last executing test programs: 41m58.069645128s ago: executing program 0 (id=265): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x80000001, 0x2, &(0x7f0000000100)=0x54}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xe3) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2400, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bc2000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r13, 0x4010aeb5, &(0x7f00000002c0)={0x200}) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) r14 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r14, 0x8040ae9f, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x1, 0xffffffffffffffff, 0x1}) 41m44.973644379s ago: executing program 0 (id=268): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x120) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000000), 0x400001, 0x0) ioctl$KVM_CREATE_VM(r5, 0x80087601, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xb80c0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) r10 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x13, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x8010, r9, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, 0x0) close(r2) r11 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6, 0x20010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) syz_memcpy_off$KVM_EXIT_MMIO(r11, 0x20, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000e26000/0x2000)=nil, r13, 0x300000a, 0x4000010, 0xffffffffffffffff, 0x0) 41m32.372025236s ago: executing program 1 (id=269): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r1, 0x1, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000280)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000240)=0x9f}) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x6}, @code={0xa, 0x84, {"0064002f000008d5000080f90084e00d000028d5008008d580759ad200a0b8f2c10180d2020080d2030180d2040080d2020000d4e0e283d20020b8f2810180d2820080d2430080d2040180d2020000d4001ca00e40249ad20060b0f2410080d2020180d2830080d2040180d2020000d4"}}], 0xb4}, &(0x7f0000000040)=[@featur2={0x1, 0x22}], 0x1) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39) syz_kvm_vgic_v3_setup(r5, 0x3, 0x100) ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000180)=0x7) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r7, 0x5761, 0x2000001c) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) 41m31.50732399s ago: executing program 0 (id=270): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x21) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r7 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r6, 0x3, 0x11, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000e0b000/0x4000)=nil, r6, 0x100000f, 0x11, r3, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r4, 0x20, &(0x7f0000000240)="9ff90d8d766e1116fb10926dd7256de4b19d3d270a571d6c", 0x0, 0x12) r8 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000acf000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r11, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r12, 0x200001fe0000) 41m22.761888215s ago: executing program 1 (id=271): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x412401, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xf4) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xa) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000e8b000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x500000a, 0x20010, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x3e) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x10004, 0x0, &(0x7f0000ffc000/0x1000)=nil}) (async) munmap(&(0x7f0000ec1000/0x2000)=nil, 0x2000) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) 41m19.156826527s ago: executing program 0 (id=272): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x29) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, 0x0, 0x40000, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x2, 0x80a0000, 0x0, r5, 0x4fd0f096b459bd7b}) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r7, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r7, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xffffffff, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x5, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x75}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x40000000000004, 0xc0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x3) openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000280)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000240)=0x3}) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) ioctl$KVM_ARM_VCPU_FINALIZE(r12, 0x4004aec2, &(0x7f0000000180)=0x4) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r12, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async) syz_kvm_vgic_v3_setup(r11, 0x3, 0x180) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) 41m16.959596774s ago: executing program 1 (id=273): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x0, 0x0}) 41m9.370720003s ago: executing program 1 (id=274): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000080)={0x10004, 0x0, &(0x7f0000c82000/0x4000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0xffffffffffffffff, 0x1, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x4, 0x220) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r11, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8}) 41m8.801784477s ago: executing program 0 (id=275): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f00000000c0)=0x8}) r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013e66c, 0x1000}}, @hvc={0x32, 0x40, {0x8400000a, [0x81, 0x4, 0x8, 0x1, 0xf8]}}, @eret={0xe6, 0x18, 0x8000}, @irq_setup={0x46, 0x18, {0x1, 0x315}}, @hvc={0x32, 0x40, {0x3000000, [0x7c, 0x5, 0x34ac76fe, 0x408b, 0x2]}}, @msr={0x14, 0x20, {0x603000000013dea1, 0x401}}, @code={0xa, 0x6c, {"405793d200a0b0f2c10180d2420180d2e30180d2640180d2020000d4008f9ad20040b0f2810180d2820180d2430080d2240080d2020000d41f00007100d8a02e003c0053000028d5007008d50000401f000008d5000028d5"}}, @svc={0x122, 0x40, {0xc5000021, [0x10001, 0x401, 0x9, 0x7, 0xdad]}}, @hvc={0x32, 0x40, {0x31000000, [0x7, 0x3, 0x1, 0xb, 0x24a2aae9]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x80, 0x4, 0x4}}, @code={0xa, 0x84, {"007008d5007008d5007008d5000008d5400986d200a0b8f2a10180d2220180d2230080d2840180d2020000d4a0ed9dd200e0b8f2e10080d2a20180d2c30180d2640180d2020000d40000689e0068284e001488d20080b0f2410180d2420080d2e30180d2640080d2020000d400000053"}}, @code={0xa, 0x9c, {"0000200da04493d200c0b0f2410180d2020080d2030180d2240080d2020000d4606a82d200e0b0f2e10180d2620080d2e30180d2c40180d2020000d4007008d560228fd20080b0f2610180d2620080d2e30080d2a40180d2020000d4007008d5008008d5a0588bd200e0b0f2010080d2c20180d2630180d2c40180d2020000d4007008d50000805a"}}, @smc={0x1e, 0x40, {0xc400000e, [0x2, 0x9, 0x63, 0x4, 0x3a98463f]}}, @code={0xa, 0x9c, {"401b81d20080b0f2610080d2e20180d2e30180d2640080d2020000d4e05f9fd20000b0f2210080d2620180d2c30080d2c40080d2020000d440c88ad200a0b8f2210180d2420180d2630180d2440180d2020000d4000028d5000028d50000005e000028d5c07f9bd20060b0f2e10180d2620180d2e30180d2040180d2020000d4007008d50010200e"}}, @code={0xa, 0x9c, {"00aa9cd200c0b0f2410080d2a20180d2230080d2640080d2020000d4c0659ed20080b8f2e10080d2a20180d2830080d2440080d2020000d40034207e007008d5007008d50088601e007008d5007008d5809a95d20060b0f2c10080d2220080d2a30080d2c40180d2020000d440728ad20080b8f2a10080d2820180d2030180d2a40180d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x3ee}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x38d}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x1b7}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x1, 0x4}}, @eret={0xe6, 0x18, 0x8}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x1a2}}, @eret={0xe6, 0x18, 0xfffffffffffffffe}, @mrs={0xbe, 0x18, {0x603000000013c108}}, @smc={0x1e, 0x40, {0x80000001, [0xa, 0x6, 0x8000, 0x8cb, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013c288}}], 0x614}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000040)=0x7}) ioctl$KVM_RUN(r9, 0xae80, 0x0) 40m58.233947171s ago: executing program 0 (id=276): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r2}) close(r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000240)=0x4}) close(r2) 40m57.794657588s ago: executing program 1 (id=277): mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r0, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000000)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfffc, 0x3, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x2, 0xf, 0x180}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0x4, 0x9, 0x8000, 0x4}}, @eret={0xe6, 0x18, 0xeb4}, @mrs={0xbe, 0x18, {0x603000000013deb5}}, @smc={0x1e, 0x40, {0xc4000007, [0x800000000000, 0x0, 0x5, 0x0, 0xd3d1]}}, @uexit={0x0, 0x18, 0xb0ee2ab}], 0x108}], 0x1, 0x0, &(0x7f0000000180)=[@featur2={0x1, 0x50}], 0x1) 40m52.890631703s ago: executing program 1 (id=278): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000002c0)={0x2, 0x4, 0x3000, 0x1000, &(0x7f0000d12000/0x1000)=nil, 0x8000}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000d91000/0x2000)=nil, 0x0, 0x1000000, 0x11, r6, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xfffbba3d, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x28) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r8, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000}) r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r11, 0x3, 0xa0) 40m11.509983427s ago: executing program 32 (id=276): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r2}) close(r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_fw={0x6030000000140000, &(0x7f0000000240)=0x4}) close(r2) 40m3.922301876s ago: executing program 33 (id=278): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000002c0)={0x2, 0x4, 0x3000, 0x1000, &(0x7f0000d12000/0x1000)=nil, 0x8000}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f0000d91000/0x2000)=nil, 0x0, 0x1000000, 0x11, r6, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000002000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xfffbba3d, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x28) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r8, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4040aea0, &(0x7f0000000000)=@arm64={0x3, 0xe0, 0xb4, '\x00', 0x1}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000}) r11 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r11, 0x3, 0xa0) 35m30.670734037s ago: executing program 2 (id=279): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) close(r4) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = eventfd2(0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x2}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG_arm64(r12, 0x4208ae9b, 0x0) close(r9) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x6000004, 0x2011, r9, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0xe0000, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) 35m22.681070791s ago: executing program 3 (id=280): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async) 35m13.053848698s ago: executing program 2 (id=281): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000100)}, 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) ioctl$KVM_CREATE_VM(r4, 0x5421, 0x20004000) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 34m35.470829236s ago: executing program 34 (id=280): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async) 34m23.650913912s ago: executing program 35 (id=281): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000100)}, 0x0, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0) ioctl$KVM_CREATE_VM(r4, 0x5421, 0x20004000) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 27m32.299485754s ago: executing program 4 (id=287): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000000c0)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x7, 0x5, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000000)=0x10}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, 0xfffffffffffffffe) 27m19.052538483s ago: executing program 5 (id=288): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x25) ioctl$KVM_CAP_ARM_MTE(r2, 0x4068aea3, &(0x7f00000000c0)={0xf5}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x4000000001) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000002c0)) 27m15.266827068s ago: executing program 4 (id=289): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef0000000000000000000000000500000000000000020000000000000003000000000000000000000008000000dc9440a6f6e3f6640b7b71c41be491f72097ce929aea29cf4adb2baf0fe06157948eff72176531f17bde57b506f1c90f9d5fcd68e0592b73e98df2c0a6ffe9c6202e914e6ac8b547dae7f8f4c5d64fb72ee089d353db134077dfd7304c350b789d785d34c4896f0f99f270be33d44f0774c187dacc253ec8469c8611a2328be106f1783a2c9a0b3fcc030f0492b474b84f6f"], 0x40}], 0x1, 0x0, 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0x0, 0x0, 0x0, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) r15 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r16, 0x3, 0x11, r8, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r16, 0x3, 0x11, r15, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 27m6.209743525s ago: executing program 5 (id=290): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x622000, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x622000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x1000, &(0x7f0000fd1000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x0, 0x6000, 0x1000, &(0x7f0000ec2000/0x1000)=nil}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r7, &(0x7f00000001c0)=0x8100000001, 0x2d73) 26m53.879487788s ago: executing program 4 (id=291): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x25) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x3ee}}], 0x50}, 0x0, 0xfffffffffffffc8c) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x19) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x6ce900, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r7, 0x400454d1, 0x110c230020) (async) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x3, 0xffff1000, 0x1000, &(0x7f00003f1000/0x1000)=nil}) (async) r8 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) (async) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x4, 0x0, &(0x7f0000000200)}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f00000000c0)={0x10002, 0x1, 0xfec2c000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x108, &(0x7f0000000000)=0xc000000000000000}) (async) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x9e) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) r12 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae03, 0xc3) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29) (async) eventfd2(0x2, 0x800) 26m51.498316054s ago: executing program 5 (id=292): syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f00000001c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r8, 0x4004aec2, &(0x7f00000000c0)=0x3) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r9, 0x7, 0x4000010, r8, 0x200000000000000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r9, 0x1, 0x12, r3, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r10, 0x8, 0x13, r3, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bf3000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000000)={0x0, &(0x7f00000001c0)}, &(0x7f0000000100)=[@featur2], 0x1) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x1058c0, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur2={0x1, 0x128}], 0x1) syz_kvm_vgic_v3_setup(r15, 0x1, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r17, 0x4018aee2, &(0x7f0000000080)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r18 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r19 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r18, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r19}) ioctl$KVM_S390_VCPU_FAULT(r12, 0x4008ae52, &(0x7f00000003c0)=0x8) 26m38.048149561s ago: executing program 4 (id=293): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x0, 0x0, 0x6, 0x2, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r13, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r13, 0x4008ae61, &(0x7f0000000100)={0x1001ffd, 0x1}) mmap$KVM_VCPU(&(0x7f0000efe000/0x1000)=nil, r11, 0xd, 0x10, r10, 0x0) 26m33.654631573s ago: executing program 5 (id=294): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000000)) ioctl$KVM_GET_SREGS(r3, 0x8000ae83, &(0x7f0000000200)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 26m17.037366352s ago: executing program 5 (id=295): r0 = openat$kvm(0x0, &(0x7f0000000180), 0x10000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xa2) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x401, 0x0) eventfd2(0xba88, 0x80401) close(r8) r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@msr={0x14, 0x0, {0x603000000013c00a, 0x5}}], 0x18}, &(0x7f0000000100)=[@featur1={0x1, 0x32}], 0x56) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000140)=0x43}) r10 = openat$kvm(0x0, &(0x7f00000001c0), 0x161681, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010000a, &(0x7f00000000c0)=0x80003fe}) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c58000/0x2000)=nil, 0x0, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) 26m15.609247072s ago: executing program 4 (id=296): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000000)=0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c4f2}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r6, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3) (async) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000000)=0x1}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c4f2}}], 0x18}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) 25m58.920587457s ago: executing program 4 (id=297): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000e9c000/0x3000)=nil, 0x930, 0x2, 0x2010, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x3, 0x2, &(0x7f0000000140)=0x80}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000002c0)={0x0, &(0x7f00000009c0)}, &(0x7f0000000bc0)=[@featur2={0x1, 0x9}], 0x1) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x105280, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffffffffd) (async) r7 = eventfd2(0xeffffffd, 0x1) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r7, 0x3}) (async) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x200100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0x80111500, 0x2d) (async) write$eventfd(r7, 0x0, 0x0) (async, rerun: 64) r11 = eventfd2(0xffff10c0, 0x801) (rerun: 64) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x4, r11, 0x1}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@smc={0x1e, 0x40, {0x32000000, [0x5, 0xfffffffffffffffa, 0x401, 0x5, 0x5]}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8}) (async, rerun: 32) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x414040, 0x0) (rerun: 32) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) 25m57.829465738s ago: executing program 5 (id=298): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000280)={0x10200, 0x0, &(0x7f0000c5f000/0x4000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) eventfd2(0x8, 0x800) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000050, [0x200000000000007, 0x9, 0x20008, 0xfffffffffffffff8, 0x81]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000180)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x2}) 25m11.908254939s ago: executing program 36 (id=297): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000e9c000/0x3000)=nil, 0x930, 0x2, 0x2010, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x3, 0x2, &(0x7f0000000140)=0x80}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000002c0)={0x0, &(0x7f00000009c0)}, &(0x7f0000000bc0)=[@featur2={0x1, 0x9}], 0x1) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x105280, 0x0) (async) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffffffffd) (async) r7 = eventfd2(0xeffffffd, 0x1) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r7, 0x3}) (async) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x200100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0x80111500, 0x2d) (async) write$eventfd(r7, 0x0, 0x0) (async, rerun: 64) r11 = eventfd2(0xffff10c0, 0x801) (rerun: 64) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x4, r11, 0x1}) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@smc={0x1e, 0x40, {0x32000000, [0x5, 0xfffffffffffffffa, 0x401, 0x5, 0x5]}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8}) (async, rerun: 32) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x414040, 0x0) (rerun: 32) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) 25m4.611281311s ago: executing program 37 (id=298): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000280)={0x10200, 0x0, &(0x7f0000c5f000/0x4000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) eventfd2(0x8, 0x800) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x84000050, [0x200000000000007, 0x9, 0x20008, 0xfffffffffffffff8, 0x81]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000180)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000100)=0x2}) 13m36.580401879s ago: executing program 6 (id=322): r0 = syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000840)=[@featur1={0x1, 0xc7}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x4, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, r0, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x2}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r6, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x40) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r9, 0x400454d4, 0x21) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0xe5) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100024, &(0x7f00000000c0)=0x80003fe}) syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000100)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 13m15.461379496s ago: executing program 7 (id=324): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xc0) (async) r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0xfffffffd, 0x10000, &(0x7f0000000040)=0x7}) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) (async, rerun: 32) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000100)="746abf250f7959c813e4adfb369b808022e69fe80cfadce4a1259e77bab54ac9749537b3d016bb7f745a6e22d2f9ff443f19467748a3fe02c239457600", 0x0, 0xfffffffffffffec5) (async, rerun: 32) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xe) (async, rerun: 32) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r1, 0x4068aea3, &(0x7f0000000240)) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64) syz_kvm_vgic_v3_setup(r5, 0x4, 0x40) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r6, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f00000000c0)=0x4}) (async, rerun: 32) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x24) (rerun: 32) 13m12.248032926s ago: executing program 6 (id=325): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2c) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b78000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r6, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_GUEST_MEMFD(r9, 0xc040aed4, &(0x7f0000000040)={0x1000200001fe0000, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION2(r9, 0x40a0ae49, &(0x7f0000000180)={0x0, 0x4, 0x80a0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil, 0x100000000000000, r10}) close(r9) close(r10) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x7fffffffffffffff}) r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) close(r11) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r15, 0x4040aea0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r15, 0x4018aee2, &(0x7f0000000100)=@attr_pmu_init) 12m59.511375791s ago: executing program 7 (id=326): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="f21bc75509bf71c9d70236fc245d53cb01000000000000d60000000700000000000000002000", 0x0, 0x48) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r6, &(0x7f00000001c0)=0xffffff7f, 0xff25) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000100)="fb0149dd033be3ac2cc4a29ea6af8031d1dfd900080001000000315f9731c10d097fd66f8f1f44f9ffffffffffffffebb207000000000000000000002a2900", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x0, {0x3, 0xb2}}, @code={0xa, 0x0, {"0000008a000028d50038212e604b95d20080b8f2e10180d2820080d2c30180d2a40180d2020000d40060000f0070800c000028d5c05096d20060b8f2e10180d2220180d2830080d2440180d2020000d4007008d5a09489d200a0b8f2c10180d2620180d2a30080d2640180d2020000d4"}}, @code={0xa, 0x0, {"007008d5000008d5000008d5000008d520b49cd200a0b0f2810180d2a20080d2a30080d2a40080d2020000d440d28ad200c0b0f2610180d2a20180d2c30180d2e40080d2020000d400000058007008d5c0e995d20000b8f2e10080d2a20180d2e30080d2640180d2020000d4007008d5"}}, @svc={0x122, 0x0, {0x8600ff01, [0x3800000, 0x9, 0x47, 0x7f, 0x1]}}, @smc={0x1e, 0x0, {0x3f000000, [0xc35, 0xd, 0x7fff, 0xcb00000000000000, 0x9]}}, @code={0xa, 0x0, {"007008d5408e8dd200c0b8f2e10180d2220080d2030080d2a40180d2020000d4000008d500e0ff0d007008d500538ed200a0b8f2810080d2a20080d2e30080d2840180d2020000d4404781d20040b0f2e10180d2e20180d2e30080d2240180d2020000d40038207e007008d500ec87d20020b8f2a10080d2e20180d2630180d2a40180d2020000d4"}}, @uexit={0x0, 0x0, 0x3}, @msr={0x14, 0x0, {0x603000000013c4cb, 0x9}}, @irq_setup={0x46, 0x0, {0x1, 0x330}}, @its_setup={0x82, 0x0, {0x0, 0x1, 0x118}}, @msr={0x14, 0x0, {0x603000000013e6cb}}, @code={0xa, 0x0, {"005c205ec05a9cd200a0b8f2e10180d2820080d2a30180d2c40080d2020000d40000c0a8a0f99ad20040b0f2610080d2020080d2230080d2040080d2020000d4c0f887d20080b8f2010080d2220180d2630180d2c40080d2020000d4000028d5000008d5400691d200e0b0f2610080d2a20080d2a30180d2240080d2020000d440c895d200a0b0f2e10080d2020180d2e30080d2e40180d2020000d4000008d5"}}, @uexit={0x0, 0x0, 0x100000001}, @mrs={0xbe, 0x0, {0x603000000013e720}}, @code={0xa, 0x0, {"000008d5007008d5008008d5601c93d20060b0f2410180d2820180d2430080d2840080d2020000d4008008d5805991d20000b0f2010180d2420180d2830080d2e40080d2020000d4007008d500000014000020aa007008d5"}}], 0xffffff67}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r10, 0xae80, 0x0) 12m46.529979002s ago: executing program 6 (id=327): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x0, 0x0, 0x79, 0x1}}], 0x50}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r5 = eventfd2(0xffff10c0, 0x801) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1d) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000040)={r5, 0x6, 0x1, r5}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8086000, 0x0, r5}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r9, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x100, 0x0) close(0x3) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xab) r13 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r14 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) 12m33.314284079s ago: executing program 7 (id=328): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x83, 0x0}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r1, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) 12m19.774648511s ago: executing program 6 (id=329): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0x40086602, 0x110c230000) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_init) 12m15.431406823s ago: executing program 7 (id=330): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xea12157bff932e6}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0x40086602, 0x20000000) (async) ioctl$KVM_CREATE_VM(r0, 0x40086602, 0x20000000) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c00b}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r6, 0x1, 0x100) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) (async) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a0000}) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) (async) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000000)) 12m5.389131074s ago: executing program 6 (id=331): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r3 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0xf1, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x84000053, [0x80000000000, 0x6, 0xf1, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) 11m57.745426024s ago: executing program 7 (id=332): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r4 = ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0x4030582b, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000300)=@attr_other={0x0, 0x8, 0x40, &(0x7f0000000140)=0x2}) (async) r7 = syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000440)=[@featur1={0x1, 0x2a}], 0x1) (async) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x800000000108, &(0x7f0000000340)=0x2}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) (async, rerun: 64) ioctl$KVM_SET_REGS(r7, 0x4360ae82, &(0x7f0000000200)={[0x7fffffffffffffff, 0xffffffffffff8001, 0x2, 0x9, 0x2, 0x10001, 0x8, 0x4, 0x2, 0x6, 0x2, 0x2, 0x6, 0xd, 0x8, 0x8], 0x100000, 0x2040}) (async, rerun: 64) ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f0000000000)) 11m42.697732179s ago: executing program 6 (id=333): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = eventfd2(0x4, 0x80000) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r2, 0x3}) write$eventfd(r2, &(0x7f0000000140)=0x3, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420042, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = eventfd2(0xffff10c0, 0x801) ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000240)={0xc0, 0x0, 0x2000}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x0, r6}) r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x80000000, [0x2, 0x7, 0x9]}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2c) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={r6, 0x2d, 0x2, r6}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x1, &(0x7f00000000c0)=0x6}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 11m37.328068682s ago: executing program 7 (id=334): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x3a3183, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, 0xffffffffffffffff) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x6030000000138010}}], 0x18}, 0x0, 0x0) (async) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r15 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) syz_kvm_assert_syzos_uexit$arm64(r15, 0xffffffffffffffff) (async) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x13, r5, 0x0) 10m55.300222086s ago: executing program 38 (id=333): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = eventfd2(0x4, 0x80000) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r2, 0x3}) write$eventfd(r2, &(0x7f0000000140)=0x3, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420042, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = eventfd2(0xffff10c0, 0x801) ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000240)={0xc0, 0x0, 0x2000}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000100)={0xf09, 0x8080000, 0x0, r6}) r7 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x80000000, [0x2, 0x7, 0x9]}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2c) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={r6, 0x2d, 0x2, r6}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x0, 0x1, &(0x7f00000000c0)=0x6}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 10m48.361444519s ago: executing program 39 (id=334): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x3a3183, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, 0xffffffffffffffff) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x6030000000138010}}], 0x18}, 0x0, 0x0) (async) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r15 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r13, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) syz_kvm_assert_syzos_uexit$arm64(r15, 0xffffffffffffffff) (async) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x13, r5, 0x0) 2m3.830886467s ago: executing program 8 (id=335): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x181900, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f00000000c0)={0x11, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VM(r0, 0x400454d1, 0x1b) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x80, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r9, 0x4018aee3, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xb}) r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f0000000440)=[@msr={0x14, 0x20, {0x6030000000138017, 0x8000}}, @msr={0x14, 0x20, {0x603000000013801f, 0x8000}}, @msr={0x14, 0x20, {0x6030000000138084, 0x8000}}, @uexit={0x0, 0x18, 0x40}, @eret={0xe6, 0x18, 0x2}, @msr={0x14, 0x20, {0x603000000013e110, 0xa}}, @msr={0x14, 0x20, {0x6030000000139828, 0x8000}}, @msr={0x14, 0x20, {0x603000000013c527, 0x8000}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x403a1}}, @uexit={0x0, 0x18, 0x3}], 0x130}, 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) r12 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r11, 0x3, 0x11, r10, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r12, 0xffffffffffffffff) syz_kvm_assert_reg(r10, 0x6030000000138017, 0x8000) syz_kvm_assert_reg(r10, 0x603000000013801f, 0x8000) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x6) syz_kvm_assert_reg(r10, 0x6030000000138084, 0x8000) syz_kvm_assert_reg(r10, 0x0, 0x3) syz_kvm_assert_reg(r10, 0x60300000001383c6, 0x8000) ioctl$KVM_CAP_ARM_USER_IRQ(r3, 0x4068aea3, &(0x7f0000000000)) syz_kvm_assert_reg(r10, 0x60300000001383ce, 0x8000) syz_kvm_assert_reg(r10, 0x6030000000139828, 0x8000) syz_kvm_assert_reg(r10, 0x6030000000139828, 0x8000) mmap$KVM_VCPU(&(0x7f0000fe3000/0x1000)=nil, 0x0, 0x4, 0x10, r10, 0x0) 1m56.430020716s ago: executing program 9 (id=336): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x4, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m38.419823606s ago: executing program 9 (id=337): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x12102, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r6, 0x401054d6, 0x1) r7 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r10, 0x2000000, 0x14012, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000f7f000/0x2000)=nil, r3, 0x4000007, 0x80010, r8, 0x0) 1m35.714950911s ago: executing program 8 (id=338): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1000000000000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000300), 0x600c00, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000009000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0xb, 0x11, r4, 0x0) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}, &(0x7f0000000180)=[@featur1={0x1, 0xb}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r5, 0x2, 0x10, r6, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x21) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) r10 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r9, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000080)=0x2}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000000)=0x1fdacf41}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r8, 0x4008ae73, &(0x7f00000000c0)={0x5038, 0x3}) openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0x0) ioctl$KVM_GET_REGS(r13, 0x8360ae81, &(0x7f0000000340)) 1m13.294500866s ago: executing program 9 (id=339): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_ARM_PREFERRED_TARGET(0xffffffffffffffff, 0x8020aeaf, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x1000, 0x4, 0x8, 0x0, 0x70}) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0xc212, 0xc, &(0x7f0000000140)}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000080)=@x86={0x0, 0xfb, 0x3, 0x0, 0x10, 0x7, 0x6, 0xe, 0xf, 0x2, 0x6, 0xfd, 0x0, 0xc03, 0x8, 0x3, 0x10, 0x0, 0x0, '\x00', 0x87, 0xfffffffffffffffe}) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r11 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r11}) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000080)={0x0, 0x4, 0x1, r11, 0x5}) r12 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, 0xffffffffffffffff) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1m10.848374632s ago: executing program 8 (id=340): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) (async, rerun: 32) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10004, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) (async, rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0x8004000000000000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) 49.782023812s ago: executing program 8 (id=341): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0x4030582a, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0x4030582a, 0x0) (async) 24.920955013s ago: executing program 40 (id=339): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_ARM_PREFERRED_TARGET(0xffffffffffffffff, 0x8020aeaf, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x1000, 0x4, 0x8, 0x0, 0x70}) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000300)={0x0, &(0x7f0000000480)=[@smc={0x1e, 0x40, {0xc4000001, [0x8, 0x939, 0xe, 0x7f, 0x4]}}], 0x40}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0xc212, 0xc, &(0x7f0000000140)}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000080)=@x86={0x0, 0xfb, 0x3, 0x0, 0x10, 0x7, 0x6, 0xe, 0xf, 0x2, 0x6, 0xfd, 0x0, 0xc03, 0x8, 0x3, 0x10, 0x0, 0x0, '\x00', 0x87, 0xfffffffffffffffe}) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r11 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r11}) ioctl$KVM_IOEVENTFD(r10, 0x4040ae79, &(0x7f0000000080)={0x0, 0x4, 0x1, r11, 0x5}) r12 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r14, 0x4018aee1, 0xffffffffffffffff) ioctl$KVM_RUN(r4, 0xae80, 0x0) 0s ago: executing program 41 (id=341): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0x4030582a, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_VM(r2, 0x894c, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0x4030582a, 0x0) (async) kernel console output (not intermixed with test programs): [ 387.343556][ T3166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 432.686326][ T3166] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:48215' (ED25519) to the list of known hosts. [ 598.801236][ T25] audit: type=1400 audit(597.980:61): avc: denied { name_bind } for pid=3325 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 600.391560][ T25] audit: type=1400 audit(599.580:62): avc: denied { execute } for pid=3326 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 600.417283][ T25] audit: type=1400 audit(599.600:63): avc: denied { execute_no_trans } for pid=3326 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 619.957702][ T25] audit: type=1400 audit(619.150:64): avc: denied { mounton } for pid=3326 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 620.010196][ T25] audit: type=1400 audit(619.200:65): avc: denied { mount } for pid=3326 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 620.094614][ T3326] cgroup: Unknown subsys name 'net' [ 620.172516][ T25] audit: type=1400 audit(619.370:66): avc: denied { unmount } for pid=3326 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 620.595057][ T3326] cgroup: Unknown subsys name 'cpuset' [ 620.751153][ T3326] cgroup: Unknown subsys name 'rlimit' [ 621.951979][ T25] audit: type=1400 audit(621.130:67): avc: denied { setattr } for pid=3326 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 622.000512][ T25] audit: type=1400 audit(621.190:68): avc: denied { mounton } for pid=3326 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 622.029926][ T25] audit: type=1400 audit(621.220:69): avc: denied { mount } for pid=3326 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 623.242961][ T3330] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 623.263335][ T25] audit: type=1400 audit(622.450:70): avc: denied { relabelto } for pid=3330 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 623.290128][ T25] audit: type=1400 audit(622.480:71): avc: denied { write } for pid=3330 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 623.467514][ T25] audit: type=1400 audit(622.660:72): avc: denied { read } for pid=3326 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 623.487027][ T25] audit: type=1400 audit(622.670:73): avc: denied { open } for pid=3326 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 623.532092][ T3326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 675.353243][ T25] audit: type=1400 audit(674.520:74): avc: denied { execmem } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 679.696688][ T25] audit: type=1400 audit(678.890:75): avc: denied { open } for pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 679.710857][ T25] audit: type=1400 audit(678.900:76): avc: denied { read } for pid=3334 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 679.781702][ T25] audit: type=1400 audit(678.960:77): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 680.050606][ T25] audit: type=1400 audit(679.230:78): avc: denied { module_request } for pid=3333 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 680.060759][ T25] audit: type=1400 audit(679.240:79): avc: denied { module_request } for pid=3334 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 681.047536][ T25] audit: type=1400 audit(680.230:80): avc: denied { sys_module } for pid=3334 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 707.119187][ T3334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 707.375088][ T3334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 707.751093][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 707.852523][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 719.356165][ T3334] hsr_slave_0: entered promiscuous mode [ 719.405856][ T3334] hsr_slave_1: entered promiscuous mode [ 720.314617][ T3333] hsr_slave_0: entered promiscuous mode [ 720.345962][ T3333] hsr_slave_1: entered promiscuous mode [ 720.382297][ T3333] debugfs: 'hsr0' already exists in 'hsr' [ 720.386347][ T3333] Cannot create hsr debugfs directory [ 726.017538][ T25] audit: type=1400 audit(725.210:81): avc: denied { create } for pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 726.070172][ T25] audit: type=1400 audit(725.260:82): avc: denied { write } for pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 726.106532][ T25] audit: type=1400 audit(725.300:83): avc: denied { read } for pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 726.255443][ T3334] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 726.617001][ T3334] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 726.962448][ T3334] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 727.126657][ T3334] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 728.914549][ T3333] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 729.131468][ T3333] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 729.286558][ T3333] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 729.504830][ T3333] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 740.814432][ T3334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 743.482778][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 798.614059][ T3334] veth0_vlan: entered promiscuous mode [ 799.210637][ T3334] veth1_vlan: entered promiscuous mode [ 800.650552][ T3333] veth0_vlan: entered promiscuous mode [ 801.565806][ T3333] veth1_vlan: entered promiscuous mode [ 801.672370][ T3334] veth0_macvtap: entered promiscuous mode [ 802.086999][ T3334] veth1_macvtap: entered promiscuous mode [ 804.280855][ T3333] veth0_macvtap: entered promiscuous mode [ 804.521193][ T3383] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.705174][ T3383] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.706652][ T3383] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.714130][ T3383] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 804.865545][ T3333] veth1_macvtap: entered promiscuous mode [ 807.060209][ T25] audit: type=1400 audit(806.230:84): avc: denied { mount } for pid=3334 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 807.250452][ T25] audit: type=1400 audit(806.430:85): avc: denied { mounton } for pid=3334 comm="syz-executor" path="/syzkaller.I3LKGO/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 807.471397][ T25] audit: type=1400 audit(806.660:86): avc: denied { mount } for pid=3334 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 807.893495][ T25] audit: type=1400 audit(807.090:87): avc: denied { mounton } for pid=3334 comm="syz-executor" path="/syzkaller.I3LKGO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 807.904925][ T3383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.917354][ T3383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.952449][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.970224][ T3363] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 808.056964][ T25] audit: type=1400 audit(807.250:88): avc: denied { mounton } for pid=3334 comm="syz-executor" path="/syzkaller.I3LKGO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 808.594812][ T25] audit: type=1400 audit(807.790:89): avc: denied { unmount } for pid=3334 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 808.831349][ T25] audit: type=1400 audit(807.980:90): avc: denied { mounton } for pid=3334 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 808.953107][ T25] audit: type=1400 audit(808.150:91): avc: denied { mount } for pid=3334 comm="syz-executor" name="/" dev="gadgetfs" ino=3800 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 809.403943][ T25] audit: type=1400 audit(808.600:92): avc: denied { mount } for pid=3334 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 809.511679][ T25] audit: type=1400 audit(808.700:93): avc: denied { mounton } for pid=3334 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 810.662330][ T3334] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 821.863900][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 821.864848][ T25] audit: type=1400 audit(821.040:98): avc: denied { read } for pid=3488 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 822.055168][ T25] audit: type=1400 audit(821.210:99): avc: denied { open } for pid=3488 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 822.190519][ T25] audit: type=1400 audit(821.380:100): avc: denied { ioctl } for pid=3488 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 827.275797][ T25] audit: type=1400 audit(826.400:101): avc: denied { create } for pid=3490 comm="syz.0.1" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 827.452581][ T25] audit: type=1400 audit(826.640:102): avc: denied { append } for pid=3490 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 846.729623][ T25] audit: type=1400 audit(845.840:103): avc: denied { write } for pid=3510 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1116.045567][ T25] audit: type=1400 audit(1115.230:104): avc: denied { execute } for pid=3690 comm="syz.1.62" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=7149 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1153.457455][ T3718] KVM: debugfs: duplicate directory 3718-12 [ 1214.686690][ T3753] KVM: debugfs: duplicate directory 3753-7 [ 1281.810262][ T25] audit: type=1400 audit(1280.990:105): avc: denied { ioctl } for pid=3790 comm="syz.0.93" path="net:[4026532627]" dev="nsfs" ino=4026532627 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1369.061952][ T25] audit: type=1400 audit(1368.160:106): avc: denied { map } for pid=3846 comm="syz.1.110" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9894 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1369.111443][ T25] audit: type=1400 audit(1368.280:107): avc: denied { read } for pid=3846 comm="syz.1.110" path="anon_inode:[kvm-gmem]" dev="anon_inodefs" ino=9894 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1471.723437][ T25] audit: type=1400 audit(1470.920:108): avc: denied { map } for pid=3906 comm="syz.1.131" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1771.706622][ T4094] kvm [4094]: Failed to find VMA for hva 0x20c01000 [ 1773.566274][ T4094] kvm [4094]: Failed to find VMA for hva 0x20c01000 [ 2016.080698][ T25] audit: type=1400 audit(2015.240:109): avc: denied { execute } for pid=4249 comm="syz.1.237" path="/118/T" dev="tmpfs" ino=611 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 2113.176935][ T4316] kvm [4316]: Failed to find VMA for hva 0x20e51000 [ 2190.661497][ T4373] kvm [4373]: Failed to find VMA for hva 0x20c01000 [ 2211.995087][ T4381] kvm [4381]: Failed to find VMA for hva 0x20e51000 [ 2258.044977][ T3709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2259.475668][ T3709] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.262244][ T3709] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2262.423602][ T3709] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2278.033538][ T3709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2278.190577][ T3709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2278.274053][ T3709] bond0 (unregistering): Released all slaves [ 2280.000048][ T3709] hsr_slave_0: left promiscuous mode [ 2280.301256][ T3709] hsr_slave_1: left promiscuous mode [ 2281.510457][ T3709] veth1_macvtap: left promiscuous mode [ 2281.512335][ T3709] veth0_macvtap: left promiscuous mode [ 2281.522907][ T3709] veth1_vlan: left promiscuous mode [ 2281.525061][ T3709] veth0_vlan: left promiscuous mode [ 2301.486055][ T3709] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2302.202872][ T3709] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2303.203835][ T3709] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2304.004250][ T3709] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2316.147723][ T3709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2316.254292][ T3709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2316.305337][ T3709] bond0 (unregistering): Released all slaves [ 2317.156010][ T3709] hsr_slave_0: left promiscuous mode [ 2317.212709][ T3709] hsr_slave_1: left promiscuous mode [ 2317.796933][ T3709] veth1_macvtap: left promiscuous mode [ 2317.809414][ T3709] veth0_macvtap: left promiscuous mode [ 2317.832373][ T3709] veth1_vlan: left promiscuous mode [ 2317.845301][ T3709] veth0_vlan: left promiscuous mode [ 2350.444182][ T4389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2350.584319][ T4389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2354.463232][ T4395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2354.712130][ T4395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2370.002734][ T4389] hsr_slave_0: entered promiscuous mode [ 2370.054075][ T4389] hsr_slave_1: entered promiscuous mode [ 2374.214077][ T4395] hsr_slave_0: entered promiscuous mode [ 2374.282931][ T4395] hsr_slave_1: entered promiscuous mode [ 2374.333500][ T4395] debugfs: 'hsr0' already exists in 'hsr' [ 2374.348810][ T4395] Cannot create hsr debugfs directory [ 2384.803927][ T4389] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2385.427080][ T4389] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2386.151843][ T4389] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2387.291144][ T4389] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2391.527401][ T4395] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2392.046697][ T4395] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2392.467126][ T4395] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2392.950747][ T4395] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2413.826580][ T4389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2418.586898][ T4395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2499.987697][ T4389] veth0_vlan: entered promiscuous mode [ 2500.981248][ T4389] veth1_vlan: entered promiscuous mode [ 2503.522076][ T4389] veth0_macvtap: entered promiscuous mode [ 2504.055532][ T4389] veth1_macvtap: entered promiscuous mode [ 2506.393920][ T4395] veth0_vlan: entered promiscuous mode [ 2508.532702][ T4395] veth1_vlan: entered promiscuous mode [ 2509.463951][ T3709] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2509.470817][ T3709] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2509.618999][ T3709] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2509.792090][ T4399] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2514.960764][ T4395] veth0_macvtap: entered promiscuous mode [ 2515.903340][ T4395] veth1_macvtap: entered promiscuous mode [ 2520.061871][ T4392] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2520.074259][ T4392] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2520.207535][ T4392] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2520.346675][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2531.579291][ T25] audit: type=1400 audit(2530.730:110): avc: denied { execute } for pid=4621 comm="syz.2.279" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2618.567695][ T4392] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2620.421313][ T4392] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2621.866829][ T4392] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2623.395516][ T4392] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2647.129953][ T4392] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2647.969779][ T4392] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2648.282794][ T4392] bond0 (unregistering): Released all slaves [ 2650.250998][ T4392] hsr_slave_0: left promiscuous mode [ 2650.310911][ T4392] hsr_slave_1: left promiscuous mode [ 2650.800847][ T4392] veth1_macvtap: left promiscuous mode [ 2650.804240][ T4392] veth0_macvtap: left promiscuous mode [ 2650.830359][ T4392] veth1_vlan: left promiscuous mode [ 2650.853109][ T4392] veth0_vlan: left promiscuous mode [ 2671.521952][ T4392] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2672.840407][ T4392] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2673.827364][ T4392] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2675.314183][ T4392] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2693.022142][ T4392] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2693.380064][ T4392] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2693.600554][ T4392] bond0 (unregistering): Released all slaves [ 2696.020740][ T4392] hsr_slave_0: left promiscuous mode [ 2696.120813][ T4392] hsr_slave_1: left promiscuous mode [ 2696.851266][ T4392] veth1_macvtap: left promiscuous mode [ 2696.853924][ T4392] veth0_macvtap: left promiscuous mode [ 2696.871827][ T4392] veth1_vlan: left promiscuous mode [ 2696.892579][ T4392] veth0_vlan: left promiscuous mode [ 2729.700633][ T4658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2729.903972][ T4658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2734.616184][ T4665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2734.841444][ T4665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2754.794519][ T4658] hsr_slave_0: entered promiscuous mode [ 2754.903311][ T4658] hsr_slave_1: entered promiscuous mode [ 2760.603520][ T4665] hsr_slave_0: entered promiscuous mode [ 2760.662939][ T4665] hsr_slave_1: entered promiscuous mode [ 2760.706885][ T4665] debugfs: 'hsr0' already exists in 'hsr' [ 2760.722004][ T4665] Cannot create hsr debugfs directory [ 2775.706003][ T4658] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2776.401974][ T4658] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2776.789919][ T4658] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2777.275504][ T4658] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2781.829295][ T4665] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2782.222838][ T4665] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2782.751669][ T4665] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2783.207547][ T4665] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2803.375487][ T4658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2808.933212][ T4665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2923.036050][ T4658] veth0_vlan: entered promiscuous mode [ 2924.063097][ T4658] veth1_vlan: entered promiscuous mode [ 2927.107383][ T4658] veth0_macvtap: entered promiscuous mode [ 2928.232241][ T4658] veth1_macvtap: entered promiscuous mode [ 2930.039838][ T4665] veth0_vlan: entered promiscuous mode [ 2931.923863][ T4665] veth1_vlan: entered promiscuous mode [ 2934.031583][ T3232] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2934.035700][ T3232] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2934.329258][ T3232] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2934.342397][ T4398] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2939.223869][ T4665] veth0_macvtap: entered promiscuous mode [ 2940.081266][ T4665] veth1_macvtap: entered promiscuous mode [ 2945.210351][ T4398] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2945.250488][ T4398] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2945.263590][ T4398] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2945.456243][ T4823] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3162.384329][ T4594] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3164.541907][ T4594] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3167.292778][ T4594] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3168.952994][ T4594] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3192.433364][ T4594] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3192.613829][ T4594] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3192.841589][ T4594] bond0 (unregistering): Released all slaves [ 3196.681625][ T4594] hsr_slave_0: left promiscuous mode [ 3197.369345][ T4594] hsr_slave_1: left promiscuous mode [ 3199.061983][ T4594] veth1_macvtap: left promiscuous mode [ 3199.064238][ T4594] veth0_macvtap: left promiscuous mode [ 3199.090584][ T4594] veth1_vlan: left promiscuous mode [ 3199.141120][ T4594] veth0_vlan: left promiscuous mode [ 3231.031047][ T4594] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3232.795217][ T4594] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3234.494904][ T4594] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3236.204925][ T4594] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3259.024535][ T4594] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3259.443283][ T4594] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3259.650850][ T4594] bond0 (unregistering): Released all slaves [ 3262.011024][ T4594] hsr_slave_0: left promiscuous mode [ 3262.100341][ T4594] hsr_slave_1: left promiscuous mode [ 3262.562996][ T4594] veth1_macvtap: left promiscuous mode [ 3262.580531][ T4594] veth0_macvtap: left promiscuous mode [ 3262.586106][ T4594] veth1_vlan: left promiscuous mode [ 3262.604089][ T4594] veth0_vlan: left promiscuous mode [ 3324.231042][ T5036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3324.884570][ T5036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3325.007056][ T5030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3325.974585][ T5030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3353.032293][ T5036] hsr_slave_0: entered promiscuous mode [ 3353.107347][ T5036] hsr_slave_1: entered promiscuous mode [ 3357.475345][ T5030] hsr_slave_0: entered promiscuous mode [ 3357.612915][ T5030] hsr_slave_1: entered promiscuous mode [ 3357.724042][ T5030] debugfs: 'hsr0' already exists in 'hsr' [ 3357.790578][ T5030] Cannot create hsr debugfs directory [ 3377.196819][ T5036] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3377.973858][ T5036] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3378.417347][ T5036] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3379.311321][ T5036] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3384.893745][ T5030] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 3385.482407][ T5030] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 3386.030935][ T5030] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 3386.317009][ T5030] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 3411.742037][ T5036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3418.507680][ T5030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3559.231872][ T5036] veth0_vlan: entered promiscuous mode [ 3560.725848][ T5036] veth1_vlan: entered promiscuous mode [ 3566.950928][ T5036] veth0_macvtap: entered promiscuous mode [ 3567.216528][ T5030] veth0_vlan: entered promiscuous mode [ 3568.474735][ T5036] veth1_macvtap: entered promiscuous mode [ 3569.823703][ T5030] veth1_vlan: entered promiscuous mode [ 3574.725043][ T12] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3574.743972][ T5051] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3574.804054][ T12] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3574.852178][ T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3577.392133][ T5030] veth0_macvtap: entered promiscuous mode [ 3578.576939][ T5030] veth1_macvtap: entered promiscuous mode [ 3584.260581][ T3232] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3584.290977][ T3232] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3584.362530][ T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3584.463960][ T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3924.184945][ T25] audit: type=1400 audit(3923.200:111): avc: denied { setattr } for pid=5457 comm="syz.7.330" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4039.205579][ T4397] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4041.766591][ T4397] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4043.881414][ T4397] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4046.355093][ T4397] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4074.080611][ T4397] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4074.661043][ T4397] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4075.007161][ T4397] bond0 (unregistering): Released all slaves [ 4077.680132][ T4397] hsr_slave_0: left promiscuous mode [ 4077.889059][ T4397] hsr_slave_1: left promiscuous mode [ 4079.002104][ T4397] veth1_macvtap: left promiscuous mode [ 4079.003526][ T4397] veth0_macvtap: left promiscuous mode [ 4079.044085][ T4397] veth1_vlan: left promiscuous mode [ 4079.045730][ T4397] veth0_vlan: left promiscuous mode [ 4118.085234][ T4398] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4119.746873][ T4398] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4121.479957][ T4398] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4122.735593][ T4398] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4147.070955][ T4398] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4147.371057][ T4398] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4147.509800][ T4398] bond0 (unregistering): Released all slaves [ 4149.984716][ T4398] hsr_slave_0: left promiscuous mode [ 4150.090273][ T4398] hsr_slave_1: left promiscuous mode [ 4150.584609][ T4398] veth1_macvtap: left promiscuous mode [ 4150.614902][ T4398] veth0_macvtap: left promiscuous mode [ 4150.634569][ T4398] veth1_vlan: left promiscuous mode [ 4150.709883][ T4398] veth0_vlan: left promiscuous mode [ 4217.603501][ T5506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4219.075535][ T5506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4220.464401][ T5512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4221.549841][ T5512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4250.447257][ T5506] hsr_slave_0: entered promiscuous mode [ 4250.549782][ T5506] hsr_slave_1: entered promiscuous mode [ 4253.645550][ T5512] hsr_slave_0: entered promiscuous mode [ 4253.844522][ T5512] hsr_slave_1: entered promiscuous mode [ 4253.924109][ T5512] debugfs: 'hsr0' already exists in 'hsr' [ 4253.931810][ T5512] Cannot create hsr debugfs directory [ 4279.616992][ T5506] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 4280.505570][ T5506] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 4281.236097][ T5506] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 4282.305101][ T5506] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 4288.084498][ T5512] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 4288.784411][ T5512] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 4289.421809][ T5512] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 4289.925815][ T5512] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 4320.596481][ T5506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4328.742439][ T5512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4492.654226][ T5506] veth0_vlan: entered promiscuous mode [ 4494.571674][ T5506] veth1_vlan: entered promiscuous mode [ 4500.103086][ T5512] veth0_vlan: entered promiscuous mode [ 4501.685105][ T5506] veth0_macvtap: entered promiscuous mode [ 4503.113559][ T5506] veth1_macvtap: entered promiscuous mode [ 4503.553762][ T5512] veth1_vlan: entered promiscuous mode [ 4511.139317][ T5515] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4511.539429][ T5515] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4511.549371][ T5515] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4511.555180][ T5515] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4512.541251][ T5512] veth0_macvtap: entered promiscuous mode [ 4514.353685][ T5512] veth1_macvtap: entered promiscuous mode [ 4522.439229][ T5051] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4522.600786][ T3232] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4522.611548][ T5509] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4522.710009][ T5507] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4795.753678][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4796.456941][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4823.862358][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4824.566626][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4865.561380][ T5799] hsr_slave_0: entered promiscuous mode [ 4865.820031][ T5799] hsr_slave_1: entered promiscuous mode [ 4866.020662][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 4866.061549][ T5799] Cannot create hsr debugfs directory [ 4894.661919][ T5809] hsr_slave_0: entered promiscuous mode [ 4894.871641][ T5809] hsr_slave_1: entered promiscuous mode [ 4894.983810][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 4895.056914][ T5809] Cannot create hsr debugfs directory [ 4940.783037][ T5799] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4944.999883][ T5799] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4946.077420][ T5799] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4949.949621][ T5799] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4972.470652][ T5809] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 4973.354638][ T5809] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 4974.077366][ T5809] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 4975.032321][ T5809] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 5012.382609][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5029.366142][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5063.683092][ T27] INFO: task syz.8.341:5788 blocked for more than 430 seconds. [ 5063.684309][ T27] Not tainted syzkaller #0 [ 5063.685226][ T27] Blocked by coredump. [ 5063.685539][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5063.685985][ T27] task:syz.8.341 state:D stack:0 pid:5788 tgid:5787 ppid:5506 task_flags:0x40044c flags:0x00000018 [ 5063.687413][ T27] Call trace: [ 5063.730421][ T27] __switch_to+0x584/0xb20 (T) [ 5063.790407][ T27] __schedule+0x1eec/0x33a4 [ 5063.852378][ T27] schedule+0xac/0x27c [ 5063.860331][ T27] schedule_timeout+0x5c/0x1e4 [ 5063.861035][ T27] do_wait_for_common+0x28c/0x444 [ 5063.861561][ T27] wait_for_completion+0x44/0x5c [ 5063.862010][ T27] __synchronize_srcu+0x2a4/0x320 [ 5063.862519][ T27] synchronize_srcu+0x3cc/0x4f0 [ 5063.862987][ T27] __mmu_notifier_release+0x424/0x614 [ 5063.863445][ T27] exit_mmap+0xbc/0xbbc [ 5063.863873][ T27] __mmput+0x10c/0x530 [ 5063.864361][ T27] mmput+0x70/0xac [ 5063.864855][ T27] exit_mm+0x158/0x258 [ 5063.865331][ T27] do_exit+0x788/0x2378 [ 5063.865798][ T27] do_group_exit+0x1d4/0x2ac [ 5063.866266][ T27] get_signal+0x1440/0x1554 [ 5063.866747][ T27] arch_do_signal_or_restart+0x23c/0x4d98 [ 5063.867241][ T27] exit_to_user_mode_loop+0x7c/0x178 [ 5063.867715][ T27] el0_svc+0x170/0x234 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5064.057567][ T27] el0t_64_sync_handler+0x84/0x12c [ 5064.081958][ T27] el0t_64_sync+0x198/0x19c [ 5064.150338][ T27] [ 5064.150338][ T27] Showing all locks held in the system: [ 5064.150980][ T27] 1 lock held by khungtaskd/27: [ 5064.151415][ T27] #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 5064.154018][ T27] 2 locks held by getty/3198: [ 5064.154413][ T27] #0: 2df0000011c328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5064.156122][ T27] #1: b6ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 5064.321965][ T27] 3 locks held by kworker/u4:1/3232: [ 5064.322512][ T27] 2 locks held by syz-executor/3326: [ 5064.322847][ T27] 3 locks held by kworker/u4:6/4392: [ 5064.323146][ T27] 3 locks held by kworker/u4:9/4399: [ 5064.323511][ T27] 2 locks held by kworker/u4:11/4823: [ 5064.323835][ T27] 3 locks held by kworker/u4:13/5051: [ 5064.324170][ T27] 3 locks held by kworker/u4:12/5515: [ 5064.324541][ T27] 2 locks held by syz.9.339/5775: [ 5064.324876][ T27] 2 locks held by kworker/u4:0/5812: [ 5064.325180][ T27] #0: 15f000000cc26948 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5064.326848][ T27] #1: ffff80008f2f7c88 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5064.470829][ T27] 2 locks held by kworker/0:3/5894: [ 5064.471195][ T27] 2 locks held by dhcpcd-run-hook/5959: [ 5064.471530][ T27] 2 locks held by modprobe/5960: [ 5064.471973][ T27] [ 5064.472237][ T27] ============================================= [ 5064.472237][ T27] [ 5084.835405][ T27] INFO: task syz.8.341:5788 blocked for more than 451 seconds. [ 5084.871445][ T27] Not tainted syzkaller #0 [ 5084.875757][ T27] Blocked by coredump. [ 5084.876260][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5084.876561][ T27] task:syz.8.341 state:D stack:0 pid:5788 tgid:5787 ppid:5506 task_flags:0x40044c flags:0x00000018 [ 5084.877300][ T27] Call trace: [ 5084.877575][ T27] __switch_to+0x584/0xb20 (T) [ 5084.952116][ T27] __schedule+0x1eec/0x33a4 [ 5084.952751][ T27] schedule+0xac/0x27c [ 5084.953242][ T27] schedule_timeout+0x5c/0x1e4 [ 5084.953728][ T27] do_wait_for_common+0x28c/0x444 [ 5084.954163][ T27] wait_for_completion+0x44/0x5c [ 5084.954617][ T27] __synchronize_srcu+0x2a4/0x320 [ 5084.955077][ T27] synchronize_srcu+0x3cc/0x4f0 [ 5084.955551][ T27] __mmu_notifier_release+0x424/0x614 [ 5084.955974][ T27] exit_mmap+0xbc/0xbbc [ 5084.956422][ T27] __mmput+0x10c/0x530 [ 5084.956925][ T27] mmput+0x70/0xac [ 5084.957420][ T27] exit_mm+0x158/0x258 [ 5085.065873][ T27] do_exit+0x788/0x2378 [ 5085.066531][ T27] do_group_exit+0x1d4/0x2ac [ 5085.066999][ T27] get_signal+0x1440/0x1554 [ 5085.067504][ T27] arch_do_signal_or_restart+0x23c/0x4d98 [ 5085.137552][ T27] exit_to_user_mode_loop+0x7c/0x178 [ 5085.162763][ T27] el0_svc+0x170/0x234 [ 5085.163437][ T27] el0t_64_sync_handler+0x84/0x12c [ 5085.163942][ T27] el0t_64_sync+0x198/0x19c [ 5085.191803][ T27] [ 5085.191803][ T27] Showing all locks held in the system: [ 5085.214472][ T27] 1 lock held by khungtaskd/27: [ 5085.215072][ T27] #0: ffff800087957348 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 [ 5085.216985][ T27] 2 locks held by getty/3198: [ 5085.217359][ T27] #0: 2df0000011c328a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5085.302403][ T27] #1: b6ff80008c6db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x310/0x12b8 [ 5085.304123][ T27] 3 locks held by kworker/u4:2/3709: [ 5085.304490][ T27] 3 locks held by kworker/u4:8/4398: [ 5085.304782][ T27] 3 locks held by kworker/u4:9/4399: [ 5085.305160][ T27] 3 locks held by kworker/u4:14/5276: [ 5085.305538][ T27] 3 locks held by kworker/u4:3/5507: [ 5085.305871][ T27] 3 locks held by kworker/u4:12/5515: [ 5085.306224][ T27] 3 locks held by kworker/u4:15/5658: [ 5085.306545][ T27] 2 locks held by syz.9.339/5775: [ 5085.306838][ T27] 3 locks held by kworker/u4:0/5812: [ 5085.307147][ T27] 2 locks held by kworker/0:5/5906: [ 5085.307464][ T27] #0: d0f000000cc1bb48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7c8/0x1a18 [ 5085.491576][ T27] #1: ffff8000a3eb7c88 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x854/0x1a18 [ 5085.493295][ T27] 1 lock held by rm/5964: [ 5085.493708][ T27] [ 5085.493936][ T27] ============================================= [ 5085.493936][ T27]