}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000015c0)=@attr_pmu_init) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000001600)={0xb0, "4ffc9c2a22cbc2892ecdf6ce90658fc1e96987252b1fc8a9b0436de1c94db380f19922acc17b5f9b2d70bb92d7c75761ccdc8c3cfcb7e317fd5db7214007613ef85915535f310d910b7693ee2535586fde96d3bb755f75fe0657a08435c6130d5002fcb8936827280b8b4f364ac4c0592f12c86e572f0dd6238a3e586c2efe41cba4ebd82a13df830e8e797ba0082af0b580681558f89a2a97450755078663358119d8e09f33e5f6f68fe34528f58578"}) write$eventfd(r5, &(0x7f00000016c0)=0x6, 0x8) 29.202754165s ago: executing program 3 (id=400): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, r0, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, r0, 0x5000002, 0x10, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000540)=[{0x0, 0x0, 0x51c}], 0x1, 0x0, 0x0, 0x0) 26.341025546s ago: executing program 4 (id=401): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r2, 0x4018aee2, &(0x7f0000000200)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x183d}) (async) r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x57) (async, rerun: 32) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000400)={0x0, &(0x7f00000000c0)}, &(0x7f0000000440)=[@featur1={0x1, 0x80}], 0x1) (rerun: 32) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000240)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f00000000c0)) (async) syz_kvm_assert_reg(r8, 0x6, 0x8000) (async) r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff}) 21.785701586s ago: executing program 3 (id=402): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = syz_kvm_vgic_v3_setup(r0, 0x1, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0x3, &(0x7f0000000240)=0x40e8dd60}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async) syz_kvm_vgic_v3_setup(r0, 0x1, 0x100) (async) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0x3, &(0x7f0000000240)=0x40e8dd60}) (async) 12.676365905s ago: executing program 3 (id=403): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000000)={0xeeef0000, 0x3f3e095277a4c7b3, 0x1}) (async) r1 = eventfd2(0x2, 0x80000) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000040)={0x0, 0x1, 0x0, r1, 0x4}) (async) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, 0x0, 0x9, 0x10, r2, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000080)={0x6}) (async) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f00000000c0)={0x10001, 0x1ffc00}) (async) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000100)={0x5, 0xdddd0000, 0x8, r1}) ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000140)=0x2) (async) ioctl$KVM_GET_DEVICE_ATTR_vm(r0, 0x4018aee2, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000180)={0x9, 0x5, 0x2}}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000200)) (async) r3 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000280)={0x8, 0xffffffffffffffff, 0x1}) (async) r4 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) r5 = eventfd2(0x171, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f00000002c0)={r5, 0x3}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r4, 0x4068aea3, &(0x7f0000000300)={0xe4, 0x0, 0x2}) (async) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000380)={0xf, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000400)=@attr_other={0x0, 0x3, 0x91, &(0x7f00000003c0)=0x9}) (async) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x34) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000440)={0xdddd1000, 0x1e000, 0x1}) (async) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000480)={r1, 0x1, 0x1, r1}) (async) ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, &(0x7f0000000500)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000004c0)={0xa, 0x401}}) (async) r8 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000980)={0x0, &(0x7f0000000540)=[@svc={0x122, 0x40, {0x80000000, [0xffffffffffffff7b, 0xfff, 0x1, 0x9, 0x7000]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0xad}}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @svc={0x122, 0x40, {0xc400000c, [0x52a, 0x47, 0x0, 0x9c7, 0x7]}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x2000000000000000}, @svc={0x122, 0x40, {0x84000013, [0x8, 0x8, 0x4d, 0x8, 0x95e]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0x1, 0xfffffffe, 0x7, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013def4}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0x1000, 0x2}}, @msr={0x14, 0x20, {0x603000000013f300, 0x68da}}, @hvc={0x32, 0x40, {0x0, [0x4, 0x0, 0x6, 0xc, 0x8]}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x1}, @mrs={0xbe, 0x18, {0x603000000013defc}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x3d7}}, @eret={0xe6, 0x18, 0x4}, @msr={0x14, 0x20, {0x6030000000130204, 0x80000000}}, @svc={0x122, 0x40, {0xc4000014, [0xe, 0x8, 0x7, 0x0, 0x7]}}, @hvc={0x32, 0x40, {0x80000000, [0x9, 0x0, 0x9, 0x4, 0x6]}}, @irq_setup={0x46, 0x18, {0x4, 0x325}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x2b4}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x2e7}}, @smc={0x1e, 0x40, {0xc5000020, [0x6, 0x1623, 0x100, 0x5, 0x4000]}}, @irq_setup={0x46, 0x18, {0x2, 0x39a}}, @uexit={0x0, 0x18, 0x50}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x4, 0x6, 0x4, 0x3b, 0x3}}], 0x428}, &(0x7f00000009c0)=[@featur2], 0x1) (async) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000a40)=@arm64_sve={0x6080000000150454, &(0x7f0000000a00)=0x8}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000a80)={0xffff1000, 0x112000, 0x1}) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000ac2000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 12.435439531s ago: executing program 4 (id=404): munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[], 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) close(r1) close(r2) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x791c00, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe3) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x22) ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000000)={0x5, 0x8}) 2.214605607s ago: executing program 3 (id=405): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000040)={0x10101, 0x10001}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 0s ago: executing program 4 (id=406): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f00000001c0), 0x2083, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000073000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r1, 0x4068aea3, &(0x7f0000000200)) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r6, 0x1, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000580)=0x10001}) r9 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000100)={0x0, &(0x7f00000002c0)=[@svc={0x122, 0x40, {0x84000000, [0xffffffffffdffff9, 0x0, 0x400, 0x5c63, 0x405]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r11, &(0x7f0000bfe000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100022, &(0x7f0000000000)=0xcb}) kernel console output (not intermixed with test programs): [ 384.102769][ T3151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.458063][ T3151] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:59030' (ED25519) to the list of known hosts. [ 591.556673][ T25] audit: type=1400 audit(590.800:61): avc: denied { name_bind } for pid=3302 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 592.508998][ T25] audit: type=1400 audit(591.750:62): avc: denied { execute } for pid=3303 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 592.535642][ T25] audit: type=1400 audit(591.780:63): avc: denied { execute_no_trans } for pid=3303 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 615.129127][ T25] audit: type=1400 audit(614.370:64): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 615.166337][ T25] audit: type=1400 audit(614.410:65): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 615.258715][ T3303] cgroup: Unknown subsys name 'net' [ 615.333062][ T25] audit: type=1400 audit(614.570:66): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 615.724087][ T3303] cgroup: Unknown subsys name 'cpuset' [ 615.827541][ T3303] cgroup: Unknown subsys name 'rlimit' [ 616.225281][ T25] audit: type=1400 audit(615.470:67): avc: denied { setattr } for pid=3303 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 616.244659][ T25] audit: type=1400 audit(615.480:68): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 616.274227][ T25] audit: type=1400 audit(615.510:69): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 617.469633][ T3306] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 617.494656][ T25] audit: type=1400 audit(616.730:70): avc: denied { relabelto } for pid=3306 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.515062][ T25] audit: type=1400 audit(616.760:71): avc: denied { write } for pid=3306 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 617.702234][ T25] audit: type=1400 audit(616.940:72): avc: denied { read } for pid=3303 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.723340][ T25] audit: type=1400 audit(616.960:73): avc: denied { open } for pid=3303 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 617.767810][ T3303] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 667.954508][ T25] audit: type=1400 audit(667.200:74): avc: denied { execmem } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 673.095762][ T25] audit: type=1400 audit(672.340:75): avc: denied { read } for pid=3309 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 673.110969][ T25] audit: type=1400 audit(672.350:76): avc: denied { open } for pid=3309 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 673.170761][ T25] audit: type=1400 audit(672.410:77): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 673.435595][ T25] audit: type=1400 audit(672.680:79): avc: denied { module_request } for pid=3310 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 673.445374][ T25] audit: type=1400 audit(672.670:78): avc: denied { module_request } for pid=3309 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 674.556326][ T25] audit: type=1400 audit(673.800:80): avc: denied { sys_module } for pid=3309 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 700.107111][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.508081][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 701.371866][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.854352][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 716.383653][ T3310] hsr_slave_0: entered promiscuous mode [ 716.411763][ T3310] hsr_slave_1: entered promiscuous mode [ 717.271679][ T3309] hsr_slave_0: entered promiscuous mode [ 717.294548][ T3309] hsr_slave_1: entered promiscuous mode [ 717.333436][ T3309] debugfs: 'hsr0' already exists in 'hsr' [ 717.337514][ T3309] Cannot create hsr debugfs directory [ 722.771703][ T25] audit: type=1400 audit(722.010:81): avc: denied { create } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.824460][ T25] audit: type=1400 audit(722.070:82): avc: denied { write } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 722.891474][ T25] audit: type=1400 audit(722.090:83): avc: denied { read } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 723.006200][ T3310] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 723.363812][ T3310] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 723.691268][ T3310] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 724.006131][ T3310] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 725.494697][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 725.671884][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 725.836393][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 726.031293][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 738.428142][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 740.887446][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 800.778365][ T3310] veth0_vlan: entered promiscuous mode [ 801.225504][ T3310] veth1_vlan: entered promiscuous mode [ 802.896220][ T3310] veth0_macvtap: entered promiscuous mode [ 803.304557][ T3310] veth1_macvtap: entered promiscuous mode [ 804.022315][ T3309] veth0_vlan: entered promiscuous mode [ 804.784429][ T3309] veth1_vlan: entered promiscuous mode [ 805.656486][ T3415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.664474][ T3415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.680996][ T3415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 805.692548][ T3415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.136648][ T25] audit: type=1400 audit(807.340:84): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 808.307571][ T25] audit: type=1400 audit(807.550:85): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/syzkaller.BcU200/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 808.322549][ T3309] veth0_macvtap: entered promiscuous mode [ 808.554501][ T25] audit: type=1400 audit(807.800:86): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 808.752902][ T3309] veth1_macvtap: entered promiscuous mode [ 808.881965][ T25] audit: type=1400 audit(808.120:87): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/syzkaller.BcU200/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 809.012503][ T25] audit: type=1400 audit(808.250:88): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/syzkaller.BcU200/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3752 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 809.443339][ T25] audit: type=1400 audit(808.690:89): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 809.637890][ T25] audit: type=1400 audit(808.880:90): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 809.793641][ T25] audit: type=1400 audit(809.010:91): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="gadgetfs" ino=3761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 810.147125][ T25] audit: type=1400 audit(809.390:92): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 810.332242][ T25] audit: type=1400 audit(809.550:93): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 810.727365][ T3351] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.741869][ T3351] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.772225][ T3351] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.776149][ T3351] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.994017][ T3310] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 823.928462][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 823.941270][ T25] audit: type=1400 audit(823.170:98): avc: denied { read } for pid=3467 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 823.947877][ T25] audit: type=1400 audit(823.170:99): avc: denied { open } for pid=3467 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 824.901229][ T25] audit: type=1400 audit(824.130:100): avc: denied { ioctl } for pid=3467 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 826.731468][ T25] audit: type=1400 audit(825.970:101): avc: denied { write } for pid=3468 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 841.822133][ T25] audit: type=1400 audit(841.060:102): avc: denied { execute } for pid=3478 comm="syz.0.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4053 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 869.724335][ T25] audit: type=1400 audit(868.950:103): avc: denied { append } for pid=3492 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 870.917397][ T25] audit: type=1400 audit(870.160:104): avc: denied { setattr } for pid=3492 comm="syz.1.7" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1069.507852][ T3595] kvm [3595]: Failed to find VMA for hva 0x20c01000 [ 1118.976474][ T3625] kvm [3624]: Unsupported guest access at: eeef0000 [ 1118.976474][ T3625] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1119.786464][ T3626] kvm [3624]: Unsupported guest access at: eeef0000 [ 1119.786464][ T3626] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1217.315755][ T25] audit: type=1400 audit(1216.500:105): avc: denied { map } for pid=3674 comm="syz.0.68" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1217.350799][ T25] audit: type=1400 audit(1216.560:106): avc: denied { execute } for pid=3674 comm="syz.0.68" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1298.895158][ T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1300.327371][ T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.258797][ T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1302.389155][ T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1323.252471][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1323.703884][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1323.962633][ T50] bond0 (unregistering): Released all slaves [ 1326.183155][ T50] hsr_slave_0: left promiscuous mode [ 1326.245866][ T50] hsr_slave_1: left promiscuous mode [ 1327.110764][ T50] veth1_macvtap: left promiscuous mode [ 1327.115291][ T50] veth0_macvtap: left promiscuous mode [ 1327.134577][ T50] veth1_vlan: left promiscuous mode [ 1327.160972][ T50] veth0_vlan: left promiscuous mode [ 1401.156400][ T3702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1401.368321][ T3702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1424.476594][ T3702] hsr_slave_0: entered promiscuous mode [ 1424.546678][ T3702] hsr_slave_1: entered promiscuous mode [ 1424.647828][ T3702] debugfs: 'hsr0' already exists in 'hsr' [ 1424.660700][ T3702] Cannot create hsr debugfs directory [ 1443.512625][ T3702] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1444.011958][ T3702] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1444.339169][ T3702] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1444.805961][ T3702] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1472.277333][ T3702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1511.216794][ T3864] kvm [3864]: Failed to find VMA for hva 0x21016000 [ 1579.308175][ T3702] veth0_vlan: entered promiscuous mode [ 1580.153710][ T3702] veth1_vlan: entered promiscuous mode [ 1583.264453][ T3702] veth0_macvtap: entered promiscuous mode [ 1583.782450][ T3702] veth1_macvtap: entered promiscuous mode [ 1587.176608][ T3348] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.187360][ T3348] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.202657][ T3348] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1587.241118][ T3348] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2022.298832][ T25] audit: type=1400 audit(2021.540:107): avc: denied { execute } for pid=4170 comm="syz.2.168" path="/36/T" dev="tmpfs" ino=198 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2056.113874][ T25] audit: type=1400 audit(2055.340:108): avc: denied { ioctl } for pid=4181 comm="syz.2.171" path="net:[4026532616]" dev="nsfs" ino=4026532616 ioctlcmd=0x582a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 2331.394251][ T4354] kvm [4354]: Failed to find VMA for hva 0x20c01000 [ 2365.904947][ T4371] kvm [4371]: Failed to find VMA for hva 0x20dec000 [ 2443.557770][ T4406] kvm [4406]: Failed to find VMA for hva 0x20dd5000 [ 2443.652783][ T4407] kvm [4407]: Failed to find VMA for hva 0x20dd5000 [ 2615.874044][ T4514] kvm [4514]: Failed to find VMA for hva 0x20de2000 [ 2822.318634][ T4575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2822.974520][ T4575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2841.693526][ T4583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2841.966295][ T4583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2852.127703][ T4575] hsr_slave_0: entered promiscuous mode [ 2852.205619][ T4575] hsr_slave_1: entered promiscuous mode [ 2852.261993][ T4575] debugfs: 'hsr0' already exists in 'hsr' [ 2852.265163][ T4575] Cannot create hsr debugfs directory [ 2868.268961][ T4583] hsr_slave_0: entered promiscuous mode [ 2868.336169][ T4583] hsr_slave_1: entered promiscuous mode [ 2868.421381][ T4583] debugfs: 'hsr0' already exists in 'hsr' [ 2868.431574][ T4583] Cannot create hsr debugfs directory [ 2868.481197][ T4575] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2868.874730][ T4575] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2869.755046][ T4575] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2870.073546][ T4575] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2888.562713][ T4583] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2889.228809][ T4583] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2889.836565][ T4583] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2890.378278][ T4583] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2907.976157][ T4575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2923.687514][ T3847] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2925.183435][ T3847] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2926.188547][ T3847] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2927.254086][ T3847] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2944.224953][ T3847] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2944.423109][ T3847] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2944.548096][ T3847] bond0 (unregistering): Released all slaves [ 2947.152299][ T3847] hsr_slave_0: left promiscuous mode [ 2947.284298][ T3847] hsr_slave_1: left promiscuous mode [ 2947.846460][ T3847] veth1_macvtap: left promiscuous mode [ 2947.863696][ T3847] veth0_macvtap: left promiscuous mode [ 2947.884865][ T3847] veth1_vlan: left promiscuous mode [ 2947.891585][ T3847] veth0_vlan: left promiscuous mode [ 2965.725791][ T4583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2970.855283][ T3847] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2972.205546][ T3847] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2973.586721][ T3847] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2974.947905][ T3847] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2993.102841][ T3847] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2993.342015][ T3847] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2993.512763][ T3847] bond0 (unregistering): Released all slaves [ 2995.376951][ T3847] hsr_slave_0: left promiscuous mode [ 2995.705345][ T3847] hsr_slave_1: left promiscuous mode [ 2996.702865][ T3847] veth1_macvtap: left promiscuous mode [ 2996.707109][ T3847] veth0_macvtap: left promiscuous mode [ 2996.752660][ T3847] veth1_vlan: left promiscuous mode [ 2996.777657][ T3847] veth0_vlan: left promiscuous mode [ 3077.297508][ T4575] veth0_vlan: entered promiscuous mode [ 3078.205902][ T4575] veth1_vlan: entered promiscuous mode [ 3081.233490][ T4575] veth0_macvtap: entered promiscuous mode [ 3081.876445][ T4575] veth1_macvtap: entered promiscuous mode [ 3085.027091][ T2139] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3085.062643][ T3852] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3085.214017][ T4465] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3085.224549][ T4465] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3117.322546][ T4583] veth0_vlan: entered promiscuous mode [ 3118.464804][ T4583] veth1_vlan: entered promiscuous mode [ 3122.471935][ T4583] veth0_macvtap: entered promiscuous mode [ 3122.984235][ T4583] veth1_macvtap: entered promiscuous mode [ 3127.506919][ T3847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3127.511825][ T3847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3127.564828][ T3847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3127.681622][ T3847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4117.126731][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5af8e [ 4117.181677][ T5322] flags: 0x1ffd64000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x59) [ 4117.212797][ T5322] raw: 01ffd64000000000 ffffc1ffc06be3c8 ffffc1ffc07731c8 0000000000000000 [ 4117.242542][ T5322] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 4117.247543][ T5322] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 4117.322672][ T5322] ------------[ cut here ]------------ [ 4117.322955][ T5322] kernel BUG at ./include/linux/mm.h:1036! [ 4117.324714][ T5322] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 4117.329652][ T5322] Modules linked in: [ 4117.331729][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.3.405 Not tainted syzkaller #0 PREEMPT [ 4117.333326][ T5322] Hardware name: linux,dummy-virt (DT) [ 4117.334523][ T5322] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 4117.335900][ T5322] pc : kvm_s2_put_page+0x374/0x3a0 [ 4117.338237][ T5322] lr : kvm_s2_put_page+0x374/0x3a0 [ 4117.339237][ T5322] sp : ffff80008f8e7570 [ 4117.339947][ T5322] x29: ffff80008f8e7570 x28: c0f000001dcc7000 x27: c0f000001dcc7000 [ 4117.341584][ T5322] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 4117.342949][ T5322] x23: ffffc1ffc06be388 x22: 0000000000000000 x21: ffffc1ffc06be3b4 [ 4117.344403][ T5322] x20: 0000000000000000 x19: ffffc1ffc06be380 x18: 000000004ff2ed4d [ 4117.345776][ T5322] x17: 0000000004a71aaf x16: 000000004ff2c3bd x15: 000000003cfb7187 [ 4117.347197][ T5322] x14: ffffffffffffffff x13: fff0000018899d88 x12: 0000000000000001 [ 4117.348510][ T5322] x11: 0000000000080000 x10: 0000000000036a18 x9 : 2c4da2f6467fa500 [ 4117.350025][ T5322] x8 : 2c4da2f6467fa500 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 4117.351430][ T5322] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800080758a9c [ 4117.352800][ T5322] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 4117.354324][ T5322] Call trace: [ 4117.355256][ T5322] kvm_s2_put_page+0x374/0x3a0 (P) [ 4117.356552][ T5322] stage2_free_walker+0x1b0/0x264 [ 4117.357651][ T5322] __kvm_pgtable_walk+0x7d8/0xa68 [ 4117.358739][ T5322] kvm_pgtable_walk+0x294/0x468 [ 4117.359729][ T5322] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 4117.360871][ T5322] kvm_free_stage2_pgd+0x198/0x28c [ 4117.361858][ T5322] kvm_uninit_stage2_mmu+0x20/0x38 [ 4117.362883][ T5322] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 4117.363937][ T5322] kvm_mmu_notifier_release+0x48/0xa8 [ 4117.364933][ T5322] mmu_notifier_unregister+0x128/0x42c [ 4117.365971][ T5322] kvm_put_kvm+0x6a0/0xfa8 [ 4117.366865][ T5322] kvm_vcpu_release+0x70/0x9c [ 4117.367846][ T5322] __fput+0x4ac/0x980 [ 4117.368703][ T5322] ____fput+0x20/0x58 [ 4117.369599][ T5322] task_work_run+0x1bc/0x254 [ 4117.370538][ T5322] get_signal+0x13ec/0x1554 [ 4117.371482][ T5322] do_signal+0x23c/0x4dd0 [ 4117.372350][ T5322] do_notify_resume+0xb0/0x270 [ 4117.373282][ T5322] el0_svc+0xb8/0x164 [ 4117.374120][ T5322] el0t_64_sync_handler+0x84/0x12c [ 4117.375125][ T5322] el0t_64_sync+0x198/0x19c [ 4117.376613][ T5322] Code: f00375a1 912ec421 aa1303e0 97f9c9f2 (d4210000) [ 4117.378499][ T5322] ---[ end trace 0000000000000000 ]--- [ 4117.380108][ T5322] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 4117.382106][ T5322] Kernel Offset: disabled [ 4117.382841][ T5322] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 4117.383961][ T5322] Memory Limit: none [ 4117.385647][ T5322] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:10:39 Registers: info registers vcpu 0 CPU#0 PC=ffff800080490698 X00=0000000000000001 X01=0000000000000008 X02=0000000000000000 X03=ffff80008049067c X04=0000000000000000 X05=0000000000000000 X06=ffff80008048b328 X07=ffff800080015834 X08=00000000000000fe X09=86ff8000a1c08000 X10=000000000003804b X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f69a20 X16=0000000000000000 X17=0000000004a71aaf X18=000000004ff2ed4d X19=000000000000042f X20=efff800000000000 X21=ffff800087942e20 X22=000000000000042e X23=00000000000000ff X24=ffff800087942e20 X25=000000000000042e X26=12f0000018899d90 X27=00000000000003c0 X28=ffff800087724000 X29=ffff80008f8e6fd0 X30=ffff80008049067c SP=ffff80008f8e6f90 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:ffffffff00000000 Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc754e590:0000ffffc754e590 Z17=ffffff80ffffffd0:0000ffffc754e560 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000