last executing test programs: 1h14m16.298242212s ago: executing program 0 (id=65): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000002, 0x13, r4, 0x0) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f0000000000)={0x3, 0x800}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) ioctl$KVM_IRQ_LINE(r6, 0x4008ae61, &(0x7f00000000c0)={0x1, 0xa546}) 1h14m6.980014906s ago: executing program 1 (id=66): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r4, 0x1000001, 0x20010, r2, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) r5 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f000013d000/0x2000)=nil, 0x2000) 1h14m4.141985253s ago: executing program 0 (id=67): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000d88000/0x2000)=nil, 0x0, 0x1000001, 0x110, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000027000/0x13000)=nil, 0x930, 0x3, 0x4102932, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x22200, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x208c02, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0x401c5820, 0x23) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2b) ioctl$KVM_SET_DEVICE_ATTR_vm(r4, 0x4018aee1, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x20116) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0xe}}], 0x28}, 0x0, 0xfffffffffffffd20) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x3}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000200)={0x8090040, 0x0, 0x0, 0x1}) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x240) r10 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b00)={0x0, 0x0}, 0x0, 0x0) r11 = mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r1, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, r13, 0x3000002, 0x8a031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 1h13m56.703723703s ago: executing program 1 (id=68): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18, 0x7}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1h13m52.715013085s ago: executing program 0 (id=69): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x25) syz_kvm_vgic_v3_setup(r0, 0x3, 0x220) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181c00, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0x8, 0x0) r4 = eventfd2(0x5, 0x1) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x4, 0x25000, 0x0, r4, 0x2}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x0, 0x2, r3, 0x3}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r3, 0x3}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_GET_STATS_FD_vm(r8, 0xaece) close(r9) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000001c0)={r4, 0x7, 0x3, r9}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x1, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100010, &(0x7f0000000100)=0x80003fe}) 1h13m41.206324883s ago: executing program 1 (id=70): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000280)="d6011813013c360000000000f4ff8000802346cbd98762c7795582ba3948ecff090001000000000000000000040000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x29) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r11, 0x2, 0x12, r10, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r14, 0x3, 0x11, r12, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r12, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x35, 0xb000, 0x4, 0xffffffffffffffff, 0x5}) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) r17 = ioctl$KVM_CREATE_GUEST_MEMFD(r16, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r14, 0x1000001, 0x109012, r17, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(0x5) 1h13m37.033119597s ago: executing program 0 (id=71): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1, 0x1, 0xeeee8000, 0x1000, &(0x7f0000f95000/0x1000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000001, 0x12, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 1h13m27.823420402s ago: executing program 1 (id=72): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000a, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000380)="f30149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a3ff7fbc51869be2e2e0000000000000f000000000000000001000000000000000000000000000e00", 0x0, 0x34) openat$kvm(0x0, 0x0, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000340)=@attr_arm64={0x0, 0x2, 0x0, 0x0}) close(0xffffffffffffffff) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22c2c0, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x5, 0x100, 0x80, 0x0}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11) 1h13m27.210258922s ago: executing program 0 (id=73): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x82880, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xffffffffffffffff) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r7, 0x3, 0x40b2811, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 1h13m19.286525163s ago: executing program 0 (id=74): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x121100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)) close(r1) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x5421, &(0x7f00000000c0)=@attr_arm64={0x0, 0x7, 0x3, &(0x7f0000000140)=0x2}) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x80000b, 0x1010, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xe, 0x11, r8, 0x0) r10 = eventfd2(0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xea) close(r10) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) write$eventfd(r10, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x4) ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, 0xfffffffffffffffe) 1h13m17.855597057s ago: executing program 1 (id=75): r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000040)={0x5}) ioctl$KVM_RUN(r1, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) 1h13m10.725303485s ago: executing program 1 (id=76): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x9e) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r13 = eventfd2(0x8801, 0x800) r14 = eventfd2(0x3ff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r13, 0x5, 0x2, r14}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r13, 0x1, 0x2, r14}) 1h12m32.472979151s ago: executing program 32 (id=74): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x121100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000000c0)) close(r1) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x5421, &(0x7f00000000c0)=@attr_arm64={0x0, 0x7, 0x3, &(0x7f0000000140)=0x2}) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x80000b, 0x1010, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0xe, 0x11, r8, 0x0) r10 = eventfd2(0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xea) close(r10) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r10, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) write$eventfd(r10, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r12 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x4) ioctl$KVM_GET_DIRTY_LOG(r12, 0x4010ae42, 0xfffffffffffffffe) 1h12m23.62412413s ago: executing program 33 (id=76): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r8, 0x2, 0x12, r7, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x9e) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r12, 0x3, 0x11, r9, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r9, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) r13 = eventfd2(0x8801, 0x800) r14 = eventfd2(0x3ff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r13, 0x5, 0x2, r14}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r13, 0x1, 0x2, r14}) 1h6m31.495320066s ago: executing program 2 (id=79): munmap(&(0x7f0000ff7000/0x1000)=nil, 0x1000) (async) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000680)=[@its_setup={0x82, 0x28, {0x3, 0x0, 0x16f}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x8, 0x8, 0x100}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r1, 0x4, 0x220) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x8001, 0x0) (async) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000100)="5af600f6b34e08c180f948c13e2727ba279cacc033d6bd28118e0e1e50390ff2f8a1aa8366bb4c33115d61c97d9387dac1b147ed1b515c14bcb89051301caef704371680ab057973", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1h6m17.204971024s ago: executing program 2 (id=80): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_REGS(r0, 0x8360ae81, &(0x7f0000000000)) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f0000000100)=0x3) (async) ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000140)={0x0, 0x88}) (async) r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x0, 0x3000008, 0x10, r0, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29) r4 = eventfd2(0x8, 0x80001) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000180)={0x100, 0x200000, 0x1, r4, 0x2}) (async) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r5, 0x8040ae9f, &(0x7f00000001c0)=@arm64) ioctl$KVM_INTERRUPT(r5, 0x4004ae86, &(0x7f0000000200)=0x7) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="8bc6132b072b61ab890bc07932d5e93d87f53e7be3d9a30d484199c6ea25eb613b90bd8407609d23f406eb4ed1dd44f88768c67c0d2a13999360070c9c2e08476e91b70975a3b9ea", 0x0, 0x48) (async) ioctl$KVM_KVMCLOCK_CTRL(r4, 0xaead) (async) write$eventfd(r4, &(0x7f00000002c0)=0x3, 0x8) ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f0000000300)) (async) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000440)={r4, 0x6, 0x2, r4}) ioctl$KVM_ARM_SET_DEVICE_ADDR(r5, 0x4010aeab, &(0x7f0000000480)={0x7fffffff, 0xdddd1000}) (async) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000a40)={0x0, &(0x7f00000004c0)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0x25b}}, @smc={0x1e, 0x40, {0x0, [0xbb, 0x8, 0x9, 0x7fffffffffffffff, 0x46d]}}, @eret={0xe6, 0x18, 0xfffffffffffffff2}, @svc={0x122, 0x40, {0xffff, [0x83f, 0x7fff, 0x6, 0x401, 0x7fff]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1600, 0x401, 0x8}}, @code={0xa, 0x84, {"0020005e007008d5000028d5c02e99d20020b0f2010080d2620180d2030180d2c40080d2020000d400a781d20060b0f2810180d2a20180d2c30180d2040080d2020000d40008207c000028d5c03d8dd20000b8f2210180d2c20180d2830080d2840080d2020000d40020c09a007008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x16c}}, @code={0xa, 0x84, {"000008d50080001f007008d5007008d5008008d5c04486d20060b0f2410080d2020080d2030180d2040180d2020000d40038201e80979fd200c0b0f2610080d2820080d2c30180d2640180d2020000d4c0748bd20080b0f2c10180d2820180d2830180d2e40180d2020000d40074005f"}}, @mrs={0xbe, 0x18, {0x603000000013801f}}, @svc={0x122, 0x40, {0xc4000003, [0xffffffff, 0x35, 0x9, 0x3, 0xd4]}}, @svc={0x122, 0x40, {0xc4000004, [0x10000, 0xfd7b, 0x8, 0x6, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x6, 0x1, 0x0, 0x1}}, @msr={0x14, 0x20, {0x3018000000095fb7, 0xffffffffffff234c}}, @svc={0x122, 0x40, {0x84000000, [0x7, 0xae63, 0xa, 0xfffffffffffffff8, 0x7f]}}, @code={0xa, 0xb4, {"007008d5007008d5801f87d20040b0f2010180d2020180d2630180d2640080d2020000d4002cc01a602793d20000b8f2a10180d2420180d2030080d2040180d2020000d4000008d5a05784d20040b0f2810180d2e20180d2830080d2c40180d2020000d4004a9dd200c0b0f2210080d2e20180d2830080d2240180d2020000d41f2003d5c00a85d200e0b8f2e10180d2420080d2430080d2240080d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x235}}, @svc={0x122, 0x40, {0xc4000012, [0xb6, 0x10, 0x2, 0x80, 0x3]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x3c4}}, @smc={0x1e, 0x40, {0xc4000012, [0x5a, 0xfffffffffffffffa, 0x4, 0xc]}}, @code={0xa, 0x9c, {"000008d5a0f799d200c0b0f2a10080d2820080d2c30080d2c40180d2020000d4008008d5000008d560b096d200e0b8f2610080d2a20080d2c30180d2a40080d2020000d4e00f93d20040b0f2610080d2220180d2230080d2e40080d2020000d4007008d5008008d5000597d20080b8f2210080d2a20080d2830080d2c40080d2020000d4000000b2"}}, @eret={0xe6, 0x18, 0xfffffffffffffff8}], 0x578}, &(0x7f0000000a80), 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xfffffffffffffffa) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) r7 = mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x0, 0x3000002, 0x12, r0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r7, 0x20, &(0x7f0000000ac0)="c6b83e7eb5016cdb7d7844624b784ee0fb802983ffcdc76a", 0x0, 0x18) (async) ioctl$KVM_SET_USER_MEMORY_REGION2(r3, 0x40a0ae49, &(0x7f0000000b00)={0x10000, 0x5, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0x3c9}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000bc0)={0x1fe, 0x5, 0xfec00000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) syz_memcpy_off$KVM_EXIT_MMIO(r7, 0x20, &(0x7f0000000c00)="9260b7feb1c6191f2f978d5f83fc19704f2fa68a9f607eaf", 0x0, 0x18) (async) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000c40)={r4, 0x8, 0x2, r4}) (async) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000c80)={0x0, 0x84}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 1h6m15.794256555s ago: executing program 3 (id=78): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, 0xfffffffffffffffe) 1h6m6.602491826s ago: executing program 2 (id=81): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x200c0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r4, 0x4068aea3, &(0x7f00000000c0)) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a3c000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x380000d, 0x11, r8, 0x0) (async) r9 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x380000d, 0x11, r8, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000100)="3108e3dcda727dc1915f051fd6c6c2f2e9375df87e96815d61d15d9486ff9023dbaede6f1938adc7befee9d742312bd76c85b021554abc4cb72595c6e12f025cf0d600b249c982b5", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x3817b2, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) (async) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0xa1}], 0x1) (async) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0xa1}], 0x1) syz_kvm_add_vcpu$arm64(r12, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=[@featur1={0x1, 0x4}], 0x1) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000003, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000003, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) ioctl$KVM_RUN(r13, 0xae80, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r14, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef00000000fcffffffffffff1bf3a3b292e50d9600020000000100000003000000000000000400000000000000320000000000000040000000000000005200008400"], 0x80}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x3) 1h6m6.001018064s ago: executing program 3 (id=82): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000002c0)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000300)=0x6}) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000005, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r5, 0x4068aea3, &(0x7f0000000080)) syz_kvm_vgic_v3_setup(r5, 0x0, 0x3c0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bc2000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) 1h5m52.400171458s ago: executing program 2 (id=83): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000a9c000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x80000000, [0x99a, 0x7, 0xaca, 0x1, 0x7]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x30) ioctl$KVM_HAS_DEVICE_ATTR_vm(r9, 0x4018aee3, 0xffffffffffffffff) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r10 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000a5a000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x1000, 0x40000000, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r12, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x86401, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r7, 0x4004aec2, &(0x7f0000000240)=0x3) ioctl$KVM_RUN(r14, 0xae80, 0x0) r16 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000012, [0xffffffff, 0x100080001, 0x5, 0x101, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r16, 0xae80, 0x0) 1h5m51.703501623s ago: executing program 3 (id=84): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) (async) r4 = eventfd2(0xd, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000140), 0x30240, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000180)=@arm64_fp={0x6040000000100055, 0x0}) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) (async) write$eventfd(r4, 0x0, 0x500) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8200, 0x0) 1h5m39.579703681s ago: executing program 3 (id=85): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bc2000/0x400000)=nil) r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68d3d4a6759ba655d47872b6bf881ba5dbca1c84a0779749", 0x0, 0x18) (async) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) (async) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@hvc={0x32, 0x40, {0x8000, [0x5, 0x9, 0x0, 0x100, 0x7]}}, @hvc={0x32, 0x40, {0x8400000e, [0x2, 0x7fffffffffffffff, 0x9, 0xc, 0x5]}}], 0x80}, &(0x7f0000000240)=[@featur2={0x1, 0x5}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f0000000280)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000300)=0x6dd}) (async) r7 = eventfd2(0x0, 0x0) close(r7) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) write$eventfd(r7, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) (async) write$eventfd(r7, 0x0, 0x0) (async) syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x83}], 0x1) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) 1h5m14.485754572s ago: executing program 3 (id=86): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000000)={0xfec00000, 0x21000, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000040)=0x6}) ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f00000000c0)) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xc) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0xfff, 0xffffffffffffffff, &(0x7f0000000140)=0x8}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x0, 0x2}}) (async, rerun: 32) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1a) (rerun: 32) ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000280)=@attr_other={0x0, 0x10000, 0x6, &(0x7f0000000240)=0x1}) (async, rerun: 64) ioctl$KVM_ASSIGN_SET_MSIX_NR(r3, 0x4008ae73, &(0x7f00000002c0)={0xffffffff, 0x99}) (async, rerun: 64) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000300)={r1, 0x2d8, 0x2, r1}) (async) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000340)={0x3000, 0xa000, 0xb4, 0x1, 0x6}) (async) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async, rerun: 64) r5 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) (rerun: 64) mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, r4, 0xc, 0x20010, r5, 0x0) (async, rerun: 64) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2c) (async, rerun: 64) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_HAS_DEVICE_ATTR_vm(r5, 0x4018aee3, &(0x7f00000003c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000380)={0x4, 0x5, 0x2}}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000400)={0xdf, 0x0, 0x10000}) (async) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x5) ioctl$KVM_CAP_HALT_POLL(r6, 0x4068aea3, &(0x7f0000000480)={0xb6, 0x0, 0xe}) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000500)={0xd000, 0xb000, 0x1, 0x1, 0x401}) (async) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x26) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000540)={0x58000, 0x4000}) (async, rerun: 32) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000005c0)=@arm64_extra={0x603000000013c02f, &(0x7f0000000580)=0x5}) (async, rerun: 32) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000600)={0x40000, 0x104000}) r8 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f0000000640)={0x1, [0x4]}) (async) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000680)={0xb6, 0x0, 0xcaf}) 1h5m13.515436794s ago: executing program 2 (id=87): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000040)={0x8080000, 0xdddd1000, 0x80, 0x1, 0x8}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a09000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013df40}}], 0x18}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x88, 0x3550, 0x3}}], 0x30}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r6, 0x3, 0x11, r5, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffffffffffd) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f00000001c0)=@riscv64_aia_csr={0x8030000003010003, &(0x7f0000000240)=0xe}) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) 1h5m5.541153106s ago: executing program 3 (id=88): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) openat$kvm(0x0, &(0x7f0000000140), 0x42881, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x0, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000340)=@attr_other={0x0, 0x10, 0xb, &(0x7f0000000400)=0x7}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000380)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x9, 0x0, 0x1}}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x0, 0x1003, 0x1}}) r11 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x8007}) ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r11}) close(0x5) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = openat$kvm(0x0, &(0x7f00000002c0), 0x80e00, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8508, 0x4, 0x1, r14, 0xf}) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000003c0)={0x10000}) 1h5m3.1395569s ago: executing program 2 (id=89): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000180)=@arm64) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x5, &(0x7f00000001c0)=0x7ffd}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0xffffcfffffffffff) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r11, 0x40000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="b160e3205cf49a6d6465b4dfaf425b5ca9292605c021cc61c8e3ca6753bd29fc4090927e193ad96c199643bc3560bdce99750535909442bfc85a732ad4b83ad4da1b871763d668d5", 0x0, 0x48) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x1, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x1000000, 0x13, r14, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_GET_REGS(r15, 0x8360ae81, 0x0) 1h4m18.779330023s ago: executing program 34 (id=88): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) openat$kvm(0x0, &(0x7f0000000140), 0x42881, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x0, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000340)=@attr_other={0x0, 0x10, 0xb, &(0x7f0000000400)=0x7}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000380)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000300)={0x9, 0x0, 0x1}}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x0, 0x1003, 0x1}}) r11 = ioctl$KVM_CREATE_GUEST_MEMFD(r6, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x8007}) ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r11}) close(0x5) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = openat$kvm(0x0, &(0x7f00000002c0), 0x80e00, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8508, 0x4, 0x1, r14, 0xf}) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000003c0)={0x10000}) 1h4m12.802673966s ago: executing program 35 (id=89): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000180)=@arm64) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x5, &(0x7f00000001c0)=0x7ffd}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0xffffcfffffffffff) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r11, 0x40000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="b160e3205cf49a6d6465b4dfaf425b5ca9292605c021cc61c8e3ca6753bd29fc4090927e193ad96c199643bc3560bdce99750535909442bfc85a732ad4b83ad4da1b871763d668d5", 0x0, 0x48) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x1, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x1000000, 0x13, r14, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_GET_REGS(r15, 0x8360ae81, 0x0) 27m2.43941561s ago: executing program 4 (id=276): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x27) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_other={0x0, 0x2, 0x287, 0x0}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x305400, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x27) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000bff000/0x400000)=nil) r11 = syz_kvm_vgic_v3_setup(r10, 0x40000000000004, 0xc0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r13, 0x40a0ae49, &(0x7f0000000140)={0x10002, 0x4, 0xeeee0000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0x9, &(0x7f0000000000)=0x7}) 26m40.602522948s ago: executing program 4 (id=279): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x20000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000a, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000380)="f30149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a3ff7fbc51869be2e2e0000000000000f000000000000000001000000000000000000000000000e00", 0x0, 0x34) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) close(r7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x1000008080000}) 26m22.934417983s ago: executing program 4 (id=282): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x304, &(0x7f00000000c0)=0x1ff}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) 26m7.330064887s ago: executing program 4 (id=284): ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x25) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x400, 0x4, 0x2}}, @code={0xa, 0x80, {"e0078ed200e0b0f2210180d2220180d2030080d2640080d2020000d4000008d5007008d50054207e000000b20080404880c795d20040b8f2610180d2620080d2a30080d2040180d2020000d4a03d9cd20040b0f2c10080d2620180d2c30180d2c40180d2020000d40028c01a"}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x271}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x0, 0x7, 0xe, 0xfffffff9, 0xfffffff9}}, @msr={0x14, 0x20, {0x603000000013de91, 0x1}}, @code={0xa, 0xb4, {"007008d540b383d20000b0f2210080d2020080d2630080d2240080d2020000d4008008d5006396d20040b0f2c10080d2e20080d2c30180d2440080d2020000d4007008d5607a81d20080b8f2610180d2020080d2830080d2840180d2020000d4405b91d20040b8f2610180d2a20080d2230180d2440180d2020000d40068212e800a84d20020b8f2a10080d2a20080d2a30080d2840180d2020000d4000008d5"}}, @smc={0x1e, 0x40, {0x84000052, [0x4, 0xe, 0x4, 0x3, 0x7]}}, @irq_setup={0x46, 0x18, {0x0, 0x65}}, @svc={0x122, 0x40, {0xc7000027, [0x7376af6, 0x3, 0xb, 0x928, 0x8000]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x225}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x2, 0xf, 0x9d, 0xfb}}], 0x2bc}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0xffffffffffbffffc, 0x120) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x80000001, 0x3, &(0x7f0000000000)=0x800000000001}) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x4, 0x1, 0x0}) r11 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x4, 0x2ec}}, @mrs={0xbe, 0x18, {0x603000000013e719}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r13 = eventfd2(0x0, 0x0) close(r13) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r13, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) 25m45.74143797s ago: executing program 4 (id=286): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r4}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r4}) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) close(r3) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0x84, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) eventfd2(0x8, 0x80800) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xdddd1000, 0x0, r4}) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0xc, 0xeeef0000, 0x2, r4}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async) close(r3) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x7}) (async) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0x84, 0x0}) (async) 25m28.29485359s ago: executing program 4 (id=288): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x8, 0x88, &(0x7f0000000040)=0x1}) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000400)=@arm64_sve={0x60800000001503bf, &(0x7f0000000000)=0x3}) 24m39.48295235s ago: executing program 36 (id=288): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000280)=@attr_arm64={0x0, 0x8, 0x88, &(0x7f0000000040)=0x1}) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000400)=@arm64_sve={0x60800000001503bf, &(0x7f0000000000)=0x3}) 14m9.725020328s ago: executing program 5 (id=325): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) eventfd2(0xeffffffd, 0x801) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x58) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x1, 0x84, &(0x7f0000000080)=0xfffffffffffffff7}) 13m56.145619055s ago: executing program 6 (id=326): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x18) (async) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000400)=[{0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x0, [0x1, 0xffffffffffffffff, 0xffffffffffff8001, 0xfffffffffffffff8, 0x1]}}, @uexit={0x0, 0x18, 0x7}, @msr={0x14, 0x20, {0x603000000013df4a, 0x200}}, @code={0xa, 0x9c, {"008008d5007008d5c03b8bd200a0b8f2810180d2e20180d2230180d2c40080d2020000d480c684d20060b0f2410180d2c20180d2230080d2a40180d2020000d4801797d20080b0f2610080d2c20180d2a30180d2040080d2020000d40000600d000000ab007008d5602f97d200a0b8f2a10180d2a20080d2230080d2640080d2020000d4000008d5"}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x28c}}, @irq_setup={0x46, 0x18, {0x4, 0x378}}, @smc={0x1e, 0x40, {0x40000000, [0x9, 0x401, 0x41, 0x9, 0xff]}}, @mrs={0xbe, 0x18, {0x603000000013c4d0}}, @mrs={0xbe, 0x18, {0x603000000013e300}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x3, 0xc, 0x7, 0x7, 0x3}}, @msr={0x14, 0x20, {0x603000000013def8, 0xffffffffffffff35}}, @eret={0xe6, 0x18, 0x5}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0xf, 0x0, 0x9321, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013800e}}, @smc={0x1e, 0x40, {0x84000013, [0x1, 0x5, 0x2, 0x7f, 0x7]}}, @irq_setup={0x46, 0x18, {0x2, 0x144}}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xe00, 0x1, 0xd}}, @its_setup={0x82, 0x28, {0x1, 0x2, 0x2df}}, @code={0xa, 0x6c, {"0020601ec06980d20040b8f2610180d2220180d2e30080d2840180d2020000d40090200e007008d5000028d5c02693d20000b0f2410080d2a20180d2c30080d2240180d2020000d4007008d5007008d5000028d50060df0c"}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x4, 0xd, 0x16, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013fe61}}], 0x3d8}], 0x1, 0x0, &(0x7f0000000440)=[@featur2={0x1, 0x20}], 0x1) (async) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000700)={0x0, &(0x7f0000000480)=[@its_setup={0x82, 0x28, {0x2, 0x3, 0x1b3}}, @irq_setup={0x46, 0x18, {0x0, 0xe1}}, @msr={0x14, 0x20, {0x603000000013c4d0, 0x8000000000000000}}, @svc={0x122, 0x40, {0x31000000, [0xbb44, 0x7, 0xdcf, 0x1ff, 0x10]}}, @smc={0x1e, 0x40, {0x0, [0x0, 0x2, 0x8, 0x100000000, 0x959]}}, @code={0xa, 0xb4, {"607987d20000b8f2c10080d2220080d2230080d2a40080d2020000d4c0ac88d20020b8f2410080d2620080d2c30080d2440080d2020000d4000008d580c19ed200e0b8f2a10180d2420180d2430080d2640080d2020000d4007008d5201b98d200c0b8f2e10080d2c20180d2830080d2040080d2020000d40034202e000028d580b48ed20020b0f2e10080d2620180d2030180d2640180d2020000d40088200e"}}, @code={0xa, 0x6c, {"000040b300a4002f002c202e000008d50050000ee05496d20060b8f2210080d2c20080d2c30180d2440080d2020000d40040661e000028d500c0601ee0d092d20060b0f2c10080d2220180d2630180d2a40080d2020000d4"}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x365}}, @smc={0x1e, 0x40, {0x84000000, [0x9, 0x80000001, 0x0, 0x10000, 0x1]}}], 0x268}, &(0x7f0000000740)=[@featur2={0x1, 0x90}], 0x1) ioctl$KVM_ARM_PREFERRED_TARGET(r2, 0x8020aeaf, &(0x7f0000000780)) (async) r3 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000ba1000/0x400000)=nil) (async) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f0000000800)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000007c0)=0xc50}) ioctl$KVM_RUN(r1, 0xae80, 0x0) (async) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000840)={0x3, [0x7c, 0x800, 0x4]}) r4 = syz_kvm_vgic_v3_setup(r0, 0x3, 0xc0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000008c0)=@attr_other={0x0, 0x2, 0x8001, &(0x7f0000000880)=0xf}) (async) r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000bc0)={0x0, &(0x7f0000000900)=[@uexit={0x0, 0x18, 0xe}, @msr={0x14, 0x20, {0x603000000013c4f1, 0x80000001}}, @code={0xa, 0xcc, {"204c9ad200a0b0f2410180d2820180d2230080d2a40080d2020000d4000c601e80549cd20080b0f2610080d2e20180d2430080d2040080d2020000d4003595d20020b0f2e10180d2220080d2c30180d2640180d2020000d4008986d200c0b0f2e10180d2620180d2a30080d2640080d2020000d4000028d5007008d5000f8fd20060b8f2210180d2620080d2230080d2240180d2020000d40000008ae0219cd200c0b0f2810180d2020180d2230180d2440080d2020000d4"}}, @svc={0x122, 0x40, {0xc5000020, [0x7, 0x9, 0xffff, 0xa4, 0xf76]}}, @irq_setup={0x46, 0x18, {0x0, 0x18f}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0x6, 0x3, 0x3, 0x3}}, @svc={0x122, 0x40, {0x800, [0x200, 0x1e0, 0x4, 0x0, 0x5]}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x7a}}, @hvc={0x32, 0x40, {0x84000053, [0x7fffffff, 0x0, 0x81, 0x8, 0x7]}}, @smc={0x1e, 0x40, {0x8400000d, [0x9, 0x8, 0x10000, 0x4, 0xa]}}, @eret={0xe6, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013e666, 0x5a}}], 0x2a4}, &(0x7f0000000c00)=[@featur2], 0x1) (async) syz_kvm_setup_cpu$arm64(r0, r1, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000fc0)=[{0x0, &(0x7f0000000c40)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x2fec4, 0x2, 0x9}}, @eret={0xe6, 0x18, 0x8}, @hvc={0x32, 0x40, {0x500021b, [0x100, 0x400, 0x7, 0x6, 0x3]}}, @svc={0x122, 0x40, {0x1000, [0x2, 0x9, 0x2, 0x4, 0xadbd]}}, @mrs={0xbe, 0x18, {0xa05000000034e68e}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x1, 0xf, 0x7, 0xdf, 0x4}}, @msr={0x14, 0x20, {0x603000000013800f, 0x8}}, @msr={0x14, 0x20, {0x603000000013e661, 0xaf}}, @irq_setup={0x46, 0x18, {0x0, 0x7}}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @irq_setup={0x46, 0x18, {0x3, 0x18c}}, @smc={0x1e, 0x40, {0x40, [0x200, 0x10000, 0x8000000000000001, 0x6, 0x2]}}, @msr={0x14, 0x20, {0x603000000013deee, 0x4}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x11d, 0x50, 0x3}}, @uexit={0x0, 0x18, 0x4}, @eret={0xe6, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x50, 0x1, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x70, 0x4, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x0, 0x9, 0x8, 0x6, 0x1}}, @hvc={0x32, 0x40, {0x84000000, [0x7, 0x8, 0x1d2f, 0x1, 0x1]}}, @eret={0xe6, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013df1a, 0x400}}], 0x350}], 0x1, 0x0, &(0x7f0000001000)=[@featur1={0x1, 0x21}], 0x1) r6 = mmap$KVM_VCPU(&(0x7f0000ef3000/0x3000)=nil, 0x0, 0x2000001, 0xfd9fc60fbb875fbc, r1, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000001040)="01bd3b2346ae1263d256aabfb256700851f8d9d20ced96011d4f4d374f0ec6bc5f993c54597409909aecd6dc3d006a3bc15fe51475c398a426e3a487a975c74cff07ea183a13b10a", 0x0, 0x48) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f00000010c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x7}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ea0000/0x1000)=nil, r7, 0x1000000, 0x10, r5, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000001140)=@attr_other={0x0, 0x9b49, 0x9, &(0x7f0000001100)=0x401}) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f00000015c0)={0x0, &(0x7f0000001180)=[@uexit={0x0, 0x18, 0x100000000}, @code={0xa, 0xb4, {"007008d5007008d500688ad20040b0f2210080d2820180d2a30180d2040080d2020000d4e0f089d20060b8f2c10080d2020180d2030080d2040080d2020000d40024000f20dc8ed200c0b8f2210080d2620180d2430080d2a40180d2020000d4c01699d20020b8f2c10080d2820080d2630080d2440180d2020000d420ab81d20020b8f2810180d2e20180d2e30180d2e40080d2020000d40000002c0100a0d4"}}, @irq_setup={0x46, 0x18, {0x4, 0x10c}}, @code={0xa, 0xb4, {"808689d20040b0f2410080d2c20180d2630080d2240080d2020000d40010800fa0e486d20060b0f2610180d2c20180d2e30080d2c40080d2020000d400000058008008d50044205e200d8dd20040b0f2010180d2220080d2a30080d2040180d2020000d40038205e60348bd20080b8f2a10180d2a20080d2630180d2240080d2020000d420c085d200e0b0f2c10180d2e20080d2630180d2440180d2020000d4"}}, @svc={0x122, 0x40, {0x2000, [0xffffffffffffff22, 0x7, 0x795, 0x7ff, 0xd9]}}, @code={0xa, 0x9c, {"007008d5000028d50068603820b48bd200a0b0f2610080d2220180d2830180d2e40180d2020000d4007008d5007008d500db92d20040b8f2c10080d2220180d2630080d2840080d2020000d40004005e60e58fd20020b8f2010080d2e20180d2430180d2a40080d2020000d4e0478ed20060b8f2210080d2420180d2230180d2e40180d2020000d4"}}, @uexit={0x0, 0x18, 0x6}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x1b7}}, @svc={0x122, 0x40, {0x1000000, [0x2, 0x9, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0xa82, 0xed8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x380, 0x0, 0x8}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x1d9}}, @uexit={0x0, 0x18, 0x7c97}, @uexit={0x0, 0x18, 0x7fffffffffffffff}, @smc={0x1e, 0x40, {0x3000000, [0x9, 0xffffffff, 0x3, 0x34800000, 0x10]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x5, 0x1, 0x4}}, @eret={0xe6, 0x18, 0x6}], 0x42c}, &(0x7f0000001600)=[@featur1={0x1, 0x35}], 0x1) (async) r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000001700)={0x0, &(0x7f0000001640)=[@hvc={0x32, 0x40, {0xc5000021, [0x9d81, 0x101, 0x9, 0x5, 0x4]}}, @eret={0xe6, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x2f4}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x149}}], 0x98}, &(0x7f0000001740)=[@featur2={0x1, 0x15}], 0x1) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_SET_REGS(r8, 0x4360ae82, &(0x7f0000001780)={[0x1, 0x2, 0x6, 0x41a, 0xff, 0x3, 0x2db, 0x4, 0xbda, 0x7, 0x9, 0xc043, 0x6, 0x1, 0x0, 0xa], 0x8080000, 0x22000}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000001840)={0x4, 0x0, 0x25000, 0x1000, &(0x7f0000c67000/0x1000)=nil}) (async) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xffffffffffffff80) ioctl$KVM_SET_SREGS(r5, 0x4000ae84, &(0x7f0000001880)={{0xdddd0002, 0xc000, 0x4, 0x4, 0x4, 0x14, 0x8, 0x40, 0xd, 0x2, 0x7f, 0x6}, {0x76000, 0x10000, 0x3, 0x2, 0x7, 0x0, 0x1, 0x6, 0xf7, 0xf, 0x7, 0x40}, {0x3000, 0xeeee0000, 0x9, 0x8, 0xb0, 0x40, 0x7, 0xff, 0x1, 0x2, 0x81}, {0xeeee0000, 0xc000, 0x10, 0x3f, 0x0, 0xc, 0x40, 0xbc, 0x7, 0x3, 0x40, 0x10}, {0x9000, 0x3000, 0xc, 0x4, 0xfe, 0x2, 0x6, 0x0, 0x5, 0xd, 0xff, 0x81}, {0x5000, 0x7000, 0xd, 0x2, 0xf, 0x88, 0x4, 0x0, 0xbb, 0xd6, 0x10, 0x4}, {0xdddd1000, 0x0, 0xc, 0x3, 0x7, 0x1, 0x5, 0x1, 0x32, 0x7, 0x1, 0x2c}, {0x102f0000, 0x70000, 0xc, 0x3, 0x40, 0x4, 0xd6, 0x9, 0xea, 0x6, 0x8, 0x6}, {0xffffffff, 0x1}, {0x10000, 0x6ae4}, 0x4, 0x0, 0x50000, 0x300428, 0x4, 0x100, 0x41000, [0x9, 0xf, 0x6, 0xcd]}) (async) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r0, 0x4068aea3, &(0x7f00000019c0)={0xe4, 0x0, 0x6}) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000928000/0x400000)=nil) 13m49.04258908s ago: executing program 5 (id=327): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r11 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r12, 0x3, 0x11, r11, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x3000)=nil, r12, 0x1, 0x12, r7, 0x0) r13 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r14, 0x8, 0x13, r7, 0x0) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r6, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r15, 0x3, 0x11, r13, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) 13m41.85351707s ago: executing program 6 (id=328): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000140)={0xb6, 0x0, 0x4}) (async) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r9, 0x4020aeae, &(0x7f0000000000)={0x5, 0x18}) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r9, 0x4004aec2, 0x0) r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_GET_API_VERSION(r12, 0xae00, 0x0) (async) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x5, 0xfffffffe, 0x0, 0x0, 0x79}}], 0x50}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r13, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r15, 0xae80, 0x0) (async, rerun: 32) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x5d) (async, rerun: 32) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000040)=@riscv64_config={0x8030000000100003, &(0x7f0000000100)=0xffffffffffffffff}) 13m27.476131129s ago: executing program 5 (id=329): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bc2000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="68ca1c84a077974900", 0x0, 0x18) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) r7 = eventfd2(0x0, 0x0) close(r7) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r7, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) write$eventfd(r7, 0x0, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x83}], 0x1) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r8 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000000)=[@svc={0x122, 0x40, {0x6000000, [0x7, 0x4, 0x3, 0x7, 0x8]}}, @hvc={0x32, 0x40, {0x0, [0xc74, 0x3, 0xd, 0x5, 0xffffffffffffb18e]}}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x412cbfff6d99aec8, [0x6, 0xffffffffffffd48a, 0x9, 0x4, 0x1]}}, @code={0xa, 0xb4, {"0008603c403684d20000b0f2c10180d2420080d2430180d2040180d2020000d4007008d5000008d50008c09aa0a899d20040b0f2410080d2020080d2830180d2040180d2020000d400f584d20040b8f2e10180d2420080d2830180d2a40180d2020000d4008008d5809597d20020b0f2410180d2820180d2230180d2240080d2020000d4c08a82d20060b8f2610080d2e20080d2630180d2040080d2020000d4"}}], 0x18c}, &(0x7f0000000240)=[@featur2={0x1, 0x60}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r2, 0x1000000, 0x4010, r8, 0x0) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) 13m19.561492449s ago: executing program 6 (id=330): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000004000000000000000ad770081000000000800000000000000010000000000000002000000000000000300000000000000040000000000000032000000000000004000000000000000530000c400000000000080"], 0x80}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 64) ioctl$KVM_RUN(r2, 0xae80, 0x0) (rerun: 64) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async, rerun: 64) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) (rerun: 64) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2e) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000180)=@arm64_sys={0x603000000013c024, &(0x7f0000000100)=0xbec}) (async, rerun: 32) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2b) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000700)={0x7, 0x0}) (async) ioctl$KVM_IRQ_LINE(r7, 0x4008ae61, &(0x7f0000000240)={0x2200002f}) 13m4.593685466s ago: executing program 5 (id=331): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_ARM_PREFERRED_TARGET(r5, 0x8020aeaf, &(0x7f0000000080)) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x84000008, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x80000001, [0xfffffffffffffde5, 0x3ff, 0x1, 0x4, 0x9]}}], 0x40}, 0x0, 0x0) (async) ioctl$KVM_RUN(r9, 0xae80, 0x0) (async) ioctl$KVM_ARM_PREFERRED_TARGET(r5, 0x8020aeaf, &(0x7f0000000080)) (async) 13m2.762958035s ago: executing program 6 (id=332): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_GET_SREGS(r1, 0x8000ae83, &(0x7f0000000080)) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x3, 0x1, 0xffff1000, 0x2000, &(0x7f000003d000/0x2000)=nil}) 12m49.274695825s ago: executing program 5 (id=333): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0x801c581f, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x77) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (async) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) r7 = syz_kvm_vgic_v3_setup(r4, 0x4, 0x220) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000000240)=@attr_other={0x0, 0x6, 0x0, 0x0}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) (async) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000100)={0x0, 0x100000}) 12m47.574152464s ago: executing program 6 (id=334): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x221) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2710, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) 12m34.96296619s ago: executing program 6 (id=335): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x3, 0x28}) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) openat$kvm(0x0, 0x0, 0x72483, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r7, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, 0x0) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r3, 0x0) r9 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r4, r9, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) openat$kvm(0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 12m31.291181608s ago: executing program 5 (id=336): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x80) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000003c0)=[@featur2={0x1, 0x17}], 0x1) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000000c0)=0x8) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x11}) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0xe6, 0x7, 0x8, '\x00', 0xff}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x8, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) eventfd2(0xeffffffd, 0x801) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x58) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) 11m47.863451845s ago: executing program 37 (id=335): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000000)={0x3, 0x28}) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) openat$kvm(0x0, 0x0, 0x72483, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r7, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, 0x0) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r8, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil}) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r3, 0x0) r9 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r4, r9, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) openat$kvm(0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 11m40.732502782s ago: executing program 38 (id=336): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x80) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f00000003c0)=[@featur2={0x1, 0x17}], 0x1) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000000c0)=0x8) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0x11}) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0xe6, 0x7, 0x8, '\x00', 0xff}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x8, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) eventfd2(0xeffffffd, 0x801) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x58) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) 2m0.267145039s ago: executing program 7 (id=337): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x105003, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0x5450, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x27) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000280)={0x1000, 0xdddd0000, 0x8, 0xffffffffffffffff, 0xc}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x4, 0xffffffffffffffff}) openat$kvm(0x0, &(0x7f0000000040), 0x4c4882, 0xfffe) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0x80) r12 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000040)={0x0, &(0x7f0000000100)}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r9, 0x4020aea5, &(0x7f0000000000)={0x7000, 0x25000, 0x1, 0x1, 0x9}) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x29e8, &(0x7f00000000c0)=0x2}) ioctl$KVM_RUN(r12, 0xae80, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000140), 0x40, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r17, 0x4010aeac, &(0x7f0000000080)=@arm64_fp_extra={0x60200000001000d5, &(0x7f0000000040)=0x3d3}) 1m48.293853154s ago: executing program 8 (id=338): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x11) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000000c0)={0x29ef25adc1067e66, 0x0, 0x8d, 0x0, 0xb8}) r3 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000100)={0xc, 0x50000, 0x1, r3, 0x4}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r7, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000001, 0x4000010, r7, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x6095f5899268a35c, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, 0x0, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r12, 0x2, 0x100) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000180)) close(r12) r13 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) close(r13) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x8000000000000000, 0x40000, 0x1, r3, 0x3}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000040)={0x4, 0xd000, 0x8, r3, 0xa}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000200)="874d171721dde23de70483a375034783804faa9328fb9267804c2da952b5c30bedcd0533790a88bf32190a5a10d5f32836f5047428a47a4d3d4d4e4bc87d3e80c9d2a42055000959", 0x0, 0x48) 1m25.705213011s ago: executing program 7 (id=339): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x6, 0x2000, 0x2000, &(0x7f0000ec1000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000640)=@arm64_core={0x6030000000100012, &(0x7f0000000000)=0x300000000000}) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000000000002000000000000000002080d2a0bbbbf21f004299"], 0x20}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r10 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000a5a000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x84000012, [0xffffffff, 0x100080001, 0x5, 0x5, 0x13]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r11, 0xae80, 0x0) 1m15.565923003s ago: executing program 8 (id=340): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x88200, 0x0) mmap$KVM_VCPU(&(0x7f0000ca2000/0x4000)=nil, r1, 0x0, 0x110, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) ioctl$KVM_GET_DEVICE_ATTR(r4, 0x4018aee2, &(0x7f0000000140)=@attr_other={0x0, 0x0, 0x2, &(0x7f0000000100)=0x81}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb0149dd033be3bc2cc4a29e05abf47d454e37c4b85400005a9610fbff67521ce1270000000058000000000000000000000300", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0) r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xc6) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0xffffffffffffffff, 0x3}) ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000001) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x20) r10 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) r11 = ioctl$KVM_GET_STATS_FD_vm(r10, 0xaece) eventfd2(0x6f, 0x0) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x3000006, 0x4010, r11, 0x0) ioctl$KVM_GET_MP_STATE(r11, 0x8004ae98, &(0x7f0000000080)) 57.224070977s ago: executing program 7 (id=341): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r2, 0x400454de, 0x110c23000a) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x80100, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r8, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r10, 0x2, 0x80) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000100)={0x4000, 0x0, 0x8}) 53.565111019s ago: executing program 8 (id=342): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1f000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0xc4000003, [0xc8d0, 0x4, 0x9, 0xcce8, 0xa20]}}], 0x40}, &(0x7f0000000280)=[@featur2={0x1, 0x28}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1f000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0xc4000003, [0xc8d0, 0x4, 0x9, 0xcce8, 0xa20]}}], 0x40}, &(0x7f0000000280)=[@featur2={0x1, 0x28}], 0x1) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) 8.959693928s ago: executing program 39 (id=341): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x181b03, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r2, 0x400454de, 0x110c23000a) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x80100, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r8, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r10, 0x2, 0x80) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000100)={0x4000, 0x0, 0x8}) 0s ago: executing program 40 (id=342): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1f000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0xc4000003, [0xc8d0, 0x4, 0x9, 0xcce8, 0xa20]}}], 0x40}, &(0x7f0000000280)=[@featur2={0x1, 0x28}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b1f000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@hvc={0x32, 0x40, {0xc4000003, [0xc8d0, 0x4, 0x9, 0xcce8, 0xa20]}}], 0x40}, &(0x7f0000000280)=[@featur2={0x1, 0x28}], 0x1) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000002c0)=[@hvc={0x32, 0x40, {0x84000003, [0xa00000000, 0x4, 0x4, 0x9, 0x4d]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) kernel console output (not intermixed with test programs): [ 414.471789][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 447.202608][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:63135' (ED25519) to the list of known hosts. [ 642.876107][ T25] audit: type=1400 audit(642.030:61): avc: denied { name_bind } for pid=3324 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 644.726284][ T25] audit: type=1400 audit(643.900:62): avc: denied { execute } for pid=3325 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 644.775856][ T25] audit: type=1400 audit(643.930:63): avc: denied { execute_no_trans } for pid=3325 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 671.762903][ T25] audit: type=1400 audit(670.950:64): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 671.827918][ T25] audit: type=1400 audit(671.010:65): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 671.920481][ T3325] cgroup: Unknown subsys name 'net' [ 672.000433][ T25] audit: type=1400 audit(671.190:66): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 672.511647][ T3325] cgroup: Unknown subsys name 'cpuset' [ 672.677923][ T3325] cgroup: Unknown subsys name 'rlimit' [ 673.678991][ T25] audit: type=1400 audit(672.870:67): avc: denied { setattr } for pid=3325 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 673.700507][ T25] audit: type=1400 audit(672.880:68): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 673.726004][ T25] audit: type=1400 audit(672.910:69): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 674.808246][ T3329] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 674.832613][ T25] audit: type=1400 audit(674.010:70): avc: denied { relabelto } for pid=3329 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 674.860135][ T25] audit: type=1400 audit(674.050:71): avc: denied { write } for pid=3329 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 675.058128][ T25] audit: type=1400 audit(674.240:72): avc: denied { read } for pid=3325 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 675.073273][ T25] audit: type=1400 audit(674.260:73): avc: denied { open } for pid=3325 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 675.122629][ T3325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 733.368466][ T25] audit: type=1400 audit(732.560:74): avc: denied { execmem } for pid=3330 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 737.307263][ T25] audit: type=1400 audit(736.490:76): avc: denied { open } for pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 737.323224][ T25] audit: type=1400 audit(736.480:75): avc: denied { read } for pid=3332 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 737.398754][ T25] audit: type=1400 audit(736.570:77): avc: denied { mounton } for pid=3332 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 737.651139][ T25] audit: type=1400 audit(736.840:78): avc: denied { module_request } for pid=3332 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 737.664055][ T25] audit: type=1400 audit(736.850:79): avc: denied { module_request } for pid=3333 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 738.751400][ T25] audit: type=1400 audit(737.940:81): avc: denied { sys_module } for pid=3333 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 738.772957][ T25] audit: type=1400 audit(737.930:80): avc: denied { sys_module } for pid=3332 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 763.773301][ T3333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 763.929350][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.099857][ T3333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.300590][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 781.213926][ T3333] hsr_slave_0: entered promiscuous mode [ 781.248941][ T3333] hsr_slave_1: entered promiscuous mode [ 782.180156][ T3332] hsr_slave_0: entered promiscuous mode [ 782.229770][ T3332] hsr_slave_1: entered promiscuous mode [ 782.278538][ T3332] debugfs: 'hsr0' already exists in 'hsr' [ 782.293709][ T3332] Cannot create hsr debugfs directory [ 788.537596][ T25] audit: type=1400 audit(787.710:82): avc: denied { create } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 788.566976][ T25] audit: type=1400 audit(787.750:83): avc: denied { write } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 788.614315][ T25] audit: type=1400 audit(787.800:84): avc: denied { read } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 788.771551][ T3333] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 789.128902][ T3333] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 789.479965][ T3333] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 789.937114][ T3333] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 791.618513][ T3332] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 791.804188][ T3332] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 791.994145][ T3332] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 792.171492][ T3332] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 805.071708][ T3333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.060709][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 867.151906][ T3333] veth0_vlan: entered promiscuous mode [ 867.904036][ T3333] veth1_vlan: entered promiscuous mode [ 870.528244][ T3333] veth0_macvtap: entered promiscuous mode [ 871.250754][ T3333] veth1_macvtap: entered promiscuous mode [ 872.517889][ T3332] veth0_vlan: entered promiscuous mode [ 873.967683][ T3332] veth1_vlan: entered promiscuous mode [ 875.439281][ T3436] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 875.557701][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 875.573786][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 875.641738][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 878.257143][ T3332] veth0_macvtap: entered promiscuous mode [ 878.606916][ T25] audit: type=1400 audit(877.790:85): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 878.902592][ T3332] veth1_macvtap: entered promiscuous mode [ 878.919983][ T25] audit: type=1400 audit(878.110:86): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.5dDvbR/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 879.081850][ T25] audit: type=1400 audit(878.270:87): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 879.338703][ T25] audit: type=1400 audit(878.520:88): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.5dDvbR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 879.502962][ T25] audit: type=1400 audit(878.690:89): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.5dDvbR/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3754 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 880.246908][ T25] audit: type=1400 audit(879.430:90): avc: denied { unmount } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 880.530824][ T25] audit: type=1400 audit(879.710:91): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 880.633910][ T25] audit: type=1400 audit(879.820:92): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="gadgetfs" ino=3762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 880.999893][ T25] audit: type=1400 audit(880.190:93): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 881.064350][ T25] audit: type=1400 audit(880.250:94): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 881.204191][ T3382] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.249916][ T3382] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.263134][ T3382] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 881.271959][ T3382] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 882.860582][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 884.706347][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 884.716903][ T25] audit: type=1400 audit(883.880:96): avc: denied { read write } for pid=3333 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 884.740150][ T25] audit: type=1400 audit(883.890:97): avc: denied { open } for pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 884.787263][ T25] audit: type=1400 audit(883.970:98): avc: denied { ioctl } for pid=3333 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 897.658013][ T25] audit: type=1400 audit(896.810:99): avc: denied { read } for pid=3489 comm="syz.0.1" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 897.788304][ T25] audit: type=1400 audit(896.980:100): avc: denied { open } for pid=3489 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 898.036172][ T25] audit: type=1400 audit(897.220:101): avc: denied { ioctl } for pid=3489 comm="syz.0.1" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 911.311505][ T25] audit: type=1400 audit(910.500:102): avc: denied { append } for pid=3499 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 912.961951][ T25] audit: type=1400 audit(912.150:103): avc: denied { write } for pid=3499 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 921.770061][ T25] audit: type=1400 audit(920.950:104): avc: denied { execute } for pid=3507 comm="syz.1.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4089 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1004.467991][ T25] audit: type=1400 audit(1003.610:105): avc: denied { map } for pid=3558 comm="syz.1.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1004.547457][ T25] audit: type=1400 audit(1003.650:106): avc: denied { execute } for pid=3558 comm="syz.1.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1080.026937][ T25] audit: type=1400 audit(1079.200:107): avc: denied { create } for pid=3602 comm="syz.1.36" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1080.602373][ T25] audit: type=1400 audit(1079.700:108): avc: denied { ioctl } for pid=3602 comm="syz.1.36" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=5484 ioctlcmd=0xaeae scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1274.938559][ T25] audit: type=1400 audit(1274.110:109): avc: denied { map } for pid=3710 comm="syz.1.70" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1275.018378][ T25] audit: type=1400 audit(1274.200:110): avc: denied { read } for pid=3710 comm="syz.1.70" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=7047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1402.527502][ T3728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1403.422185][ T3728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1417.608362][ T3736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1418.860804][ T3736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1435.627046][ T3728] hsr_slave_0: entered promiscuous mode [ 1435.680217][ T3728] hsr_slave_1: entered promiscuous mode [ 1435.806898][ T3728] debugfs: 'hsr0' already exists in 'hsr' [ 1435.809955][ T3728] Cannot create hsr debugfs directory [ 1453.371587][ T3736] hsr_slave_0: entered promiscuous mode [ 1453.421984][ T3736] hsr_slave_1: entered promiscuous mode [ 1453.489108][ T3736] debugfs: 'hsr0' already exists in 'hsr' [ 1453.492258][ T3736] Cannot create hsr debugfs directory [ 1458.772743][ T3728] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1459.535819][ T3728] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1460.273034][ T3728] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1460.809930][ T3728] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1470.433808][ T3736] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1470.890274][ T3736] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1471.326125][ T3736] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1471.711724][ T3736] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1492.051788][ T3728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1502.840098][ T3736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1527.341444][ T43] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1528.783578][ T43] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1530.187727][ T43] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1531.649950][ T43] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1548.528573][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1549.163542][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1549.557774][ T43] bond0 (unregistering): Released all slaves [ 1552.230849][ T43] hsr_slave_0: left promiscuous mode [ 1552.371482][ T43] hsr_slave_1: left promiscuous mode [ 1553.116936][ T43] veth1_macvtap: left promiscuous mode [ 1553.133149][ T43] veth0_macvtap: left promiscuous mode [ 1553.188216][ T43] veth1_vlan: left promiscuous mode [ 1553.207606][ T43] veth0_vlan: left promiscuous mode [ 1583.842868][ T3754] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1585.561582][ T3754] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1586.803504][ T3754] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1588.463042][ T3754] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1605.990823][ T3754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1606.153769][ T3754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1606.277377][ T3754] bond0 (unregistering): Released all slaves [ 1608.449523][ T3754] hsr_slave_0: left promiscuous mode [ 1608.728943][ T3754] hsr_slave_1: left promiscuous mode [ 1609.760684][ T3754] veth1_macvtap: left promiscuous mode [ 1609.794103][ T3754] veth0_macvtap: left promiscuous mode [ 1609.818081][ T3754] veth1_vlan: left promiscuous mode [ 1609.849603][ T3754] veth0_vlan: left promiscuous mode [ 1667.859054][ T3728] veth0_vlan: entered promiscuous mode [ 1669.020141][ T3728] veth1_vlan: entered promiscuous mode [ 1672.043424][ T3728] veth0_macvtap: entered promiscuous mode [ 1672.607705][ T3728] veth1_macvtap: entered promiscuous mode [ 1676.169538][ T50] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1676.320149][ T21] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1676.332977][ T21] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1676.361858][ T21] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1680.798041][ T25] audit: type=1400 audit(1679.970:111): avc: denied { unmount } for pid=3728 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1692.861688][ T3736] veth0_vlan: entered promiscuous mode [ 1693.987618][ T3736] veth1_vlan: entered promiscuous mode [ 1698.181276][ T3736] veth0_macvtap: entered promiscuous mode [ 1699.038352][ T3736] veth1_macvtap: entered promiscuous mode [ 1703.303121][ T3750] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.311272][ T3750] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.401048][ T3750] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1703.416262][ T3750] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1859.050869][ T3382] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1860.933085][ T3382] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1863.012158][ T3382] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1864.934259][ T3382] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1889.002958][ T3382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1889.477254][ T3382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1889.713576][ T3382] bond0 (unregistering): Released all slaves [ 1891.561127][ T3382] hsr_slave_0: left promiscuous mode [ 1891.675825][ T3382] hsr_slave_1: left promiscuous mode [ 1892.669064][ T3382] veth1_macvtap: left promiscuous mode [ 1892.696562][ T3382] veth0_macvtap: left promiscuous mode [ 1892.702244][ T3382] veth1_vlan: left promiscuous mode [ 1892.738540][ T3382] veth0_vlan: left promiscuous mode [ 1921.061713][ T3382] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1922.961396][ T3382] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1924.423159][ T3382] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1925.728252][ T3382] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1947.101106][ T3382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1947.223741][ T3382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1947.303267][ T3382] bond0 (unregistering): Released all slaves [ 1948.498289][ T3382] hsr_slave_0: left promiscuous mode [ 1948.567740][ T3382] hsr_slave_1: left promiscuous mode [ 1948.791146][ T3382] veth1_macvtap: left promiscuous mode [ 1948.803102][ T3382] veth0_macvtap: left promiscuous mode [ 1948.827939][ T3382] veth1_vlan: left promiscuous mode [ 1948.836610][ T3382] veth0_vlan: left promiscuous mode [ 2002.130722][ T4011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2002.371871][ T4008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2002.629105][ T4011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2002.819277][ T4008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2029.319022][ T4011] hsr_slave_0: entered promiscuous mode [ 2029.359681][ T4011] hsr_slave_1: entered promiscuous mode [ 2032.652914][ T4008] hsr_slave_0: entered promiscuous mode [ 2032.741938][ T4008] hsr_slave_1: entered promiscuous mode [ 2032.818545][ T4008] debugfs: 'hsr0' already exists in 'hsr' [ 2032.828463][ T4008] Cannot create hsr debugfs directory [ 2053.256249][ T4011] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2054.012988][ T4011] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2054.659254][ T4011] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2056.019542][ T4011] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2059.303331][ T4008] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2059.690183][ T4008] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2060.053803][ T4008] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2060.408042][ T4008] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2086.110049][ T4011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2091.870254][ T4008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2239.688656][ T4011] veth0_vlan: entered promiscuous mode [ 2241.072114][ T4011] veth1_vlan: entered promiscuous mode [ 2246.028133][ T4008] veth0_vlan: entered promiscuous mode [ 2248.148317][ T4011] veth0_macvtap: entered promiscuous mode [ 2248.812423][ T4008] veth1_vlan: entered promiscuous mode [ 2249.443162][ T4011] veth1_macvtap: entered promiscuous mode [ 2255.767888][ T3750] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2255.820595][ T21] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2255.857102][ T21] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2255.959574][ T4008] veth0_macvtap: entered promiscuous mode [ 2256.149955][ T21] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2257.476578][ T4008] veth1_macvtap: entered promiscuous mode [ 2263.680530][ T3750] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2263.726421][ T3750] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2263.767018][ T4015] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2263.850734][ T3840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3196.590472][ T25] audit: type=1400 audit(3195.760:112): avc: denied { write } for pid=4731 comm="syz.5.178" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=15143 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 3476.400470][ T25] audit: type=1400 audit(3475.570:113): avc: denied { setattr } for pid=4843 comm="syz.4.208" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 3519.968814][ T25] audit: type=1400 audit(3519.150:114): avc: denied { map } for pid=4864 comm="syz.4.213" path="pipe:[9441]" dev="pipefs" ino=9441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3520.037951][ T25] audit: type=1400 audit(3519.220:115): avc: denied { execute } for pid=4864 comm="syz.4.213" path="pipe:[9441]" dev="pipefs" ino=9441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 3866.420288][ T5004] FAULT_INJECTION: forcing a failure. [ 3866.420288][ T5004] name failslab, interval 1, probability 0, space 0, times 1 [ 3866.497360][ T5004] CPU: 0 UID: 0 PID: 5004 Comm: syz.4.252 Not tainted syzkaller #0 PREEMPT [ 3866.498021][ T5004] Hardware name: linux,dummy-virt (DT) [ 3866.498508][ T5004] Call trace: [ 3866.498959][ T5004] show_stack+0x2c/0x3c (C) [ 3866.500895][ T5004] __dump_stack+0x30/0x40 [ 3866.501293][ T5004] dump_stack_lvl+0xd8/0x12c [ 3866.501611][ T5004] dump_stack+0x1c/0x28 [ 3866.501905][ T5004] should_fail_ex+0x56c/0x6d8 [ 3866.502139][ T5004] should_failslab+0xb8/0xec [ 3866.502438][ T5004] kmem_cache_alloc_noprof+0x90/0x5b4 [ 3866.502686][ T5004] getname_flags+0xe4/0x460 [ 3866.502913][ T5004] do_sys_openat2+0x74/0x19c [ 3866.503231][ T5004] __arm64_sys_openat+0x14c/0x1b0 [ 3866.503556][ T5004] invoke_syscall+0x90/0x230 [ 3866.503842][ T5004] el0_svc_common+0x120/0x2f4 [ 3866.504144][ T5004] do_el0_svc+0x58/0x74 [ 3866.504432][ T5004] el0_svc+0x5c/0x238 [ 3866.504720][ T5004] el0t_64_sync_handler+0x84/0x12c [ 3866.505008][ T5004] el0t_64_sync+0x198/0x19c [ 3920.932626][ T5024] FAULT_INJECTION: forcing a failure. [ 3920.932626][ T5024] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 3921.036505][ T5024] CPU: 0 UID: 0 PID: 5024 Comm: syz.4.257 Not tainted syzkaller #0 PREEMPT [ 3921.036898][ T5024] Hardware name: linux,dummy-virt (DT) [ 3921.037008][ T5024] Call trace: [ 3921.037102][ T5024] show_stack+0x2c/0x3c (C) [ 3921.037486][ T5024] __dump_stack+0x30/0x40 [ 3921.037790][ T5024] dump_stack_lvl+0xd8/0x12c [ 3921.038089][ T5024] dump_stack+0x1c/0x28 [ 3921.038398][ T5024] should_fail_ex+0x56c/0x6d8 [ 3921.038641][ T5024] should_fail+0x14/0x24 [ 3921.038869][ T5024] should_fail_usercopy+0x20/0x30 [ 3921.039105][ T5024] strncpy_from_user+0x50/0x3d0 [ 3921.039411][ T5024] getname_flags+0x120/0x460 [ 3921.039650][ T5024] do_sys_openat2+0x74/0x19c [ 3921.039950][ T5024] __arm64_sys_openat+0x14c/0x1b0 [ 3921.040261][ T5024] invoke_syscall+0x90/0x230 [ 3921.040566][ T5024] el0_svc_common+0x120/0x2f4 [ 3921.040852][ T5024] do_el0_svc+0x58/0x74 [ 3921.041155][ T5024] el0_svc+0x5c/0x238 [ 3921.041466][ T5024] el0t_64_sync_handler+0x84/0x12c [ 3921.041761][ T5024] el0t_64_sync+0x198/0x19c [ 3967.929748][ T5042] FAULT_INJECTION: forcing a failure. [ 3967.929748][ T5042] name failslab, interval 1, probability 0, space 0, times 0 [ 3968.028771][ T5042] CPU: 0 UID: 0 PID: 5042 Comm: syz.4.263 Not tainted syzkaller #0 PREEMPT [ 3968.029196][ T5042] Hardware name: linux,dummy-virt (DT) [ 3968.029312][ T5042] Call trace: [ 3968.029391][ T5042] show_stack+0x2c/0x3c (C) [ 3968.029741][ T5042] __dump_stack+0x30/0x40 [ 3968.030034][ T5042] dump_stack_lvl+0xd8/0x12c [ 3968.030354][ T5042] dump_stack+0x1c/0x28 [ 3968.030638][ T5042] should_fail_ex+0x56c/0x6d8 [ 3968.030853][ T5042] should_failslab+0xb8/0xec [ 3968.031145][ T5042] kmem_cache_alloc_noprof+0x90/0x5b4 [ 3968.031418][ T5042] alloc_empty_file+0x60/0x17c [ 3968.031654][ T5042] path_openat+0xa8/0x3c14 [ 3968.031897][ T5042] do_filp_open+0x194/0x3d4 [ 3968.032156][ T5042] do_sys_openat2+0xd8/0x19c [ 3968.032456][ T5042] __arm64_sys_openat+0x14c/0x1b0 [ 3968.032743][ T5042] invoke_syscall+0x90/0x230 [ 3968.033039][ T5042] el0_svc_common+0x120/0x2f4 [ 3968.033354][ T5042] do_el0_svc+0x58/0x74 [ 3968.033635][ T5042] el0_svc+0x5c/0x238 [ 3968.033924][ T5042] el0t_64_sync_handler+0x84/0x12c [ 3968.034237][ T5042] el0t_64_sync+0x198/0x19c [ 4016.818449][ T5067] FAULT_INJECTION: forcing a failure. [ 4016.818449][ T5067] name failslab, interval 1, probability 0, space 0, times 0 [ 4016.841810][ T5067] CPU: 0 UID: 0 PID: 5067 Comm: syz.4.269 Not tainted syzkaller #0 PREEMPT [ 4016.842217][ T5067] Hardware name: linux,dummy-virt (DT) [ 4016.842346][ T5067] Call trace: [ 4016.842427][ T5067] show_stack+0x2c/0x3c (C) [ 4016.842786][ T5067] __dump_stack+0x30/0x40 [ 4016.843095][ T5067] dump_stack_lvl+0xd8/0x12c [ 4016.843437][ T5067] dump_stack+0x1c/0x28 [ 4016.843736][ T5067] should_fail_ex+0x56c/0x6d8 [ 4016.843957][ T5067] should_failslab+0xb8/0xec [ 4016.844259][ T5067] kmem_cache_alloc_noprof+0x90/0x5b4 [ 4016.844528][ T5067] security_file_alloc+0x38/0x32c [ 4016.844823][ T5067] init_file+0xb0/0x368 [ 4016.845044][ T5067] alloc_empty_file+0x74/0x17c [ 4016.845289][ T5067] path_openat+0xa8/0x3c14 [ 4016.845530][ T5067] do_filp_open+0x194/0x3d4 [ 4016.845764][ T5067] do_sys_openat2+0xd8/0x19c [ 4016.846048][ T5067] __arm64_sys_openat+0x14c/0x1b0 [ 4016.846356][ T5067] invoke_syscall+0x90/0x230 [ 4016.846645][ T5067] el0_svc_common+0x120/0x2f4 [ 4016.846923][ T5067] do_el0_svc+0x58/0x74 [ 4016.847212][ T5067] el0_svc+0x5c/0x238 [ 4016.847545][ T5067] el0t_64_sync_handler+0x84/0x12c [ 4016.847844][ T5067] el0t_64_sync+0x198/0x19c [ 4061.119726][ T5085] FAULT_INJECTION: forcing a failure. [ 4061.119726][ T5085] name failslab, interval 1, probability 0, space 0, times 0 [ 4061.167849][ T5085] CPU: 0 UID: 0 PID: 5085 Comm: syz.5.275 Not tainted syzkaller #0 PREEMPT [ 4061.168285][ T5085] Hardware name: linux,dummy-virt (DT) [ 4061.168399][ T5085] Call trace: [ 4061.168479][ T5085] show_stack+0x2c/0x3c (C) [ 4061.168835][ T5085] __dump_stack+0x30/0x40 [ 4061.169237][ T5085] dump_stack_lvl+0xd8/0x12c [ 4061.169604][ T5085] dump_stack+0x1c/0x28 [ 4061.169892][ T5085] should_fail_ex+0x56c/0x6d8 [ 4061.170127][ T5085] should_failslab+0xb8/0xec [ 4061.170435][ T5085] __kmalloc_noprof+0xe8/0x680 [ 4061.170684][ T5085] tomoyo_realpath_from_path+0xdc/0x628 [ 4061.170967][ T5085] tomoyo_check_open_permission+0x148/0x4ac [ 4061.171239][ T5085] tomoyo_file_open+0x1d8/0x248 [ 4061.171577][ T5085] security_file_open+0xc0/0x274 [ 4061.171884][ T5085] do_dentry_open+0x3a4/0x166c [ 4061.172200][ T5085] vfs_open+0x4c/0x380 [ 4061.172502][ T5085] path_openat+0x34a4/0x3c14 [ 4061.172750][ T5085] do_filp_open+0x194/0x3d4 [ 4061.172990][ T5085] do_sys_openat2+0xd8/0x19c [ 4061.173307][ T5085] __arm64_sys_openat+0x14c/0x1b0 [ 4061.173605][ T5085] invoke_syscall+0x90/0x230 [ 4061.173886][ T5085] el0_svc_common+0x120/0x2f4 [ 4061.174180][ T5085] do_el0_svc+0x58/0x74 [ 4061.174545][ T5085] el0_svc+0x5c/0x238 [ 4061.174860][ T5085] el0t_64_sync_handler+0x84/0x12c [ 4061.175171][ T5085] el0t_64_sync+0x198/0x19c [ 4061.338483][ T5085] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4236.783994][ T5140] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4238.617668][ T5140] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4240.812433][ T5140] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4243.062275][ T5140] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4272.708231][ T5140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4273.460147][ T5140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4273.869199][ T5140] bond0 (unregistering): Released all slaves [ 4276.546481][ T5140] hsr_slave_0: left promiscuous mode [ 4276.711196][ T5140] hsr_slave_1: left promiscuous mode [ 4277.989858][ T5140] veth1_macvtap: left promiscuous mode [ 4278.006244][ T5140] veth0_macvtap: left promiscuous mode [ 4278.021624][ T5140] veth1_vlan: left promiscuous mode [ 4278.069948][ T5140] veth0_vlan: left promiscuous mode [ 4418.757921][ T5138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4419.443338][ T5138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4470.478264][ T5138] hsr_slave_0: entered promiscuous mode [ 4470.679603][ T5138] hsr_slave_1: entered promiscuous mode [ 4470.848679][ T5138] debugfs: 'hsr0' already exists in 'hsr' [ 4470.881361][ T5138] Cannot create hsr debugfs directory [ 4501.173615][ T5138] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 4501.950439][ T5138] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 4502.483231][ T5138] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 4503.249971][ T5138] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 4551.507300][ T5138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4763.385190][ T5138] veth0_vlan: entered promiscuous mode [ 4765.309525][ T5138] veth1_vlan: entered promiscuous mode [ 4771.343129][ T5138] veth0_macvtap: entered promiscuous mode [ 4772.518094][ T5138] veth1_macvtap: entered promiscuous mode [ 4777.956002][ T3750] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4778.088648][ T3750] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4778.310382][ T5137] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4778.332925][ T5137] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5031.020465][ T3750] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5032.673173][ T3750] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5034.236540][ T3750] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5035.970503][ T3750] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5062.342481][ T3750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5062.769538][ T3750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5063.018368][ T3750] bond0 (unregistering): Released all slaves [ 5066.783858][ T3750] hsr_slave_0: left promiscuous mode [ 5067.330138][ T3750] hsr_slave_1: left promiscuous mode [ 5068.508861][ T3750] veth1_macvtap: left promiscuous mode [ 5068.520740][ T3750] veth0_macvtap: left promiscuous mode [ 5068.556508][ T3750] veth1_vlan: left promiscuous mode [ 5068.567586][ T3750] veth0_vlan: left promiscuous mode [ 5110.671978][ T3750] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5112.437230][ T3750] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5115.133231][ T3750] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5117.829646][ T3750] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5145.203348][ T3750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5145.451572][ T3750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5145.649570][ T3750] bond0 (unregistering): Released all slaves [ 5149.487254][ T3750] hsr_slave_0: left promiscuous mode [ 5149.981184][ T3750] hsr_slave_1: left promiscuous mode [ 5151.208888][ T3750] veth1_macvtap: left promiscuous mode [ 5151.257343][ T3750] veth0_macvtap: left promiscuous mode [ 5151.262542][ T3750] veth1_vlan: left promiscuous mode [ 5151.288941][ T3750] veth0_vlan: left promiscuous mode [ 5209.073429][ T5497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5209.429614][ T5497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5215.111460][ T5499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5215.502303][ T5499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5250.779029][ T5497] hsr_slave_0: entered promiscuous mode [ 5250.932998][ T5497] hsr_slave_1: entered promiscuous mode [ 5257.890681][ T5499] hsr_slave_0: entered promiscuous mode [ 5257.998010][ T5499] hsr_slave_1: entered promiscuous mode [ 5258.040376][ T5499] debugfs: 'hsr0' already exists in 'hsr' [ 5258.046499][ T5499] Cannot create hsr debugfs directory [ 5276.739977][ T5497] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 5277.863708][ T5497] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 5278.898707][ T5497] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 5279.888657][ T5497] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 5289.320378][ T5499] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 5289.842987][ T5499] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 5290.609518][ T5499] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 5291.203935][ T5499] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 5328.031140][ T5497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5336.651629][ T5499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5529.079586][ T5497] veth0_vlan: entered promiscuous mode [ 5531.000050][ T5497] veth1_vlan: entered promiscuous mode [ 5536.423005][ T5497] veth0_macvtap: entered promiscuous mode [ 5537.947910][ T5497] veth1_macvtap: entered promiscuous mode [ 5542.023554][ T5499] veth0_vlan: entered promiscuous mode [ 5545.230423][ T5499] veth1_vlan: entered promiscuous mode [ 5547.746452][ T4212] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5547.920112][ T3750] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5547.950740][ T3840] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5548.019775][ T5140] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5555.747687][ T5499] veth0_macvtap: entered promiscuous mode [ 5557.573043][ T5499] veth1_macvtap: entered promiscuous mode [ 5565.181962][ T4725] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5565.216823][ T5137] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5565.407410][ T3840] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5565.526432][ T5137] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5828.863744][ T5642] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5832.030472][ T5642] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5836.791612][ T5642] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5839.939979][ T5642] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5880.289150][ T5642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5880.704096][ T5642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5880.978625][ T5642] bond0 (unregistering): Released all slaves [ 5884.177612][ T5642] hsr_slave_0: left promiscuous mode [ 5884.377450][ T5642] hsr_slave_1: left promiscuous mode [ 5885.370676][ T5642] veth1_macvtap: left promiscuous mode [ 5885.406955][ T5642] veth0_macvtap: left promiscuous mode [ 5885.439281][ T5642] veth1_vlan: left promiscuous mode [ 5885.498062][ T5642] veth0_vlan: left promiscuous mode [ 5949.950039][ T5639] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5952.124334][ T5639] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5954.322859][ T5639] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5956.649207][ T5639] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5970.500552][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5991.581356][ T5639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5992.019728][ T5639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5992.252792][ T5639] bond0 (unregistering): Released all slaves [ 5993.333152][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5996.025522][ T5639] hsr_slave_0: left promiscuous mode [ 5996.129257][ T5639] hsr_slave_1: left promiscuous mode [ 5996.756014][ T5639] veth1_macvtap: left promiscuous mode [ 5996.760021][ T5639] veth0_macvtap: left promiscuous mode [ 5996.777764][ T5639] veth1_vlan: left promiscuous mode [ 5996.792156][ T5639] veth0_vlan: left promiscuous mode [ 6027.153565][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6029.279673][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6074.159087][ T5786] hsr_slave_0: entered promiscuous mode [ 6074.199879][ T5786] hsr_slave_1: entered promiscuous mode [ 6078.989225][ T5783] hsr_slave_0: entered promiscuous mode [ 6079.110009][ T5783] hsr_slave_1: entered promiscuous mode [ 6079.217710][ T5783] debugfs: 'hsr0' already exists in 'hsr' [ 6079.245664][ T5783] Cannot create hsr debugfs directory [ 6122.500350][ T5783] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 6124.018292][ T5783] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 6124.909596][ T5783] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 6125.664134][ T5783] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 6135.208986][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 6135.833824][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 6136.468590][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 6137.250286][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 6176.873364][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6187.034024][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6411.651647][ T4725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6411.980214][ T4725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6412.226636][ T4725] bond0 (unregistering): Released all slaves [ 6415.287956][ T4725] hsr_slave_0: left promiscuous mode [ 6415.805949][ T4725] hsr_slave_1: left promiscuous mode [ 6510.696611][ T4725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6511.177358][ T4725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6511.451036][ T4725] bond0 (unregistering): Released all slaves [ 6515.069822][ T4725] hsr_slave_0: left promiscuous mode [ 6515.273938][ T4725] hsr_slave_1: left promiscuous mode VM DIAGNOSIS: 15:17:36 Registers: info registers vcpu 0 CPU#0 PC=ffff800086736904 X00=ffff8000800e67c4 X01=0000000000000000 X02=0000000000000010 X03=0000000000000000 X04=0000000000000003 X05=0000000000000001 X06=0000000000000000 X07=ffff800080ce7b80 X08=ffff80008c6f8000 X09=0000000000000101 X10=0000000000ff0100 X11=0000000000000002 X12=ffff800080010528 X13=00000000d35a4d5f X14=00000000ffff8000 X15=ffff80008c6f76a0 X16=ffff800080010528 X17=000000000000005b X18=fff0000072d5b448 X19=ffff80008c6f77f0 X20=ffff80008c6f77f0 X21=ffff800086758808 X22=ffff80008c6f76a8 X23=00000000000000ff X24=0000000000000000 X25=0000000000000001 X26=0000000003ffffff X27=92f000001ea59b80 X28=ffff800087960000 X29=ffff80008c6f77d0 X30=ffff800086738134 SP=ffff80008c6f7650 PSTATE=204020c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=656c6c616b7a7973:0000000000000073 Z02=0000000000000000:00000000ff000000 Z03=0000000000000000:ffffffffffffff00 Z04=0000000000000000:00000000fffffff0 Z05=bcc03000000300fc:bcc03000000300fc Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:000001f40000000a Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000ffffda932644:0000000000000002 Z25=0000000000000cfe:0000ffff00000002 Z26=0000000000000000:0000ffffda932660 Z27=0000ffff806515fc:0000ffffda932590 Z28=0000aaaae27158f0:0000000000000000 Z29=0000000300000008:0000000200000017 Z30=0000000100000013:000000000000000b Z31=0000000000000000:0000000000000001