last executing test programs: 2h4m18.192387347s ago: executing program 32 (id=116): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r1, 0x4010ae74, &(0x7f0000000040)={0x9, 0x2, 0x8}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x302, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 32) r4 = eventfd2(0x8, 0x80800) (rerun: 32) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0xeeef0000, 0x0, r4}) (async) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x6, 0x2000, 0x0, r4}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@code={0xa, 0xb0, {"408092d200c0b8f2a10180d2230080d2c40080d2020000d400e59bd20000b0f2610180d2a20080d2830080d2240080d2020000d4200f94d200c0b8f2a10180d2e20080d2830180d2040080d2020000d40090802f008783d20080b0f2410080d2e20180d2030080d2640080d2020000d4008008d50000202b0040200d00628dd200c0b0f2410080d2020080d2230080d2840080d2020000d4008008d5"}}], 0xb0}, &(0x7f0000000300)=[@featur2={0x1, 0x88}], 0x1) (async, rerun: 64) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (rerun: 64) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) syz_kvm_vgic_v3_setup(r3, 0x2, 0x2e0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r3, 0xc040aed4, &(0x7f0000000140)={0x9, 0x9d}) 2h4m13.57198065s ago: executing program 33 (id=117): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000b97000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x25) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) syz_kvm_setup_cpu$arm64(r1, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001140)=[{0x0, 0x0}], 0x1, 0x0, &(0x7f0000001180)=[@featur2={0x1, 0xa4}], 0x1) r7 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000280)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c090, &(0x7f00000000c0)=0xfffffffffffffffe}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000000)={0x5, [0xce00000000000000, 0x100000000, 0x0, 0x7fff, 0x4]}) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r9, 0xae03, 0x83) 1h58m31.949578226s ago: executing program 34 (id=120): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3f) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r7, 0x40000) mmap$KVM_VCPU(&(0x7f0000f48000/0x3000)=nil, r3, 0x2000000, 0x2010, r7, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffe}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x8000}}, @msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x28) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x31) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000ab9000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r14, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010001a, 0x0}) r15 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r17, &(0x7f0000c00000/0x400000)=nil) r18 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r19 = syz_kvm_add_vcpu$arm64(r18, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@smc={0x1e, 0x40, {0x2, [0x80000000000, 0x6, 0xed, 0x6f4, 0x1]}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r19, 0xae80, 0x0) r20 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r15, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r20, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r3, 0x0, 0x1010, r7, 0x0) 1h57m23.279500432s ago: executing program 35 (id=126): r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) r1 = mmap$KVM_VCPU(&(0x7f00007ff000/0x800000)=nil, 0x0, 0x2000003, 0x2010, r0, 0x0) syz_kvm_setup_cpu$arm64(r0, r0, &(0x7f0000a4d000/0x400000)=nil, &(0x7f00000001c0)=[{0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x4, 0x0, 0x186}}, @mrs={0xbe, 0x18, {0x6030000000130204}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffe8, 0x800, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e281}}, @svc={0x122, 0x40, {0x8000, [0x9, 0x8, 0x6, 0x1, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013e703}}, @irq_setup={0x46, 0x18, {0x1, 0x21c}}, @mrs={0xbe, 0x18, {0x603000000013c212}}, @msr={0x14, 0x20, {0x603000000013da28, 0xd}}, @smc={0x1e, 0x40, {0x2000000, [0x80, 0x0, 0x9, 0xf6, 0x1e6c00]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x1e4}}], 0x198}], 0x1, 0x0, &(0x7f0000000200)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000240)={0x3, 0x8000}) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x2) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0x631, 0x2}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000300)=@attr_other={0x0, 0x2, 0x4, &(0x7f00000002c0)=0x2}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000340)={0x5, 0xffffffffffffffff, 0x1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x1040, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000003c0)={0x10004, 0x7, 0x8000000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f0000000400)) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x4) syz_kvm_vgic_v3_setup(r0, 0x4, 0x120) ioctl$KVM_CAP_HALT_POLL(r0, 0x4068aea3, &(0x7f0000000480)={0xb6, 0x0, 0x2}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xe) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000aab000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x33) ioctl$KVM_CLEAR_DIRTY_LOG(r4, 0xc018aec0, &(0x7f0000000900)={0x3, 0x280, 0x100, &(0x7f0000000500)=[0x355, 0x5, 0x100000001, 0xfff, 0x7, 0x5, 0x9, 0x3, 0x9, 0x0, 0x7, 0x6, 0x4, 0xfffffffffffffffd, 0xf0f5, 0x80000001, 0x81, 0x5, 0xffffffffffffffff, 0x40000000000000, 0x4, 0xb08, 0x0, 0x7, 0x8, 0xffffffff, 0x4, 0x5, 0xffffffffffffff29, 0x100000000, 0x20, 0xfc, 0x3, 0x1, 0x2, 0x5, 0x144, 0x8001, 0x80, 0x7fffffffffffffff, 0x1, 0x9, 0x1, 0x5, 0x0, 0x7fff, 0x3fc451a9, 0x2, 0x5, 0x80, 0x2db3, 0x3, 0x0, 0x401, 0x2, 0xfffffffffffffffd, 0xe, 0x4, 0x18e, 0x1, 0xfffffffffffffe2b, 0x60e, 0xfa2, 0x6, 0x7, 0x0, 0x7, 0x9, 0xb3ad, 0x1, 0x8, 0x6, 0x8, 0x101, 0x1, 0x7, 0x1, 0xb72, 0x1, 0x5, 0x0, 0x800, 0x65f, 0xf5, 0x5, 0x1, 0x4, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xfff, 0x7, 0xdbc6, 0xa20, 0x2, 0x4, 0xffffffff, 0x7, 0x2, 0x1ff, 0x8, 0x6, 0xadb3, 0x5, 0x4, 0x7, 0x81, 0xfffffffffffffff7, 0x0, 0x21b02452, 0x5, 0x2, 0x1, 0x8000000000000000, 0xffffffffffffffff, 0x8, 0x2, 0x5, 0x7, 0x3, 0x0, 0x400, 0x7, 0x3, 0x8, 0x759, 0x1, 0x6, 0x2]}) ioctl$KVM_CAP_ARM_MTE(r4, 0x4068aea3, &(0x7f0000000940)) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000009c0)={0x3, 0x2, 0x80a0000, 0x1000, &(0x7f0000c1d000/0x1000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x18) eventfd2(0x8, 0x80800) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2) ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f0000000a00)={0x7, 0x4}) munmap(&(0x7f0000cb6000/0x2000)=nil, 0x2000) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000a40)={0x80000000, 0x4}) ioctl$KVM_CAP_PTP_KVM(r0, 0x4068aea3, &(0x7f0000000a80)) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000b00)="c9144bb8c72965954ff83062f9bd5ee206c92504bca01731", 0x0, 0x18) 1h51m28.597592199s ago: executing program 4 (id=128): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = eventfd2(0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r2 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2c) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2c) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9}) mmap$KVM_VCPU(&(0x7f0000df3000/0x4000)=nil, r1, 0x0, 0x40010, r5, 0x0) ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) (async) ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000140)=@arm64_core={0x6030000000100024, &(0x7f0000000100)=0x2}) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 1h51m6.744392221s ago: executing program 4 (id=129): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f00000002c0)={0x200}) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x4, 0x400, 0x4, 0x6}}, @irq_setup={0x46, 0x18, {0x0, 0x5d}}, @svc={0x122, 0x40, {0x80000002, [0x8000000000000000, 0x0, 0x7, 0x8, 0xfffffffffffffffa]}}, @smc={0x1e, 0x40, {0x80008000, [0x3, 0xfffffffffffffffd, 0x80000000, 0x926]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x4, 0x10, 0x8, 0x5, 0x3}}], 0xe8}, &(0x7f0000000140)=[@featur2={0x1, 0x22}], 0x1) (async) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r9, 0x4018aee3, &(0x7f0000000340)=@attr_arm64={0x0, 0x8, 0x0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000280)={0x1fd, 0x1, 0x4, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) r10 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bfd000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000000)={0x0, 0x0}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101000, 0x0) (rerun: 32) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) (async, rerun: 64) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f) (async, rerun: 32) r12 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (rerun: 32) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r14 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r13, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r14, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) 1h50m49.16431657s ago: executing program 4 (id=131): mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r1, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 1h50m40.619484638s ago: executing program 4 (id=133): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x8, 0x80, 0x80}}], 0x50}, 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r5, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x80000000, 0x2}}) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1h50m26.432474162s ago: executing program 4 (id=135): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) 1h49m47.779300518s ago: executing program 36 (id=134): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x34) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f00000002c0)=@arm64_sve={0x6080000000150300, &(0x7f0000000280)=0x8000000000000001}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c038, &(0x7f0000000200)=0x3}) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0xffffffffffffffff, 0x306}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x2b4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x3, 0x1a0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, 0x0, 0x2000009, 0x11, 0xffffffffffffffff, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0) r11 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f00000001c0)=@other={0x8, 0x0}) r12 = eventfd2(0xfffffff7, 0x800) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000240)={0x0, 0x10000, 0x8, r12, 0xd}) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x603000000010000a, &(0x7f0000000000)=0x10000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1h49m37.30543492s ago: executing program 37 (id=135): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) (async) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) (async) write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) 1h36m30.840818548s ago: executing program 38 (id=159): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) syz_kvm_vgic_v3_setup(r1, 0x2, 0xe0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x84eeb5280a251b1b, 0xeeee0000, 0x2000, &(0x7f0000f31000/0x2000)=nil}) 1h36m20.930923641s ago: executing program 39 (id=160): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG_arm64(r5, 0x4208ae9b, &(0x7f0000000240)={0x20003, 0x0, {[0x97ab, 0x10001, 0x3, 0xc08d, 0x8, 0xffffffff00000001, 0x3b880, 0x400, 0x5, 0x2, 0x6, 0x5, 0x2, 0x8, 0x6, 0x7fff], [0x45e1, 0x8000, 0x5d2, 0xfff, 0xbb9, 0x0, 0x8, 0xe, 0x51bb, 0x8, 0x4d681830, 0x9, 0x3, 0x7, 0x7, 0xfffffffffffffff6], [0x80000001, 0xfffffffffffffffe, 0xa3, 0x0, 0x8, 0x81, 0x6, 0xfda8, 0x401, 0x5fd6, 0x3, 0x0, 0x40, 0x4, 0xffffffff, 0x9], [0x3, 0x6, 0xe99, 0xe, 0x9, 0x7, 0x8, 0x0, 0xb, 0x2, 0x10, 0x4, 0x9, 0x9, 0xc, 0x6]}}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1h26m58.337701499s ago: executing program 40 (id=165): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) (async, rerun: 32) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) (rerun: 32) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x9) (async) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async, rerun: 64) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (rerun: 64) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r8, 0x4010ae68, &(0x7f0000000000)={0x80a0000, 0x0, 0x1}) (async) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xe4) (async) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x18, {"7f2003d5"}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) ioctl$KVM_IRQ_LINE_STATUS(r11, 0xc008ae67, &(0x7f0000000100)={0x0, 0x81}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_sys={0x603000000013c021, &(0x7f0000000140)=0x9}) 1h26m52.390237955s ago: executing program 41 (id=166): r0 = eventfd2(0xf, 0x801) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110003, &(0x7f00000001c0)=0x7}) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x10001, 0x4, 0x2, r0, 0x5}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x25) ioctl$KVM_CAP_ARM_MTE(r6, 0x4068aea3, &(0x7f00000000c0)) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013c00a, &(0x7f0000000280)=0x3}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r9, 0x2, 0x220) ioctl$KVM_IRQ_LINE(r9, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) 1h16m11.769541301s ago: executing program 42 (id=179): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0x2, 0x20000013) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef00000000fcffffffffffff1bf3a3b292e50d9600020000000100000003000000000000000400000000000000320000000000000040000000000000005200008400"], 0x80}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_GET_MP_STATE(r6, 0x8004ae98, &(0x7f0000000240)) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYRESHEX=r1]) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x2c) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f00000001c0)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000140)=0x32fc8000}) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x10002, 0x5, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x100000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f2a000/0x4000)=nil, 0x930, 0x7, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) 1h16m2.891288561s ago: executing program 43 (id=180): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, 0x0}) (async, rerun: 32) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 32) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010003c, &(0x7f0000000140)=0x7}) (async, rerun: 32) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (rerun: 32) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async, rerun: 64) r9 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (rerun: 64) ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f0000000180)=@attr_other={0x0, 0x5, 0xc, &(0x7f0000000240)=0x80000001}) (async, rerun: 64) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r15, 0x4010aeac, &(0x7f0000000100)=@arm64_sys={0x603000000013c006, &(0x7f0000000040)=0xffffffffffffffff}) (async) syz_kvm_vgic_v3_setup(r11, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r11, 0x4008ae61, &(0x7f0000000100)={0x100001f, 0x1}) 1h3m37.404070089s ago: executing program 44 (id=220): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0xa}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) syz_kvm_vgic_v3_setup(r3, 0x4, 0x200) r4 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x8, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION2(0xffffffffffffffff, 0x40a0ae49, &(0x7f0000000180)={0x5, 0x4, 0xffff1000, 0x1000, &(0x7f0000f0f000/0x1000)=nil, 0x10, r4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) 1h3m31.520343245s ago: executing program 45 (id=221): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000080)=@arm64_extra={0x603000000013c103, &(0x7f0000000000)=0x2}) r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000180)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000240)={0x11, 0x6, 0x1}}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r11, 0x2000003, 0x11, r9, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0xfffffffffffffffa) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r11, 0x2000009, 0x11, r9, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000d89000/0x3000)=nil, r11, 0x1000000, 0x8010, r6, 0x0) r16 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) close(r16) r17 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0) r19 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r18, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r19, 0x2}) 55m44.806744651s ago: executing program 4 (id=223): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x80, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xe4) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000a05000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r8, 0x3, 0x3a0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bfd000/0x400000)=nil) close(r8) 55m2.571684324s ago: executing program 46 (id=222): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x31) ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0x80) 54m55.291512595s ago: executing program 47 (id=223): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x80, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0xe4) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000a05000/0x400000)=nil, &(0x7f0000000100)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r8, 0x3, 0x3a0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000bfd000/0x400000)=nil) close(r8) 47m50.573102531s ago: executing program 6 (id=227): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000008c0)={0x1000, 0x1000}) close(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x27) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r7, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r7, 0x0, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r9, 0x0, 0x40032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x0, 0x3000000, 0xf0dc1a55878b9c58, 0xffffffffffffffff, 0x0) 47m36.707682169s ago: executing program 7 (id=229): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xffffffff, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x4, 0x220) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 47m30.771911304s ago: executing program 6 (id=230): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x16, 0x4, 0x1}}) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000240)=[@hvc={0x32, 0x40, {0x8600ff01, [0x7, 0x9, 0x8, 0xfffffffffffffff8, 0x100]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r6 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r5, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) close(r7) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 47m22.485585844s ago: executing program 7 (id=231): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x4e0884, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1a) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) (async) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_setup_cpu$arm64(r5, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000200)=[{0x0, 0x0, 0xffffffffffffff9e}], 0x1, 0x0, &(0x7f0000000280)=[@featur2={0x1, 0x95}], 0x1) (async) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000e6ff4000000000000000000000ef0000000000000000000000000500"/49], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000240)}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async, rerun: 64) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) (async, rerun: 64) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = syz_kvm_vgic_v3_setup(r13, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0xffffffff, 0x4, 0x0}) (async) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000b74000/0x400000)=nil) (async) r15 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffa000/0x3000)=nil, r11, 0x5, 0x80010, r15, 0x0) (async) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 47m20.468794333s ago: executing program 6 (id=232): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8200, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3b) r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_assert_reg(r5, 0x603000000013dce8, 0x8000) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0xa286404f4f49f33) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) 47m9.40510024s ago: executing program 7 (id=233): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000000900)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) close(r1) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r6}) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r9, r10, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000004000000000000000ad770081000000000800000000000000010000000000000002000000000000000300000000000000040000000000000032000000000000004000000000000000530000c400"], 0x80}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000ab8000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) syz_kvm_add_vcpu$arm64(r13, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x7, 0x1, 0x0}) r15 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece) ioctl$KVM_CAP_PTP_KVM(r15, 0x4068aea3, &(0x7f0000000080)) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000003, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 47m8.887532774s ago: executing program 6 (id=234): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) (async) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x6, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x2, 0x1, &(0x7f0000000200)=0x7}) (async) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x2, 0x1, &(0x7f0000000200)=0x7}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x30, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x8) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x201c0, 0x0) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x201c0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013e110, 0x0}) (async) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000100)=@arm64_sys={0x603000000013e110, 0x0}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r9 = syz_kvm_vgic_v3_setup(r8, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r9, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x1, 0x0}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) r10 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x11) ioctl$KVM_SET_DEVICE_ATTR_vm(r12, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0000000000000040000000000000000200008000000000000052000000000001000000000000000000000400000000000000"], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r10, 0x40000) (async) r14 = mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x11, r10, 0x40000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000100)="b7fd70886788e8e0e522022a69832d0435b8dd45f22344477a3b4c9464506ced90a91e573a3ffae3de1fc5cd2dd6f1294366d73f78a3bf8c268782fc65b9a6b4f9aa43c1777b7837", 0x0, 0xcd) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000100)="b7fd70886788e8e0e522022a69832d0435b8dd45f22344477a3b4c9464506ced90a91e573a3ffae3de1fc5cd2dd6f1294366d73f78a3bf8c268782fc65b9a6b4f9aa43c1777b7837", 0x0, 0xcd) 46m56.420453507s ago: executing program 6 (id=235): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000080)=0x4}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0xf4020000}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x27) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r8, 0x4010ae68, 0xfffffffffffffffe) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000bfd000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x5, 0x80a0000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x2) r13 = syz_kvm_vgic_v3_setup(r12, 0x1, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r13, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x10003, 0x0}) r14 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000b80)={0x0, &(0x7f0000000140)=[@smc={0x1e, 0x0, {0x2, [0x7, 0x1bb305ca, 0x9, 0x6, 0x2]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x6}], 0x1) ioctl$KVM_RUN(r14, 0xae80, 0x0) 46m55.313836102s ago: executing program 7 (id=236): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0x76dc8650, 0x4}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0x40086602, 0x20000000) (async, rerun: 32) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async, rerun: 32) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000040)=[@code={0xa, 0x84, {"00e4207e0050c01a801e92d200a0b8f2410080d2420180d2230180d2240180d2020000d4801597d20080b0f2210080d2420080d2230180d2040080d2020000d4008008d5007008d5007008d5c0d99fd20020b8f2a10080d2a20080d2230080d2440180d2020000d4007008d5007008d5"}}, @uexit={0x0, 0x18, 0x120000000000}, @msr={0x14, 0x20, {0xc06000000027f6ad, 0x6}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x3, 0x3, 0xfff, 0x1}}, @smc={0x1e, 0x40, {0x4200000f, [0x8, 0x4, 0x5f1, 0xae, 0x8000]}}, @smc={0x1e, 0x40, {0x84000008, [0xc, 0x8, 0x1, 0xa, 0xffff]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x0, 0x7, 0x3, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013df70}}], 0x1a4}, &(0x7f0000000240)=[@featur1={0x1, 0x9b}], 0x1) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r11, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e000, 0x0}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f00000002c0)={0x2, 0x2000}) (async, rerun: 64) ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f0000000280)) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0xa, 0x2012, r3, 0x0) 46m42.742100326s ago: executing program 7 (id=237): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0x4020940d, 0x20) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x20}], 0x1, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, 0x0) 46m38.033100415s ago: executing program 6 (id=238): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r4 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) syz_kvm_vgic_v3_setup(r8, 0x0, 0x60) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (async) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r8, 0x0, 0x60) (async) 46m29.891098779s ago: executing program 7 (id=239): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000000)=0x4}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x2, r5}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x480a00, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x12) 45m50.850561631s ago: executing program 48 (id=238): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) r4 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) syz_kvm_vgic_v3_setup(r8, 0x0, 0x60) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x2873f7aecfc88708, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r3, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x300, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x28) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (async) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r7, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r5, 0x4068aea3, &(0x7f0000000140)={0xdf, 0x0, 0x2000}) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) (async) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) (async) syz_kvm_vgic_v3_setup(r8, 0x0, 0x60) (async) 45m41.130155919s ago: executing program 49 (id=239): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = syz_kvm_vgic_v3_setup(r2, 0x3, 0xa0) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000000)=0x4}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x8, 0x2, r5}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x480a00, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x12) 38m56.345639307s ago: executing program 9 (id=248): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d) syz_kvm_vgic_v3_setup(r2, 0x1, 0x0) close(r1) 38m44.709031898s ago: executing program 9 (id=250): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r3, 0x603000000013df11, 0x8000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0x40087602, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x181f42, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000000)={0x5, 0x3, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000000000/0x400000)=nil) r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x29) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = ioctl$KVM_CREATE_VM(r6, 0x80111500, 0x20000000) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r16, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) write$eventfd(r12, &(0x7f0000000040), 0x8) 38m27.683932s ago: executing program 9 (id=252): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000000)={0x7}) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f00000002c0)={0x0, 0x10000}) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f00000000c0)={0x8}) ioctl$KVM_SIGNAL_MSI(r6, 0x4020aea5, &(0x7f0000000000)={0x1fff, 0x0, 0x0, 0x1, 0xda}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c61000/0x3000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000011000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f00000002c0)=[@mrs={0xbe, 0x18, {0x6030000000138045}}, @uexit={0x0, 0x18, 0x3}, @eret={0xe6, 0x18, 0xe6}, @svc={0x122, 0x40, {0x2000, [0x10, 0x2, 0xa, 0x8, 0xf8]}}, @smc={0x1e, 0x40, {0x84000013, [0x0, 0x2, 0x1, 0x3, 0x1]}}, @code={0xa, 0xe4, {"a00180d20020b8f2210080d2e20080d2830080d2a40180d2020000d4000860fc00f48bd200a0b0f2410180d2620080d2c30180d2840180d2020000d4605392d200c0b8f2c10180d2620180d2a30080d2840080d2020000d4403783d200e0b0f2410080d2420080d2630180d2240180d2020000d400c087d20040b8f2c10080d2820080d2230180d2a40180d2020000d4804a81d200e0b8f2010180d2620180d2e30180d2640180d2020000d40008c09a005694d200e0b0f2c10080d2e20080d2c30180d2440080d2020000d4007008d5"}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x2, 0x2, 0xffffffff, 0x7ff, 0x3}}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x2a3}}, @hvc={0x32, 0x40, {0x84000053, [0x7840, 0x400, 0x9, 0xe81, 0x7]}}, @svc={0x122, 0x40, {0x84000051, [0x200, 0x8, 0xc07, 0x40, 0x72]}}, @svc={0x122, 0x40, {0x86000001, [0x5, 0x7fff, 0x0, 0x8, 0x8000000000000001]}}, @msr={0x14, 0x20, {0x603000000013e6c7, 0x7}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x4, 0x82, 0x10, 0x2}}, @hvc={0x32, 0x40, {0x0, [0x7, 0x9800000000000000, 0x8, 0x6, 0xc4b]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x2, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013e72a}}, @svc={0x122, 0x40, {0x84000000, [0x52d, 0x5e8, 0x2, 0x71d, 0x8000]}}, @mrs={0xbe, 0x18, {0x603000000013e66d}}, @hvc={0x32, 0x40, {0x8600ff01, [0xffffffff7fffffff, 0x8, 0xf, 0x300000000, 0x6]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x30b}}], 0x44c}], 0x1, 0x0, &(0x7f0000000080)=[@featur2={0x1, 0x14}], 0x1) 37m43.407032494s ago: executing program 9 (id=254): munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000000), 0x72483, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, r0, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000140003, &(0x7f0000000000)=0x7}) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x0, 0x0}) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e1d000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 37m28.398813232s ago: executing program 9 (id=257): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) syz_kvm_vgic_v3_setup(r2, 0x0, 0x60) (async) syz_kvm_vgic_v3_setup(r2, 0x0, 0x60) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) 37m9.672358952s ago: executing program 9 (id=259): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000000c0)=0xbea) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x9b58a77168d6241c, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, 0xfffffffffffffffe) r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x66) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x4c0140, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_sve={0x60800000001500ff, &(0x7f00000001c0)=0x90}) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x27) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r17, 0x4004ae8b, &(0x7f0000000380)=ANY=[@ANYBLOB='\b\x00']) syz_kvm_vgic_v3_setup(r14, 0x40000000000004, 0xc0) 36m22.582963703s ago: executing program 50 (id=259): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000000c0)=0xbea) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x9b58a77168d6241c, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, 0xfffffffffffffffe) r8 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x66) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x4c0140, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r12, 0x4010aeac, &(0x7f0000000140)=@arm64_sve={0x60800000001500ff, &(0x7f00000001c0)=0x90}) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x27) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r17, 0x4004ae8b, &(0x7f0000000380)=ANY=[@ANYBLOB='\b\x00']) syz_kvm_vgic_v3_setup(r14, 0x40000000000004, 0xc0) 35m23.660742035s ago: executing program 8 (id=265): openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0x3a0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 35m15.111713434s ago: executing program 8 (id=266): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async, rerun: 32) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (rerun: 32) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (rerun: 32) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd2(0x8, 0x80800) r7 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r7}) (async) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r6, 0x3}) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r6, 0x3}) (async) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013df64, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) (async) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000000)={0x0, &(0x7f0000000240)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x0, 0x9, 0x100, 0x3}}, @irq_setup={0x46, 0x18, {0x3, 0x27f}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x14, 0x6, 0x4}}, @eret={0xe6, 0x18, 0x7}, @hvc={0x32, 0x40, {0x8400000e, [0x1, 0x401, 0x65e, 0x1, 0x3]}}, @msr={0x14, 0x20, {0x603000000013deb0, 0xe}}, @svc={0x122, 0x40, {0x84000014, [0xe, 0x9, 0x0, 0xff1, 0x7]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x2ab}}, @msr={0x14, 0x20, {0x603000000013def6, 0x22}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0x1, 0xf, 0xb, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x0, 0x89, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df40}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0x3, 0x3, 0x7, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013df69}}, @irq_setup={0x46, 0x18, {0x0, 0x27d}}, @mrs={0xbe, 0x18, {0x603000000013dea1}}, @code={0xa, 0xfc, {"20d684d20000b0f2610180d2420080d2030180d2240180d2020000d40000231ee02f99d20040b0f2010080d2620180d2630080d2a40180d2020000d400009f0dc0f389d20020b8f2610180d2e20180d2a30080d2640080d2020000d4202984d200c0b0f2a10180d2820080d2030080d2440080d2020000d4e0ea98d20020b0f2810080d2820080d2e30080d2240180d2020000d4202a86d200c0b0f2a10180d2a20080d2230080d2440080d2020000d4e0a185d20060b0f2410080d2420180d2c30180d2840080d2020000d4c06599d20060b0f2610180d2820180d2630080d2a40080d2020000d4"}}, @svc={0x122, 0x40, {0x8400000a, [0xfffffffffffffff6, 0x7fffffffffffffff, 0xd, 0x8, 0x101]}}, @mrs={0xbe, 0x18, {0x603000000013df7f}}, @uexit={0x0, 0x18, 0x7}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013c289}}, @mrs={0xbe, 0x18}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x36c}}, @eret={0xe6, 0x18, 0x2}, @code={0xa, 0x9c, {"000a98d200e0b0f2410080d2820180d2a30080d2040180d2020000d4200695d200e0b8f2010180d2220080d2030180d2640180d2020000d4000008d500899dd20000b8f2410180d2220080d2230180d2040180d2020000d4007008d580a283d200c0b8f2c10180d2e20080d2c30080d2a40080d2020000d40000c06800c8212e000000ea0008200e"}}, @its_setup={0x82, 0x28, {0x3, 0x2, 0x29}}, @hvc={0x32, 0x40, {0x32000000, [0x1, 0x4, 0x7, 0x6, 0x39]}}], 0x548}, &(0x7f0000000080)=[@featur1={0x1, 0x3}], 0x1) (async) r11 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r12 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r11, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000180)={0x10000, 0x0, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r11, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r17, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x603000000010002e, &(0x7f0000000380)=0xfffffffffffffff8}) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000000000/0x8000)=nil, 0x930, 0x0, 0x810, r10, 0x0) (async, rerun: 32) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x401c5820, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0x853, 0x0}) (async, rerun: 64) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) (rerun: 64) 35m3.96275734s ago: executing program 8 (id=267): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xb8000, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x2f) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="3200000000000000400000000000000007000084000000000e06000000000000fbffffff09000000040000000000000003000000000000000100000000000000"], 0x40}], 0x1, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) syz_memcpy_off$KVM_EXIT_MMIO(r2, 0x20, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) syz_kvm_vgic_v3_setup(r4, 0x3, 0x120) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000280)=@arm64_sve={0x60800000001502ba, 0x0}) r11 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f00000000c0)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000d84000/0x2000)=nil, r1, 0x0, 0x12, r10, 0x0) 34m48.588987201s ago: executing program 8 (id=268): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x7ff}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, &(0x7f0000000040)=[@mrs={0xbe, 0x18, {0x603000000013dce0}}], 0x18}, &(0x7f0000000000)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) r10 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1}) r13 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28) r14 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r13, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r15, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 34m31.889133639s ago: executing program 8 (id=269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2000002d) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x103b42, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2ec100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000140)=[@eret={0xe6, 0x18, 0x9}, @hvc={0x32, 0x40, {0xc1000045, [0xb331, 0x0, 0x7, 0x3, 0x5]}}, @hvc={0x32, 0x40, {0xc4000012, [0x100000001, 0x5, 0x7, 0x90aa, 0xea]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x1, 0x8, 0x5, 0x0, 0x2}}], 0xc0}, &(0x7f0000000280)=[@featur2={0x1, 0xa}], 0x1) r3 = syz_kvm_vgic_v3_setup(r2, 0x2, 0x100) close(r2) close(r3) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000080)=@arm64_sys={0x603000000013c2b1, 0x0}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) r10 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000140)=[@featur1={0x1, 0x633563f6b2813d7}], 0x1) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r9, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000) 34m15.708469343s ago: executing program 8 (id=270): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xcd) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e000, 0x0}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000003000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0a0000000000000084000000000000000010005e00fc001b0020002f000988d200a0b8f2010180d2620080d2830080d2c40080d2020000d400048038601b91d200a0b0f2a10080d2c20180d2a30180d2a40180d2020000d4000028d5406d81d20060b0f2410080d2820180d2230080d2840080d2020000d4007008d5000008d5c0035fd6000000000000000018000000000000000600000000000000e60000000000000018000000000000000000000000000000be00000000000000180000000000000020981300000030601e000000000000004000000000000000040000c400000000080000000000000005000000000000000080000000000000090000000000000000000000000000004600000000000000180000000000000003000000260000000a000000000000009c00000000000000001e9bd20060b0f2e10080d2c20180d20300800e040180d2020000d400e09ed20020b8f2210080d2220180d2630180d2240080d2020000d4800988d20020b8f2610080d2a20080d2430180d2e40180d2020000d460e899d200e0b8f2410080d2220180d2c30080d2240080d2020000d4007008d5007008d500fc000f0040204e1f000072007008d5c0035fd60a000000000000009c00000000000000000008d500008038a0699bd200c0b0f2010180d2c20080d2030180d2e40180d2020000d4a02089d200c0b8f2010180d2020180d2030180d2a40180d2020000d4004c82d200e0b0f2a10080d2020180d2a30080d2a40080d2020000d420489fd20080b0f2810080d2220148e8209e61cf70d1a58192ef7880d2430180d2840080d2020000d400c0231e0040611e000c00780000c093c0035fd682000000000000002800000000000000040000000000000001000000000000008a000000000000004600000000000000180000000000000002000000370300006e00000000000000300000000000000000000808000000008800000000000000010100000000000002000000000000006e0000000000000030000000000000000400000000000000160d00000000000001000000000000000000000000000000820000000000000028000000000000000400000000000000040000000000000008000000000000004600000000000000180000000000000000000000df010000be000000000000001800000000000000e9dc1300000030604600000000000000180000000000000002000000b00200006e00000000000000300000000000000000000a08000000008003000000000000080000000000000008000000000000001e000000000000004000000000000000050000840000000003000000000000000500000000000000d2000000000000000000000000000000030000000000000082000000000000002800000000000000000000000000000000000000000000003001000000000000be00000000000000180000000000000000c61300000030600a000000000000008400000000000000000008d50024c09a007008d5409397d20080b8f2610180d2e20180d2a30180d2440080d2020000d4008e9ed20020b0f2810080d2220080d2e30080d2c40080d2020000d4000028d540fd93d20040b8f2a10180d2620180d2630080d2c40180d2020000d4007008d500f4006f000008d5c0035fd6aa0000000000000028000000000000000a000100000007000000000000000f0000000300000000004600000000000000180000000000000000000000fc02000046000000000000001800000000000000020000005203000046000000000000001800000000000000000000002d030000aa0000000000000028000000000000000501030000000d00000000000000090000000400000000001400000000000000200000000000000041c61300000030600d0000000000000022010000000000004000000000000000ffff000000000000e60000000000000007000000000000000a0000000000000004000000000000002b03000000000000aa0000000000000028000000000000000e00020000000a0000009800000004000000030000000000"], 0x5c0}], 0x1, 0x0, &(0x7f0000000180)=[@featur1={0x1, 0x8}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000180)=0x10}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@other={0x4, 0x0}) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r15 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r15, 0x4008ae6a, &(0x7f0000000400)=ANY=[@ANYBLOB="030000000000000001feffff02000000000000000000000003000000000000000000000000000000000000000000000000000000000005000000030000000000012ea6dee4c937d0000000000000050000000000000001000000000000003a000000040000000000faffffffffffefff010000000000000001000080f6ffffff000000000000000000000000000000000000000000007d67c3a5172b6c7f9c23dda86d8d69f14b616bd46ffdf57bc8"]) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000f80)=[@msr={0x14, 0x20, {0x6030000000139828, 0x7}}, @smc={0x1e, 0x40, {0x10, [0x5, 0x52, 0x7ff, 0xaf8, 0x80000001]}}, @smc={0x1e, 0x40, {0x30000000, [0x8000000000000001, 0x8, 0x2, 0x67]}}, @mrs={0xbe, 0x18, {0x603000000013dea5}}, @uexit={0x0, 0x18, 0x75}, @irq_setup={0x46, 0x18, {0x3, 0x28e}}, @irq_setup={0x46, 0x18, {0x3, 0x149}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xa, 0x6, 0xfe000000, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x7, 0x7, 0x9, 0x4}}, @svc={0x122, 0x40, {0x30000000, [0x6, 0x0, 0x6, 0x8]}}, @svc={0x122, 0x40, {0x80, [0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x22, 0xef69]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x200, 0x7fffffff, 0x3}}, @msr={0x14, 0x20, {0x603000000013c65b, 0xc81}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x0, 0xf, 0x7f, 0x0, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x4, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013c016}}, @svc={0x122, 0x40, {0x84000005, [0x0, 0x65, 0xc, 0x7, 0xc8e9]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0x5, 0x8, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c10a}}, @smc={0x1e, 0x40, {0x80, [0x5, 0x6, 0x6c9, 0xfffffffffffffff9, 0xdd3]}}, @code={0xa, 0x6c, {"007008d5208790d20000b8f2e10180d2420180d2c30080d2440080d2020000d400001fd60060a00da0a28fd20060b0f2410080d2a20080d2e30180d2a40180d2020000d4008008d5000008d51f0000ea007008d50064200e"}}, @code={0xa, 0x9c, {"0000809220a782d20020b8f2210080d2820080d2630180d2640180d2020000d4000008d580519bd20000b8f2810080d2620080d2c30080d2040080d2020000d40020bf0d0020800d00eca02e80e49cd200e0b0f2410080d2420180d2c30180d2a40180d2020000d40020000ec0cb8fd200a0b0f2610180d2e20080d2230180d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x300, 0x9, 0x2}}, @code={0xa, 0xb4, {"c04595d200c0b8f2410080d2820080d2030080d2440080d2020000d4007008d5007008d5007008d5a0ec8fd20080b8f2810180d2220080d2230080d2840180d2020000d4e0809cd20080b8f2a10180d2820180d2030180d2440180d2020000d40000004a007008d5806490d200e0b8f2210080d2820080d2630080d2040180d2020000d4e06996d200c0b8f2810080d2420180d2230180d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x10}, @smc={0x1e, 0x40, {0x0, [0x1, 0x0, 0x7, 0x3, 0x401]}}, @mrs={0xbe, 0x18, {0x603000000013c00b}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x50}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x3a5}}, @irq_setup={0x46, 0x18, {0x1, 0x147}}], 0x614}, &(0x7f0000000140)=[@featur2={0x1, 0x60}], 0x1) 33m28.250215388s ago: executing program 51 (id=270): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xcd) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e000, 0x0}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = ioctl$KVM_GET_STATS_FD_vm(r2, 0xaece) syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000003000/0x400000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0a0000000000000084000000000000000010005e00fc001b0020002f000988d200a0b8f2010180d2620080d2830080d2c40080d2020000d400048038601b91d200a0b0f2a10080d2c20180d2a30180d2a40180d2020000d4000028d5406d81d20060b0f2410080d2820180d2230080d2840080d2020000d4007008d5000008d5c0035fd6000000000000000018000000000000000600000000000000e60000000000000018000000000000000000000000000000be00000000000000180000000000000020981300000030601e000000000000004000000000000000040000c400000000080000000000000005000000000000000080000000000000090000000000000000000000000000004600000000000000180000000000000003000000260000000a000000000000009c00000000000000001e9bd20060b0f2e10080d2c20180d20300800e040180d2020000d400e09ed20020b8f2210080d2220180d2630180d2240080d2020000d4800988d20020b8f2610080d2a20080d2430180d2e40180d2020000d460e899d200e0b8f2410080d2220180d2c30080d2240080d2020000d4007008d5007008d500fc000f0040204e1f000072007008d5c0035fd60a000000000000009c00000000000000000008d500008038a0699bd200c0b0f2010180d2c20080d2030180d2e40180d2020000d4a02089d200c0b8f2010180d2020180d2030180d2a40180d2020000d4004c82d200e0b0f2a10080d2020180d2a30080d2a40080d2020000d420489fd20080b0f2810080d2220148e8209e61cf70d1a58192ef7880d2430180d2840080d2020000d400c0231e0040611e000c00780000c093c0035fd682000000000000002800000000000000040000000000000001000000000000008a000000000000004600000000000000180000000000000002000000370300006e00000000000000300000000000000000000808000000008800000000000000010100000000000002000000000000006e0000000000000030000000000000000400000000000000160d00000000000001000000000000000000000000000000820000000000000028000000000000000400000000000000040000000000000008000000000000004600000000000000180000000000000000000000df010000be000000000000001800000000000000e9dc1300000030604600000000000000180000000000000002000000b00200006e00000000000000300000000000000000000a08000000008003000000000000080000000000000008000000000000001e000000000000004000000000000000050000840000000003000000000000000500000000000000d2000000000000000000000000000000030000000000000082000000000000002800000000000000000000000000000000000000000000003001000000000000be00000000000000180000000000000000c61300000030600a000000000000008400000000000000000008d50024c09a007008d5409397d20080b8f2610180d2e20180d2a30180d2440080d2020000d4008e9ed20020b0f2810080d2220080d2e30080d2c40080d2020000d4000028d540fd93d20040b8f2a10180d2620180d2630080d2c40180d2020000d4007008d500f4006f000008d5c0035fd6aa0000000000000028000000000000000a000100000007000000000000000f0000000300000000004600000000000000180000000000000000000000fc02000046000000000000001800000000000000020000005203000046000000000000001800000000000000000000002d030000aa0000000000000028000000000000000501030000000d00000000000000090000000400000000001400000000000000200000000000000041c61300000030600d0000000000000022010000000000004000000000000000ffff000000000000e60000000000000007000000000000000a0000000000000004000000000000002b03000000000000aa0000000000000028000000000000000e00020000000a0000009800000004000000030000000000"], 0x5c0}], 0x1, 0x0, &(0x7f0000000180)=[@featur1={0x1, 0x8}], 0x1) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x3) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_ARM_VCPU_INIT(r13, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, 0x0) ioctl$KVM_SET_ONE_REG(r13, 0x4010aeac, &(0x7f00000001c0)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000180)=0x10}) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000100)=@other={0x4, 0x0}) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r3, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) r15 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r15, 0x4008ae6a, &(0x7f0000000400)=ANY=[@ANYBLOB="030000000000000001feffff02000000000000000000000003000000000000000000000000000000000000000000000000000000000005000000030000000000012ea6dee4c937d0000000000000050000000000000001000000000000003a000000040000000000faffffffffffefff010000000000000001000080f6ffffff000000000000000000000000000000000000000000007d67c3a5172b6c7f9c23dda86d8d69f14b616bd46ffdf57bc8"]) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000f80)=[@msr={0x14, 0x20, {0x6030000000139828, 0x7}}, @smc={0x1e, 0x40, {0x10, [0x5, 0x52, 0x7ff, 0xaf8, 0x80000001]}}, @smc={0x1e, 0x40, {0x30000000, [0x8000000000000001, 0x8, 0x2, 0x67]}}, @mrs={0xbe, 0x18, {0x603000000013dea5}}, @uexit={0x0, 0x18, 0x75}, @irq_setup={0x46, 0x18, {0x3, 0x28e}}, @irq_setup={0x46, 0x18, {0x3, 0x149}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x1, 0xa, 0x6, 0xfe000000, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x7, 0x7, 0x9, 0x4}}, @svc={0x122, 0x40, {0x30000000, [0x6, 0x0, 0x6, 0x8]}}, @svc={0x122, 0x40, {0x80, [0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x22, 0xef69]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x200, 0x7fffffff, 0x3}}, @msr={0x14, 0x20, {0x603000000013c65b, 0xc81}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x0, 0xf, 0x7f, 0x0, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x4, 0xc}}, @mrs={0xbe, 0x18, {0x603000000013c016}}, @svc={0x122, 0x40, {0x84000005, [0x0, 0x65, 0xc, 0x7, 0xc8e9]}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0x5, 0x8, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c10a}}, @smc={0x1e, 0x40, {0x80, [0x5, 0x6, 0x6c9, 0xfffffffffffffff9, 0xdd3]}}, @code={0xa, 0x6c, {"007008d5208790d20000b8f2e10180d2420180d2c30080d2440080d2020000d400001fd60060a00da0a28fd20060b0f2410080d2a20080d2e30180d2a40180d2020000d4008008d5000008d51f0000ea007008d50064200e"}}, @code={0xa, 0x9c, {"0000809220a782d20020b8f2210080d2820080d2630180d2640180d2020000d4000008d580519bd20000b8f2810080d2620080d2c30080d2040080d2020000d40020bf0d0020800d00eca02e80e49cd200e0b0f2410080d2420180d2c30180d2a40180d2020000d40020000ec0cb8fd200a0b0f2610180d2e20080d2230180d2c40080d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x300, 0x9, 0x2}}, @code={0xa, 0xb4, {"c04595d200c0b8f2410080d2820080d2030080d2440080d2020000d4007008d5007008d5007008d5a0ec8fd20080b8f2810180d2220080d2230080d2840180d2020000d4e0809cd20080b8f2a10180d2820180d2030180d2440180d2020000d40000004a007008d5806490d200e0b8f2210080d2820080d2630080d2040180d2020000d4e06996d200c0b8f2810080d2420180d2230180d2040180d2020000d4"}}, @uexit={0x0, 0x18, 0x10}, @smc={0x1e, 0x40, {0x0, [0x1, 0x0, 0x7, 0x3, 0x401]}}, @mrs={0xbe, 0x18, {0x603000000013c00b}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x50}}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x3a5}}, @irq_setup={0x46, 0x18, {0x1, 0x147}}], 0x614}, &(0x7f0000000140)=[@featur2={0x1, 0x60}], 0x1) 25m3.421710919s ago: executing program 0 (id=299): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x145541, 0x0) (async) openat$kvm(0x0, &(0x7f0000000200), 0x280d41, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x7) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) (async) mmap$KVM_VCPU(&(0x7f0000e74000/0x2000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0) syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x1, 0x100) (async) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8200, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x3b) r8 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x8001}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (async) r12 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200000000000000) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="be00000000000000180000000000000001c8"], 0x18}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async, rerun: 32) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r14, 0x1, 0x100) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0x80111500, 0x3b) ioctl$KVM_CREATE_VM(r16, 0x5760, 0x2000001c) ioctl$KVM_IRQ_LINE(r14, 0x4008ae61, &(0x7f0000000100)={0x1002000, 0x1}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) 24m51.91360775s ago: executing program 0 (id=301): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e) r2 = eventfd2(0x8, 0x80800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x1, r2, 0x2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x2, r2, 0x3}) r3 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000180)=[@code={0xa, 0x54, {"000028d5007008d5000008d5003c004e000028d5008008d5008008d560cb94d200a0b8f2610180d2020180d2e30080d2240080d2020000d400a4bf0d007008d5"}}, @msr={0x14, 0x20, {0x603000000013f290, 0x9}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x375}}, @eret={0xe6, 0x18, 0xb221}, @uexit={0x0, 0x18, 0xff}, @uexit={0x0, 0x18, 0x80000000000000}, @hvc={0x32, 0x40, {0xc4000004, [0xfffffffffffffe00, 0x3, 0x5, 0x0, 0x954]}}, @msr={0x14, 0x20, {0x603000000013e6c1, 0x7}}, @code={0xa, 0x54, {"008008d50060004f5f3003d5000000330000803d007008d500005fd6000c407800fc000f00b292d20080b8f2e10180d2420180d2a30180d2c40180d2020000d4"}}, @svc={0x122, 0x40, {0xc4000014, [0x7, 0x9, 0x0, 0x7, 0x76c3034e]}}, @msr={0x14, 0x20, {0x603000000013deb9, 0x7a5}}, @hvc={0x32, 0x40, {0xc4000003, [0x9, 0x8, 0xffff, 0x7, 0x3]}}, @its_setup={0x82, 0x28, {0x3, 0xb6, 0x1b2}}, @irq_setup={0x46, 0x18, {0x4, 0x11f}}, @irq_setup={0x46, 0x18, {0x4, 0x277}}, @irq_setup={0x46, 0x18, {0x2, 0xc2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x70, 0x4, 0x1}}, @msr={0x14, 0x20, {0x603000000013e18c, 0xffffffff}}, @hvc={0x32, 0x40, {0xc400000e, [0x1, 0x0, 0x1, 0x2, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x10, 0x594deba0, 0x3, 0x3}}, @eret={0xe6, 0x18}, @hvc={0x32, 0x40, {0x40, [0x3, 0x1, 0x10, 0x7, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x20e}}, @hvc={0x32, 0x40, {0x86000000, [0x27c06c06, 0x7, 0xfffffffffffffff8, 0xb, 0x3]}}, @svc={0x122, 0x40, {0x40000000, [0xff, 0x4, 0xf1, 0x80]}}, @mrs={0xbe, 0x18, {0x603000000013c112}}, @code={0xa, 0xb4, {"000020ab60f38ad200a0b8f2210080d2620180d2030180d2440080d2020000d460d59cd20020b8f2410080d2020180d2c30080d2640080d2020000d4e0c78ed200c0b0f2210180d2220080d2430180d2640080d2020000d4007008d5007008d5e07b87d20000b8f2410180d2420080d2830180d2240080d2020000d4000840fa40e880d20080b8f2e10180d2a20180d2030180d2640080d2020000d40000239e"}}, @uexit={0x0, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x48, 0x1}}, @irq_setup={0x46, 0x18, {0x1, 0x9}}, @svc={0x122, 0x40, {0x84000008, [0x3, 0x8000, 0x4, 0xc, 0x10]}}], 0x5cc}, &(0x7f0000000780)=[@featur2], 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f00000007c0)={0x0, 0x1a}) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r8 = ioctl$KVM_CREATE_VM(r7, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0x40305829, 0x0) r9 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000e31000/0x2000)=nil, 0x930, 0x1, 0x2012, r10, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r12, r13, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100038, &(0x7f0000000000)=0x78}) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) 24m49.752879134s ago: executing program 1 (id=302): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) syz_kvm_vgic_v3_setup(r1, 0x2, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 64) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x28) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r3, 0x2, 0x100) (async) eventfd2(0x1, 0x80001) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) (async, rerun: 32) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async, rerun: 32) r7 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138015, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000240)={0x3, 0xffffffffffffffff, 0x1}) (async, rerun: 64) ioctl$KVM_RUN(r8, 0xae80, 0x0) (rerun: 64) syz_kvm_assert_reg(r8, 0x6030000000138015, 0x8000) (async, rerun: 64) r9 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (rerun: 64) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000e5f000/0x3000)=nil, r10, 0x3, 0x13, r6, 0x0) (async) r11 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x29) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x3f, 0x0) (rerun: 32) 24m38.752372112s ago: executing program 0 (id=303): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r0, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0x40086602, 0x110e22ffff) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) r2 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r2, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x28) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@mrs={0xbe, 0x18, {0x6030000000139808}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r4, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000cc00000000000000e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f281018092820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4c0035fd6aa00000000000000280000000000000003010400000000000000090000000e0000000000000000003200000000000000400000000000000000000006000000000000000000000000f7780000000000000800000000000000030000000000000009000000000000001e0000000000000500000000000000000900008400000000050000000000000010000000000000007f0d0000000000000010000000000000050000000000000046000000000000001800000000000000000000005a000000be00000000000000180000000000000028981300000030601400000000000000200000000000000085c01300000030600100000001000000320000000000000040000000000000000d0000c400000000ffffffff000000000001000000000000060000000000000007000000000000000000000000000080320000000000000040000000000000000b00008400000000040000000000000008000000000000000600000000000000060000000067000000dd00000000000000be000000000000001800000000000000fe770000000000"], 0x25c}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 24m37.981089032s ago: executing program 1 (id=304): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x139000, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x0, 0x1000009, 0x40010, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r4, 0x401054d6, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x400454d0, 0x1) r5 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r8}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000001c0)={0x8080000, 0x37d03030d7a92616}) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000080)={0x4, 0x10000, 0x4, r8}) r9 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) syz_kvm_setup_cpu$arm64(r11, r12, &(0x7f0000000000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3200000000000000400000000000000002000000000000000101000000000000010400000000000008000008000000005f08000000000000010000000000000000002000000000000000468013000000306001000000000000808200000000000000280000000500000013dab3003524000000000000000300000000000000ce00"/141], 0x88}], 0x1, 0x0, &(0x7f0000000100)=[@featur1={0x1, 0x2}], 0x1) ioctl$KVM_CREATE_DEVICE(r11, 0xc00caee0, &(0x7f0000000140)={0x1, 0xffffffffffffffff, 0x97556543645e7719}) ioctl$KVM_CREATE_VM(r13, 0x400454d0, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 24m28.189343805s ago: executing program 1 (id=305): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) close(r1) ioctl$KVM_SET_GUEST_DEBUG_arm64(r2, 0x4208ae9b, &(0x7f0000000080)={0x20000, 0x0, {[0x2, 0x3, 0x4, 0x7, 0x7, 0x2, 0x9, 0x8000, 0xb, 0x7, 0x29, 0x9, 0x590, 0xe70, 0x9, 0x8], [0x6, 0xffffffff, 0x0, 0x3, 0x0, 0x80000000, 0x7ff, 0xfffffffffffffffd, 0x264f, 0x5, 0x4ed9, 0xfffffffffffffffd, 0x2, 0x3ae, 0x7f, 0x6], [0x2, 0xb, 0x18e9, 0x7, 0x4, 0x4, 0xaad, 0x4, 0x7, 0x6, 0x6, 0x0, 0x80000001, 0x5, 0x54bd, 0xfe0], [0x8, 0x1, 0x200, 0x4, 0x9, 0x4616, 0x3, 0x4, 0x1, 0x783, 0x7, 0xfffffffffffffffa, 0x0, 0x80, 0x3, 0x3]}}) close(r2) 24m24.171350421s ago: executing program 0 (id=306): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x180) ioctl$KVM_GET_DEVICE_ATTR_vm(r1, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000140)={0x1, 0x100, 0x1}}) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x20e083, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000140)=@arm64_sys={0x603000000013deb3, &(0x7f00000001c0)}) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1000000000007) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000e73000/0x2000)=nil, r8, 0x2000003, 0x11, r6, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r8, 0x2000009, 0x11, 0xffffffffffffffff, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r11, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)=@arm64_sys={0x603000000013c038, 0x0}) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) 24m18.87043493s ago: executing program 1 (id=307): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0xb6, 0x0, 0x6}) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000200)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x8, 0x2, 0x6, 0x4}}], 0x48}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) r4 = openat$kvm(0x0, &(0x7f0000000040), 0xc0002, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x7}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000280)={0x1fd, 0x1, 0x4, 0x2000, &(0x7f0000000000/0x2000)=nil}) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r11 = syz_kvm_vgic_v3_setup(r9, 0x3, 0xa0) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x1, 0x4, &(0x7f0000000000)=0x4}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) r15 = openat$kvm(0x0, &(0x7f00000000c0), 0x80480, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x22) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r16, 0x2000003, 0x11, r14, 0x0) r17 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r16, 0x2000009, 0x11, r14, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000080)={0x8000000, 0x114000}) 24m11.012320463s ago: executing program 0 (id=308): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x124c2, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x80040, 0x0) 24m3.440896687s ago: executing program 0 (id=309): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae03, 0xbb) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r9, 0x0) r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18, 0x670}, @uexit={0x0, 0x18, 0x1000}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x7fff, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0xc, 0x8, 0x34}}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x8, [0x6, 0xfff, 0x3, 0x7, 0x7ff]}}, @svc={0x122, 0x40, {0x8400000d, [0x5, 0x7, 0x2ca8, 0x8, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x2, 0x80000001, 0x2, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x10, 0x40, 0x9, 0x1}}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x8600ff01, [0xc, 0x5, 0x4, 0x0, 0x800]}}, @code={0xa, 0x9c, {"000899d20080b8f2010080d2420180d2230180d2c40080d2020000d4000028d580598bd200c0b8f2e10180d2820080d2e30080d2840180d2020000d400800088807290d20000b8f2810080d2220180d2230080d2240080d2020000d4000028d5007008d5007008d580b495d200c0b0f2610080d2420080d2230180d2640180d2020000d4007008d5"}}, @code={0xa, 0xb4, {"c09e93d20020b0f2610180d2020080d2c30080d2c40080d2020000d4008384d200e0b8f2a10080d2e20080d2e30080d2a40180d2020000d400e4005f0034200ea06584d20080b8f2610080d2c20180d2630180d2640080d2020000d440b186d200a0b0f2010180d2a20080d2630080d2c40080d2020000d4008008d5007008d5000820fc20f098d20000b0f2a10180d2e20180d2c30080d2c40080d2020000d4"}}, @smc={0x1e, 0x40, {0x86000000, [0x8, 0x7, 0x0, 0x1, 0xe]}}, @mrs={0xbe, 0x18, {0x603000000013c644}}, @uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x4, 0x3, 0x5, 0x2}}, @smc={0x1e, 0x40, {0x8000, [0xa, 0xffffffff7fffffff, 0x6, 0xb349, 0x5]}}, @code={0xa, 0xe4, {"c0048ad200c0b8f2c10180d2c20080d2a30080d2040180d2020000d460619fd200c0b0f2210080d2820080d2a30180d2240180d2020000d4800a9fd20020b8f2210080d2a20080d2c30080d2a40180d2020000d4a0b78ad20020b8f2810080d2a20180d2430180d2640080d2020000d40028200e608581d20060b8f2410080d2420180d2c30080d2840080d2020000d4c05699d20020b8f2a10180d2020080d2e30180d2640080d2020000d4e02e8dd20080b8f2e10080d2620080d2e30180d2c40180d2020000d4000028d50080df0c"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x6, 0x6, 0x100, 0x2}}, @smc={0x1e, 0x40, {0x45008045, [0x1, 0x1, 0x2, 0xe0000000, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0x86000001, [0x226, 0x9, 0x401, 0x2000000]}}, @hvc={0x32, 0x40, {0x0, [0x9, 0xfffffffffffffffe, 0x8001, 0x3, 0x5]}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1c0}}, @msr={0x14, 0x20, {0x6030000000139808, 0x1000}}, @hvc={0x32, 0x40, {0x8400000c, [0x5, 0xfff, 0x5, 0xc648000000000000, 0x2]}}, @uexit={0x0, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x4, 0x277}}, @hvc={0x32, 0x40, {0x32000000, [0xfffffffffffffff7, 0xb, 0x2d7, 0x4, 0xfffffffffffffffc]}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x80003fff, [0xe, 0x12e, 0x7, 0x5b]}}, @hvc={0x32, 0x40, {0x3f000000, [0x7ff, 0x8, 0xb, 0x3, 0x8]}}], 0x74c}, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) r12 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x29) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000000)=@arm64={0x1, 0x7f, 0x2, '\x00', 0xed2}) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r10, 0x2000000, 0x10010, r11, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MP_STATE(r16, 0x4004ae99, &(0x7f0000000180)=0x8) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_PPC_ALLOCATE_HTAB(r13, 0xc004aea7, &(0x7f0000000940)=0x4) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r17 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r17, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x4, &(0x7f00000000c0)=0x8}) 24m1.554518242s ago: executing program 1 (id=310): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000eed000/0x4000)=nil, 0x4000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r3, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r3, 0x0, 0x40032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) 23m50.549455541s ago: executing program 1 (id=311): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0x541b, 0x1) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r11, 0x603000000013df11, 0x8000) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0}) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r15, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r16, 0xae03, 0x62) mmap$KVM_VCPU(&(0x7f0000ce5000/0x4000)=nil, r15, 0x0, 0x4f932, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec5000/0x4000)=nil, 0x4000) 23m16.139991543s ago: executing program 52 (id=309): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae03, 0xbb) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3}}], 0x68}, 0x0, 0x0) r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r10, 0x3, 0x11, r9, 0x0) r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[@uexit={0x0, 0x18, 0x670}, @uexit={0x0, 0x18, 0x1000}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x280, 0x7fff, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x0, 0xc, 0x8, 0x34}}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0x8, [0x6, 0xfff, 0x3, 0x7, 0x7ff]}}, @svc={0x122, 0x40, {0x8400000d, [0x5, 0x7, 0x2ca8, 0x8, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x4, 0x2, 0x80000001, 0x2, 0x3}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x0, 0x10, 0x40, 0x9, 0x1}}, @uexit={0x0, 0x18, 0x6}, @smc={0x1e, 0x40, {0x8600ff01, [0xc, 0x5, 0x4, 0x0, 0x800]}}, @code={0xa, 0x9c, {"000899d20080b8f2010080d2420180d2230180d2c40080d2020000d4000028d580598bd200c0b8f2e10180d2820080d2e30080d2840180d2020000d400800088807290d20000b8f2810080d2220180d2230080d2240080d2020000d4000028d5007008d5007008d580b495d200c0b0f2610080d2420080d2230180d2640180d2020000d4007008d5"}}, @code={0xa, 0xb4, {"c09e93d20020b0f2610180d2020080d2c30080d2c40080d2020000d4008384d200e0b8f2a10080d2e20080d2e30080d2a40180d2020000d400e4005f0034200ea06584d20080b8f2610080d2c20180d2630180d2640080d2020000d440b186d200a0b0f2010180d2a20080d2630080d2c40080d2020000d4008008d5007008d5000820fc20f098d20000b0f2a10180d2e20180d2c30080d2c40080d2020000d4"}}, @smc={0x1e, 0x40, {0x86000000, [0x8, 0x7, 0x0, 0x1, 0xe]}}, @mrs={0xbe, 0x18, {0x603000000013c644}}, @uexit={0x0, 0x18, 0x7}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x4, 0x3, 0x5, 0x2}}, @smc={0x1e, 0x40, {0x8000, [0xa, 0xffffffff7fffffff, 0x6, 0xb349, 0x5]}}, @code={0xa, 0xe4, {"c0048ad200c0b8f2c10180d2c20080d2a30080d2040180d2020000d460619fd200c0b0f2210080d2820080d2a30180d2240180d2020000d4800a9fd20020b8f2210080d2a20080d2c30080d2a40180d2020000d4a0b78ad20020b8f2810080d2a20180d2430180d2640080d2020000d40028200e608581d20060b8f2410080d2420180d2c30080d2840080d2020000d4c05699d20020b8f2a10180d2020080d2e30180d2640080d2020000d4e02e8dd20080b8f2e10080d2620080d2e30180d2c40180d2020000d4000028d50080df0c"}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x6, 0x6, 0x100, 0x2}}, @smc={0x1e, 0x40, {0x45008045, [0x1, 0x1, 0x2, 0xe0000000, 0xffffffffffffffff]}}, @svc={0x122, 0x40, {0x86000001, [0x226, 0x9, 0x401, 0x2000000]}}, @hvc={0x32, 0x40, {0x0, [0x9, 0xfffffffffffffffe, 0x8001, 0x3, 0x5]}}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x1c0}}, @msr={0x14, 0x20, {0x6030000000139808, 0x1000}}, @hvc={0x32, 0x40, {0x8400000c, [0x5, 0xfff, 0x5, 0xc648000000000000, 0x2]}}, @uexit={0x0, 0x18, 0x5}, @irq_setup={0x46, 0x18, {0x4, 0x277}}, @hvc={0x32, 0x40, {0x32000000, [0xfffffffffffffff7, 0xb, 0x2d7, 0x4, 0xfffffffffffffffc]}}, @eret={0xe6, 0x18, 0x6}, @hvc={0x32, 0x40, {0x80003fff, [0xe, 0x12e, 0x7, 0x5b]}}, @hvc={0x32, 0x40, {0x3f000000, [0x7ff, 0x8, 0xb, 0x3, 0x8]}}], 0x74c}, &(0x7f0000000080)=[@featur2={0x1, 0x2}], 0x1) r12 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x29) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r14, 0x4040aea0, &(0x7f0000000000)=@arm64={0x1, 0x7f, 0x2, '\x00', 0xed2}) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r10, 0x2000000, 0x10010, r11, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MP_STATE(r16, 0x4004ae99, &(0x7f0000000180)=0x8) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_PPC_ALLOCATE_HTAB(r13, 0xc004aea7, &(0x7f0000000940)=0x4) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r17 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r17, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x5, 0x4, &(0x7f00000000c0)=0x8}) 23m1.10398882s ago: executing program 53 (id=311): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r7, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0x541b, 0x1) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r11, 0x603000000013df11, 0x8000) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r14, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000180)=0x8080000}) ioctl$KVM_GET_DEVICE_ATTR(r14, 0x4018aee2, &(0x7f0000000100)=@attr_other={0x0, 0x8, 0x40000000000000, 0x0}) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r15, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r16, 0xae03, 0x62) mmap$KVM_VCPU(&(0x7f0000ce5000/0x4000)=nil, r15, 0x0, 0x4f932, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec5000/0x4000)=nil, 0x4000) 11m40.462445921s ago: executing program 3 (id=349): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 32) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (rerun: 32) ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0) (async) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000540)=[@irq_setup={0x46, 0x18, {0x4, 0xca}}, @smc={0x1e, 0x40, {0x2000, [0x8000, 0x8000000000000001, 0x8000000000000000, 0xfffffffffffffff9, 0x80000001]}}, @code={0xa, 0x6c, {"40288ad20020b8f2410180d2820180d2e30180d2a40180d2020000d400e4000f0060a00d001ca02e60dc95d20020b8f2010080d2820080d2430180d2440080d2020000d400000037008008d50000641e00f8a00e00e4000f"}}, @msr={0x14, 0x20, {0x603000000013c687, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c647}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x14}}, @smc={0x1e, 0x40, {0x390051deb68ab219, [0x1, 0x4, 0x1, 0x4, 0x8]}}, @uexit={0x0, 0x18, 0x40}, @hvc={0x32, 0x40, {0x8400002b, [0x3, 0x83a, 0x7, 0xc3, 0x7]}}, @svc={0x122, 0x40, {0x6000000, [0x5, 0x4, 0x800, 0x5, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x3, 0x10, 0x6, 0x3, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x15d}}, @code={0xa, 0x6c, {"e01684d20000b8f2e10080d2a20180d2230080d2440080d2020000d4007008d5007008d500c0201e0034205e00b0200e000028d5a0289bd20060b8f2210180d2420080d2a30080d2440180d2020000d4008008d5000028d5"}}, @svc={0x122, 0x40, {0x8400000a, [0x3ff, 0x3, 0x5, 0x8, 0x45c0000000000000]}}, @svc={0x122, 0x40, {0x84000202, [0x100000000, 0x401, 0x0, 0x3, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013df5c}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0xb6}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x11e}}, @msr={0x14, 0x20, {0x397a, 0x2a3c}}, @smc={0x1e, 0x40, {0x84000004, [0xfa2, 0x81, 0x5, 0x7684, 0x5]}}, @hvc={0x32, 0x40, {0x0, [0x80, 0x4d79, 0x5, 0xaf5b, 0x1800]}}, @hvc={0x32, 0x40, {0x80003fff, [0x7, 0x4, 0xe000000000000, 0x8, 0xffffffffffffffff]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1cd}}, @msr={0x14, 0x20, {0x6030000000138075, 0xf5}}, @code={0xa, 0xcc, {"000028d5000028d500ec98d200e0b0f2810080d2c20080d2c30080d2240080d2020000d4a0fb92d200a0b0f2610080d2420080d2430080d2840080d2020000d4c0209bd20000b8f2410080d2c20180d2230180d2440180d2020000d4e07c86d20060b0f2810080d2220080d2230180d2a40080d2020000d4803391d20020b0f2610080d2020180d2c30180d2440180d2020000d4a0a394d200e0b0f2410180d2c20080d2a30080d2040080d2020000d4008008d50048201e"}}, @svc={0x122, 0x40, {0x80, [0x5, 0x800000000000000, 0x9, 0x1, 0x8001]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc35a805290d83797}}, @memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x3e, 0x6, 0x9}}, @hvc={0x32, 0x40, {0x84000052, [0xd3a, 0x4, 0x6, 0x2, 0x4019]}}], 0x674}, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r6, 0x4068aea3, &(0x7f0000000100)) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r6, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) syz_kvm_setup_cpu$arm64(r6, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11m28.609129951s ago: executing program 3 (id=351): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2b4100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x32) r2 = eventfd2(0x1, 0x80001) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x4000, 0x0, r2, 0x8}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x83) 11m21.203896119s ago: executing program 3 (id=353): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f0000000080)=@arm64_extra={0x603000000013c103, &(0x7f0000000000)=0x2}) r7 = ioctl$KVM_GET_STATS_FD_vm(r4, 0xaece) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000000c0)={0x100000, 0x6000}) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r12, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100018, &(0x7f0000000100)=0xffffffffffffffff}) ioctl$KVM_IOEVENTFD(r8, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c5}) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, r13, 0x2000001, 0x11, r7, 0x0) 11m0.93955542s ago: executing program 3 (id=355): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@mrs={0xbe, 0x18, {0x603000000013c800}}], 0x18}, 0x0, 0xfffffffffffffffb) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x4, 0x80a0000, 0x4, r2}) ioctl$KVM_CREATE_VM(r0, 0x40086602, 0x20000000) 10m48.79096088s ago: executing program 3 (id=357): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, 0x0}, &(0x7f00000001c0)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) (async) syz_kvm_vgic_v3_setup(r2, 0x2, 0x320) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 32) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async, rerun: 32) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bfd000/0x400000)=nil) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil) (async) r7 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) (async, rerun: 32) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (rerun: 32) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r9, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) (async, rerun: 32) r10 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000002c0)={0x0, &(0x7f0000000380)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x1005, 0x9}}], 0x30}, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 10m36.034007683s ago: executing program 3 (id=359): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0xd}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa2) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x31) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) 9m48.520101859s ago: executing program 54 (id=359): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000300)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0xd}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa2) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x31) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r13, 0x4010aeab, &(0x7f0000000000)=@arm64_fp_extra={0x60200000001000d1, 0x0}) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) 1m54.659892854s ago: executing program 2 (id=399): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x7, 0x15db}) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a67000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100032, &(0x7f0000000040)=0x47ebcf63}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x3ff, 0x10001}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x5, 0x0, 0x1}}) openat$kvm(0x0, &(0x7f0000000140), 0x2000, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_ASSIGN_SET_MSIX_NR(r4, 0x4008ae73, &(0x7f0000000180)={0x7, 0x15db}) (async) syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xf, 0x2}}], 0x30}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) (async) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000a67000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100032, &(0x7f0000000040)=0x47ebcf63}) (async) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x3ff, 0x10001}) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000040)={0x5, 0x0, 0x1}}) (async) 1m48.306664787s ago: executing program 5 (id=400): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0xd6d}, @irq_setup={0x46, 0x18, {0x4, 0x16f}}, @msr={0x14, 0x20, {0x603000000013c681, 0x6}}, @irq_setup={0x46, 0x18, {0x4, 0xec}}, @svc={0x122, 0x40, {0x0, [0x478c3ad5, 0x7, 0x5, 0x3, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x4, 0x1, 0x4, 0x8, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013e6d8}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x1db}}, @code={0xa, 0x9c, {"e03895d20020b0f2410180d2e20180d2030080d2240180d2020000d4007495d20080b0f2e10080d2220080d2e30080d2840080d2020000d4008008d5000028d5a03b8fd20060b8f2810180d2820080d2630080d2e40180d2020000d4007008d5008008d5000008d5000c403c60ed9fd20060b8f2c10180d2620180d2e30180d2440080d2020000d4"}}, @uexit={0x0, 0x18, 0xffffffffffffffe0}, @msr={0x14, 0x20, {0x603000000013c4cf, 0x2}}, @irq_setup={0x46, 0x18, {0x4, 0x331}}, @msr={0x14, 0x20, {0x603000000013c01c, 0xbd}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x9, 0x95, 0x6, 0x1}}, @svc={0x122, 0x40, {0x80000000, [0xc389, 0x1d03, 0x9b17, 0x7, 0x2]}}], 0x284}, &(0x7f0000000300)=[@featur2={0x1, 0x44}], 0x1) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000340)={0xa, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000003c0)=@attr_arm64={0x0, 0x8, 0x1, &(0x7f0000000380)=0x8}) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f0000000400)=0x8}) ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f0000000480)) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r3 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, r2, 0x0, 0x13, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x20000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x4) ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000500)={0x10000, 0xd1d98ed8}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_GET_SREGS(r0, 0x8000ae83, &(0x7f0000000540)) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000006c0)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000680)}) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x11) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000740)=@attr_other={0x0, 0x9, 0x6, &(0x7f0000000700)=0x8000}) r7 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) syz_kvm_vgic_v3_setup(r7, 0x2, 0x320) ioctl$KVM_GET_DEVICE_ATTR(r7, 0x4018aee2, &(0x7f00000007c0)=@attr_arm64={0x0, 0x7, 0x1, &(0x7f0000000780)=0x9}) ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000840)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000800)={0x0, 0x3ff}}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000008c0)=@attr_arm64={0x0, 0x4, 0x6, &(0x7f0000000880)=0x8}) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r2, 0x2, 0x110, r0, 0x0) r8 = eventfd2(0x8, 0x0) write$eventfd(r8, &(0x7f0000000900)=0xaa68, 0x8) ioctl$KVM_GET_REG_LIST(r7, 0xc008aeb0, &(0x7f0000000940)={0x6, [0xd4, 0x0, 0x7, 0x3, 0x9, 0x3e89]}) mmap$KVM_VCPU(&(0x7f0000ffe000/0x2000)=nil, r2, 0x1000001, 0x4000010, r7, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r6, 0x4018aee2, &(0x7f00000009c0)=@attr_other={0x0, 0x0, 0x2, &(0x7f0000000980)=0x3}) syz_kvm_setup_cpu$arm64(r7, r0, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000a80)=[{0x0, &(0x7f0000000a00)=[@irq_setup={0x46, 0x18, {0x0, 0x298}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x2, 0x0, 0xfffffff8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1200, 0x0, 0x5}}], 0x70}], 0x1, 0x0, &(0x7f0000000ac0)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r7, 0x4010ae74, &(0x7f0000000b00)={0xfffffff9, 0x9, 0x7}) 1m39.74744256s ago: executing program 2 (id=401): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@mrs={0xbe, 0x18, {0x603000000013c298}}], 0x18}, 0x0, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000100)}, 0x0, 0x0) (async) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) (async) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x2, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000200000001000000000000000e00000008000000000000ebf0f67574305f2200"/48]) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r11, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r13, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) (async) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 1m37.869207365s ago: executing program 5 (id=402): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000000), 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x18}) openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000000), 0x20}, 0x0, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000040)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x18}) (async) 1m28.46360875s ago: executing program 2 (id=403): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, r0, 0x2000008, 0x13, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, r0, 0x2000004, 0x110, r1, 0x0) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000000)=0x1) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000040)=0x7b) ioctl$KVM_SET_GUEST_DEBUG_arm64(r1, 0x4208ae9b, &(0x7f0000000080)={0x30000, 0x0, {[0x8001, 0x9, 0x1fffffffc0000000, 0x4, 0x8, 0x3, 0x800, 0x8000000000000000, 0x0, 0x10001, 0x80000001, 0x0, 0x5, 0x4, 0x3, 0x8], [0x83a, 0x7, 0x2, 0x8000000000000001, 0x0, 0x2, 0x3, 0x0, 0xfff, 0x10001, 0x6e, 0x2, 0xba, 0x5, 0x9, 0x1], [0xc, 0x10001, 0xff, 0xbc, 0x9, 0x3b, 0x100, 0xffffffffffffffff, 0x6, 0xd, 0x3, 0x7, 0x6, 0x0, 0x3, 0x7], [0x6d2ae226, 0x58380000000000, 0x8, 0x7f, 0x9, 0x2, 0xfffffffffffffffa, 0xffffffffffffffff, 0x9, 0xb, 0x80000001, 0x9, 0x8, 0x672, 0xcc, 0x8]}}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c) ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f00000002c0)={0xc0, 0x0, 0x11000}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000340)={0x10003, 0x0, &(0x7f0000ffe000/0x2000)=nil}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r5 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000003c0)={0x3, 0x0, 0x2, r5}) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000400)={0x0, 0x2}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000b3f000/0x400000)=nil) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x210000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1c) ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xf) ioctl$KVM_CAP_ARM_USER_IRQ(r7, 0x4068aea3, &(0x7f0000000480)) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000500)={0x6}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x8080, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) 1m27.025418026s ago: executing program 5 (id=404): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r2, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 1m19.819403931s ago: executing program 2 (id=405): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYRES16=r0, @ANYRES8]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) 1m18.91227655s ago: executing program 5 (id=406): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x900, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xf3) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf1) 1m10.125570426s ago: executing program 5 (id=407): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@mrs={0xbe, 0x18, {0x6030000000139808}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x280) 1m9.089440539s ago: executing program 2 (id=408): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x0, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x4, 0x220) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x2) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x64) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x21) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x2) r15 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r14, 0x0) r16 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r16, 0x40086602, 0x110e227ffe) r17 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000100)={0x0, &(0x7f0000000240)=[@uexit={0x0, 0x18, 0x3}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x2, 0x100) r18 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r18, 0x3, 0x11, r11, 0x0) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r18, 0x3, 0x11, r17, 0x0) ioctl$KVM_RUN(r17, 0xae80, 0x0) 55.549776371s ago: executing program 5 (id=409): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x32) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x26040, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xffffffffffffff0d) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x6d3) r9 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, &(0x7f0000000c40)=[@code={0xa, 0x84, {"00080078003c409300000033007008d5204f83d20060b0f2010080d2620080d2230180d2840080d2020000d4407d91d20000b8f2e10180d2420180d2a30180d2240080d2020000d40048601e00000033e06882d20040b0f2810080d2420080d2630080d2440080d2020000d4000028d5"}}, @code={0xa, 0x9c, {"007008d520ae80d20020b8f2810080d2c20180d2630180d2a40180d2020000d4604d91d20060b0f2610180d2020080d2430080d2a40180d2020000d40080200d00e992d200c0b0f2210080d2c20080d2430180d2240180d2020000d4e08181d20060b0f2410180d2820180d2a30080d2a40080d2020000d400d8a17e0820201e007008d5000008d5"}}, @smc={0x1e, 0x40, {0x80003fff, [0x7f, 0x9, 0x9, 0x4, 0xf]}}, @smc={0x1e, 0x40, {0x100, [0x10001, 0x0, 0x48, 0x2, 0x6eec]}}, @svc={0x122, 0x40, {0x8400000a, [0x401, 0xfffffffffffffff7, 0x1000, 0x8000000000000000, 0x6]}}, @smc={0x1e, 0x40, {0x8000, [0x80000000066e, 0x7, 0x1ff, 0x40, 0xb96]}}, @mrs={0xbe, 0x18, {0x603000000013de82}}, @mrs={0xbe, 0x18, {0x6030000000138046}}, @smc={0x1e, 0x40, {0x84000014, [0x8, 0x2, 0xffffffffffff1cd1, 0x4, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013da17}}, @uexit={0x0, 0x18, 0x5eb}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x198}}, @hvc={0x32, 0x40, {0xc4000007, [0x7, 0xea, 0x7, 0x1000, 0x2]}}, @eret={0xe6, 0x18, 0xb}, @svc={0x122, 0x40, {0x2, [0x2, 0x86e, 0x1, 0xc, 0x81]}}, @code={0xa, 0x84, {"007008d5802898d20080b0f2e10180d2a20080d2030180d2c40080d2020000d40020000c40558fd200c0b8f2810180d2c20080d2430180d2440180d2020000d4000008d50084bf0d0000581ea06d8cd20020b0f2a10080d2a20180d2830180d2c40180d2020000d40080209b0000651e"}}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x0, 0xd1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x337}}, @code={0xa, 0x9c, {"008008d5a01d8cd20060b0f2a10080d2a20180d2030080d2840180d2020000d400c8307e007008d5c03a8fd20040b0f2a10080d2220180d2030080d2040180d2020000d4603997d200a0b8f2610180d2c20080d2e30080d2240080d2020000d4007008d5805980d200e0b8f2210080d2620180d2230180d2040080d2020000d4007008d5007008d5"}}, @msr={0x14, 0x20, {0x603000000013df43, 0xffff}}, @mrs={0xbe, 0x18, {0x603000000013c4cf}}, @hvc={0x32, 0x40, {0x3f000000, [0x81, 0x9, 0x0, 0x7, 0xd926]}}, @uexit={0x0, 0x18, 0x4}], 0x588}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000180000000000000089000000000000003200000000000000400000000000000000000003000000000700000000000000018000000000000015f8ffffffffffff07000000000000000200000000000000000000000000000018000000000000000600000000000000820000000000000028000000000000000100000000000000010000000000000061000000000000001e0000000000000040000000000000000d00008400000000010001000000000055b2000000000000fdffffffffffffff231f000000000000ffffffffffffffff82000000000000002800000000000000040000000000000001000000000000007701000000000000aa0000000000000028000000000000000300010000000f000000ff000000420000000100000000002201000000000000400000000000000000000032000000000900000000000000050000000000000000080000000000000900000000000000018000000000000046000000000000001800000000000000040000000d0000001e000000000000004000000000000000000200000000000081000000000000003f0000000000000006000000000000000500000000000000d16c0000000000000a00000000000000840000000000000040179ad20000b0f2010080d2420080d2630080d2640080d2020000d40028214e803b8dd20040b0f2c10180d2a20180d2630180d2040180d2020000d4000008d500e792d20020b0f2c10080d2020080d2c30180d2440080d2020000d40000802d007008d500fca09b007008d51f2003d5c0035fd61e000000000000004000000000000000000000860000000003000000000000000400000000000000ff0100000000000008000000000000000100010000000000e6000000000000001800000000000000080000000000000000000000000000001800000000000000ff00000000000000000000000000000018000000000000000000000000000000e60000000000000018000000000000000100000000000000220100000000000000000d0000c400000000020000000000000001000000000000000100000000000000c7b14953000000000800000000000000be00000000000000180000000000000070df130000003060"], 0x33c}], 0x1, 0x0, &(0x7f0000000080), 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 49.707671286s ago: executing program 2 (id=410): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xe5) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1c) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000340)=@attr_arm64={0x0, 0x2, 0x0, 0x0}) r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x10001, 0x1, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x2ed}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x4, 0x20) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = eventfd2(0x5, 0x800) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r14, 0x8}) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r14, 0x2}) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r14, 0x6}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) eventfd2(0x0, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x31) 8.316445619s ago: executing program 55 (id=409): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x2, 0x9, 0x0, 0x80}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x9) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x32) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x26040, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xffffffffffffff0d) ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x6d3) r9 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000300)={0x0, &(0x7f0000000c40)=[@code={0xa, 0x84, {"00080078003c409300000033007008d5204f83d20060b0f2010080d2620080d2230180d2840080d2020000d4407d91d20000b8f2e10180d2420180d2a30180d2240080d2020000d40048601e00000033e06882d20040b0f2810080d2420080d2630080d2440080d2020000d4000028d5"}}, @code={0xa, 0x9c, {"007008d520ae80d20020b8f2810080d2c20180d2630180d2a40180d2020000d4604d91d20060b0f2610180d2020080d2430080d2a40180d2020000d40080200d00e992d200c0b0f2210080d2c20080d2430180d2240180d2020000d4e08181d20060b0f2410180d2820180d2a30080d2a40080d2020000d400d8a17e0820201e007008d5000008d5"}}, @smc={0x1e, 0x40, {0x80003fff, [0x7f, 0x9, 0x9, 0x4, 0xf]}}, @smc={0x1e, 0x40, {0x100, [0x10001, 0x0, 0x48, 0x2, 0x6eec]}}, @svc={0x122, 0x40, {0x8400000a, [0x401, 0xfffffffffffffff7, 0x1000, 0x8000000000000000, 0x6]}}, @smc={0x1e, 0x40, {0x8000, [0x80000000066e, 0x7, 0x1ff, 0x40, 0xb96]}}, @mrs={0xbe, 0x18, {0x603000000013de82}}, @mrs={0xbe, 0x18, {0x6030000000138046}}, @smc={0x1e, 0x40, {0x84000014, [0x8, 0x2, 0xffffffffffff1cd1, 0x4, 0x7]}}, @mrs={0xbe, 0x18, {0x603000000013da17}}, @uexit={0x0, 0x18, 0x5eb}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x198}}, @hvc={0x32, 0x40, {0xc4000007, [0x7, 0xea, 0x7, 0x1000, 0x2]}}, @eret={0xe6, 0x18, 0xb}, @svc={0x122, 0x40, {0x2, [0x2, 0x86e, 0x1, 0xc, 0x81]}}, @code={0xa, 0x84, {"007008d5802898d20080b0f2e10180d2a20080d2030180d2c40080d2020000d40020000c40558fd200c0b8f2810180d2c20080d2430180d2440180d2020000d4000008d50084bf0d0000581ea06d8cd20020b0f2a10080d2a20180d2830180d2c40180d2020000d40080209b0000651e"}}, @uexit={0x0, 0x18, 0x7}, @irq_setup={0x46, 0x18, {0x0, 0xd1}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x337}}, @code={0xa, 0x9c, {"008008d5a01d8cd20060b0f2a10080d2a20180d2030080d2840180d2020000d400c8307e007008d5c03a8fd20040b0f2a10080d2220180d2030080d2040180d2020000d4603997d200a0b8f2610180d2c20080d2e30080d2240080d2020000d4007008d5805980d200e0b8f2210080d2620180d2230180d2040080d2020000d4007008d5007008d5"}}, @msr={0x14, 0x20, {0x603000000013df43, 0xffff}}, @mrs={0xbe, 0x18, {0x603000000013c4cf}}, @hvc={0x32, 0x40, {0x3f000000, [0x81, 0x9, 0x0, 0x7, 0xd926]}}, @uexit={0x0, 0x18, 0x4}], 0x588}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r7, 0x1, 0x100) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000000)={0x0, &(0x7f0000000040)=[@smc={0x1e, 0x40, {0x8400000e, [0x99b, 0x100000003, 0x5, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r15, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000180000000000000089000000000000003200000000000000400000000000000000000003000000000700000000000000018000000000000015f8ffffffffffff07000000000000000200000000000000000000000000000018000000000000000600000000000000820000000000000028000000000000000100000000000000010000000000000061000000000000001e0000000000000040000000000000000d00008400000000010001000000000055b2000000000000fdffffffffffffff231f000000000000ffffffffffffffff82000000000000002800000000000000040000000000000001000000000000007701000000000000aa0000000000000028000000000000000300010000000f000000ff000000420000000100000000002201000000000000400000000000000000000032000000000900000000000000050000000000000000080000000000000900000000000000018000000000000046000000000000001800000000000000040000000d0000001e000000000000004000000000000000000200000000000081000000000000003f0000000000000006000000000000000500000000000000d16c0000000000000a00000000000000840000000000000040179ad20000b0f2010080d2420080d2630080d2640080d2020000d40028214e803b8dd20040b0f2c10180d2a20180d2630180d2040180d2020000d4000008d500e792d20020b0f2c10080d2020080d2c30180d2440080d2020000d40000802d007008d500fca09b007008d51f2003d5c0035fd61e000000000000004000000000000000000000860000000003000000000000000400000000000000ff0100000000000008000000000000000100010000000000e6000000000000001800000000000000080000000000000000000000000000001800000000000000ff00000000000000000000000000000018000000000000000000000000000000e60000000000000018000000000000000100000000000000220100000000000000000d0000c400000000020000000000000001000000000000000100000000000000c7b14953000000000800000000000000be00000000000000180000000000000070df130000003060"], 0x33c}], 0x1, 0x0, &(0x7f0000000080), 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 0s ago: executing program 56 (id=410): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0xe5) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1c) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r8, 0x4018aee3, &(0x7f0000000340)=@attr_arm64={0x0, 0x2, 0x0, 0x0}) r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@its_setup={0x82, 0x28, {0x10001, 0x1, 0x1}}, @irq_setup={0x46, 0x18, {0x3, 0x2ed}}], 0x40}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x4, 0x20) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = eventfd2(0x5, 0x800) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000040)={0x5, 0x8080000, 0x2, r14, 0x8}) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f00000000c0)={0x8000000008000800, 0x0, 0x0, r14, 0x2}) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r14, 0x6}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) eventfd2(0x0, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r15, 0xae01, 0x31) kernel console output (not intermixed with test programs): [ 373.217112][ T3151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 432.238550][ T3151] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:8086' (ED25519) to the list of known hosts. [ 582.355801][ T25] audit: type=1400 audit(581.580:61): avc: denied { name_bind } for pid=3307 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 584.741888][ T25] audit: type=1400 audit(583.970:62): avc: denied { execute } for pid=3308 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 584.768018][ T25] audit: type=1400 audit(584.000:63): avc: denied { execute_no_trans } for pid=3308 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 604.062306][ T25] audit: type=1400 audit(603.290:64): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 604.096955][ T25] audit: type=1400 audit(603.320:65): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 604.179752][ T3308] cgroup: Unknown subsys name 'net' [ 604.231603][ T25] audit: type=1400 audit(603.460:66): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 604.621913][ T3308] cgroup: Unknown subsys name 'cpuset' [ 604.722954][ T3308] cgroup: Unknown subsys name 'rlimit' [ 605.632540][ T25] audit: type=1400 audit(604.860:67): avc: denied { setattr } for pid=3308 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 605.650997][ T25] audit: type=1400 audit(604.880:68): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 605.677668][ T25] audit: type=1400 audit(604.900:69): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 606.863041][ T3311] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 606.882456][ T25] audit: type=1400 audit(606.110:70): avc: denied { relabelto } for pid=3311 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 606.902589][ T25] audit: type=1400 audit(606.130:71): avc: denied { write } for pid=3311 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 607.071774][ T25] audit: type=1400 audit(606.300:72): avc: denied { read } for pid=3308 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.090936][ T25] audit: type=1400 audit(606.320:73): avc: denied { open } for pid=3308 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.139820][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 660.333148][ T25] audit: type=1400 audit(659.560:74): avc: denied { execmem } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 664.850975][ T25] audit: type=1400 audit(664.060:75): avc: denied { read } for pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 664.869022][ T25] audit: type=1400 audit(664.100:76): avc: denied { open } for pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 664.975545][ T25] audit: type=1400 audit(664.190:77): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 665.242076][ T25] audit: type=1400 audit(664.470:78): avc: denied { module_request } for pid=3319 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 666.326251][ T25] audit: type=1400 audit(665.550:79): avc: denied { sys_module } for pid=3320 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 689.866454][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 690.101129][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 690.337925][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 690.750146][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.486754][ T3320] hsr_slave_0: entered promiscuous mode [ 706.530898][ T3320] hsr_slave_1: entered promiscuous mode [ 708.395912][ T3319] hsr_slave_0: entered promiscuous mode [ 708.438065][ T3319] hsr_slave_1: entered promiscuous mode [ 708.480371][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 708.495586][ T3319] Cannot create hsr debugfs directory [ 713.665949][ T25] audit: type=1400 audit(712.890:80): avc: denied { create } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.717776][ T25] audit: type=1400 audit(712.930:81): avc: denied { write } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.743321][ T25] audit: type=1400 audit(712.970:82): avc: denied { read } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.880754][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 714.053422][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 714.223304][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 714.488250][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 715.929441][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 716.112491][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 716.332140][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 716.561869][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 728.410477][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.842099][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 785.137929][ T3320] veth0_vlan: entered promiscuous mode [ 785.537897][ T3320] veth1_vlan: entered promiscuous mode [ 787.416488][ T3319] veth0_vlan: entered promiscuous mode [ 787.557661][ T3320] veth0_macvtap: entered promiscuous mode [ 787.987457][ T3320] veth1_macvtap: entered promiscuous mode [ 788.321410][ T3319] veth1_vlan: entered promiscuous mode [ 790.188276][ T3412] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.309377][ T3412] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.313226][ T3412] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.341296][ T3412] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 790.948845][ T3319] veth0_macvtap: entered promiscuous mode [ 791.558645][ T3319] veth1_macvtap: entered promiscuous mode [ 792.716207][ T25] audit: type=1400 audit(791.940:83): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 792.952720][ T25] audit: type=1400 audit(792.150:84): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.8dzpud/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 793.131152][ T25] audit: type=1400 audit(792.340:85): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 793.445954][ T25] audit: type=1400 audit(792.650:86): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.8dzpud/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 793.627613][ T25] audit: type=1400 audit(792.800:87): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.8dzpud/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 793.838999][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.859031][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.862784][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.973062][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.099696][ T25] audit: type=1400 audit(793.270:88): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 794.358033][ T25] audit: type=1400 audit(793.580:89): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 794.469392][ T25] audit: type=1400 audit(793.700:90): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 794.763314][ T25] audit: type=1400 audit(793.990:91): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 794.886067][ T25] audit: type=1400 audit(794.110:92): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 796.427818][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 805.025922][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 805.041866][ T25] audit: type=1400 audit(804.250:97): avc: denied { read } for pid=3472 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 805.051049][ T25] audit: type=1400 audit(804.270:98): avc: denied { open } for pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 805.466214][ T25] audit: type=1400 audit(804.680:99): avc: denied { ioctl } for pid=3472 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 817.149132][ T25] audit: type=1400 audit(816.380:100): avc: denied { write } for pid=3481 comm="syz.0.4" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 821.662903][ T25] audit: type=1400 audit(820.810:101): avc: denied { execute } for pid=3486 comm="syz.1.5" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4075 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 873.303285][ T3521] kvm [3520]: Unsupported guest access at: eeef0000 [ 873.303285][ T3521] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 902.636696][ T25] audit: type=1400 audit(901.860:102): avc: denied { map } for pid=3543 comm="syz.1.25" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 968.731529][ T3594] kvm [3594]: Failed to find VMA for hva 0x21016000 [ 983.253229][ T25] audit: type=1400 audit(982.480:103): avc: denied { append } for pid=3602 comm="syz.1.41" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1049.461672][ T3638] kvm [3638]: Failed to find VMA for hva 0x20c01000 [ 1315.910356][ T3826] kvm [3824]: Unsupported guest access at: eeef0000 [ 1315.910356][ T3826] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1316.888556][ T3827] kvm [3824]: Unsupported guest access at: eeef0000 [ 1316.888556][ T3827] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 1452.048006][ T3855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1452.245174][ T3855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1456.088620][ T3858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1456.321534][ T3858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1474.570458][ T3855] hsr_slave_0: entered promiscuous mode [ 1474.669443][ T3855] hsr_slave_1: entered promiscuous mode [ 1474.729784][ T3855] debugfs: 'hsr0' already exists in 'hsr' [ 1474.735387][ T3855] Cannot create hsr debugfs directory [ 1478.645577][ T3858] hsr_slave_0: entered promiscuous mode [ 1478.697036][ T3858] hsr_slave_1: entered promiscuous mode [ 1478.725604][ T3858] debugfs: 'hsr0' already exists in 'hsr' [ 1478.728541][ T3858] Cannot create hsr debugfs directory [ 1496.532526][ T3412] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.771728][ T3412] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.900239][ T3412] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1499.260308][ T3855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1499.868345][ T3412] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1500.092874][ T3855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1500.509412][ T3855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1501.306326][ T3855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1506.877967][ T3858] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1507.220681][ T3858] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1514.370810][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1514.461966][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1514.541042][ T3412] bond0 (unregistering): Released all slaves [ 1515.354985][ T3858] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1515.879451][ T3858] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1516.616657][ T3412] hsr_slave_0: left promiscuous mode [ 1516.706131][ T3412] hsr_slave_1: left promiscuous mode [ 1517.298240][ T3412] veth1_macvtap: left promiscuous mode [ 1517.302040][ T3412] veth0_macvtap: left promiscuous mode [ 1517.319818][ T3412] veth1_vlan: left promiscuous mode [ 1517.332432][ T3412] veth0_vlan: left promiscuous mode [ 1535.732850][ T3412] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1537.072947][ T3412] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1538.367534][ T3412] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.303343][ T3412] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1556.739624][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1556.987694][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1557.220159][ T3412] bond0 (unregistering): Released all slaves [ 1559.687415][ T3412] hsr_slave_0: left promiscuous mode [ 1559.981145][ T3412] hsr_slave_1: left promiscuous mode [ 1560.653083][ T3412] veth1_macvtap: left promiscuous mode [ 1560.707086][ T3412] veth0_macvtap: left promiscuous mode [ 1560.747462][ T3412] veth1_vlan: left promiscuous mode [ 1560.756083][ T3412] veth0_vlan: left promiscuous mode [ 1577.107277][ T3855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1581.497215][ T3858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1661.300258][ T3855] veth0_vlan: entered promiscuous mode [ 1661.888380][ T3855] veth1_vlan: entered promiscuous mode [ 1664.818448][ T3855] veth0_macvtap: entered promiscuous mode [ 1665.557009][ T3855] veth1_macvtap: entered promiscuous mode [ 1665.936835][ T3858] veth0_vlan: entered promiscuous mode [ 1667.131918][ T3858] veth1_vlan: entered promiscuous mode [ 1669.597609][ T3927] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.602738][ T3927] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.637635][ T3927] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.761859][ T3927] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1672.309969][ T3858] veth0_macvtap: entered promiscuous mode [ 1673.537557][ T3858] veth1_macvtap: entered promiscuous mode [ 1677.578014][ T3661] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1677.581704][ T3661] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1677.706493][ T3661] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1677.717716][ T3661] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1766.249368][ T3881] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1767.842030][ T3881] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1769.392280][ T3881] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1771.070554][ T3881] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1789.247807][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1789.478036][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1789.627198][ T3881] bond0 (unregistering): Released all slaves [ 1792.924972][ T3881] hsr_slave_0: left promiscuous mode [ 1793.035098][ T3881] hsr_slave_1: left promiscuous mode [ 1793.776150][ T3881] veth1_macvtap: left promiscuous mode [ 1793.786566][ T3881] veth0_macvtap: left promiscuous mode [ 1793.797010][ T3881] veth1_vlan: left promiscuous mode [ 1793.846150][ T3881] veth0_vlan: left promiscuous mode [ 1873.605890][ T4091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1874.032701][ T4091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1897.791147][ T4115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1898.158620][ T4115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1907.508768][ T4091] hsr_slave_0: entered promiscuous mode [ 1907.620059][ T4091] hsr_slave_1: entered promiscuous mode [ 1925.741215][ T2113] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1927.342053][ T2113] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1929.321218][ T2113] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1931.692998][ T2113] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1935.096103][ T4091] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1936.200076][ T4091] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1938.800813][ T4091] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1940.002166][ T4115] hsr_slave_0: entered promiscuous mode [ 1940.092551][ T4115] hsr_slave_1: entered promiscuous mode [ 1940.177799][ T4115] debugfs: 'hsr0' already exists in 'hsr' [ 1940.197366][ T4115] Cannot create hsr debugfs directory [ 1940.231364][ T4091] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1951.280399][ T2113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1951.392685][ T2113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1951.535332][ T2113] bond0 (unregistering): Released all slaves [ 1953.719011][ T2113] hsr_slave_0: left promiscuous mode [ 1953.757423][ T2113] hsr_slave_1: left promiscuous mode [ 1953.929413][ T2113] veth1_macvtap: left promiscuous mode [ 1953.932778][ T2113] veth0_macvtap: left promiscuous mode [ 1953.947419][ T2113] veth1_vlan: left promiscuous mode [ 1953.952147][ T2113] veth0_vlan: left promiscuous mode [ 1979.565941][ T4115] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1980.052300][ T4115] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1980.527342][ T4115] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1981.047585][ T4115] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1996.056726][ T4091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2009.839826][ T4115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2123.947857][ T4091] veth0_vlan: entered promiscuous mode [ 2124.887913][ T4091] veth1_vlan: entered promiscuous mode [ 2127.767719][ T4091] veth0_macvtap: entered promiscuous mode [ 2128.217676][ T4091] veth1_macvtap: entered promiscuous mode [ 2131.349552][ T4262] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2131.351150][ T4262] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2131.366365][ T4262] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2131.367219][ T4262] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2141.358506][ T4115] veth0_vlan: entered promiscuous mode [ 2142.447795][ T4115] veth1_vlan: entered promiscuous mode [ 2146.287368][ T4115] veth0_macvtap: entered promiscuous mode [ 2146.944326][ T4115] veth1_macvtap: entered promiscuous mode [ 2151.104823][ T3881] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2151.105877][ T3881] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2151.138765][ T3881] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2151.150682][ T3881] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2291.371639][ T3927] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2293.693287][ T3927] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2295.759107][ T3927] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2297.931031][ T3927] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2326.178267][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2326.357456][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2326.566275][ T3927] bond0 (unregistering): Released all slaves [ 2331.237636][ T3927] hsr_slave_0: left promiscuous mode [ 2331.626690][ T3927] hsr_slave_1: left promiscuous mode [ 2332.731766][ T3927] veth1_macvtap: left promiscuous mode [ 2332.782362][ T3927] veth0_macvtap: left promiscuous mode [ 2332.831200][ T3927] veth1_vlan: left promiscuous mode [ 2332.869281][ T3927] veth0_vlan: left promiscuous mode [ 2431.261649][ T4412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2431.688158][ T4412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2440.897390][ T4419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2441.321967][ T4419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2473.760699][ T4412] hsr_slave_0: entered promiscuous mode [ 2473.879204][ T4412] hsr_slave_1: entered promiscuous mode [ 2488.789793][ T4419] hsr_slave_0: entered promiscuous mode [ 2488.878144][ T4419] hsr_slave_1: entered promiscuous mode [ 2488.978577][ T4419] debugfs: 'hsr0' already exists in 'hsr' [ 2488.994515][ T4419] Cannot create hsr debugfs directory [ 2507.368253][ T4412] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2508.706969][ T4412] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2509.183211][ T4412] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2510.152443][ T4412] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2519.525989][ T4419] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2520.177936][ T4419] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2520.831139][ T4419] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2521.579134][ T4419] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2557.327147][ T4412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2566.418049][ T4419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2621.727915][ T3881] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2623.840225][ T3881] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2625.331791][ T3881] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2627.137905][ T3881] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2650.632071][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2650.897863][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2651.020050][ T3881] bond0 (unregistering): Released all slaves [ 2656.055828][ T3881] hsr_slave_0: left promiscuous mode [ 2656.145260][ T3881] hsr_slave_1: left promiscuous mode [ 2657.018282][ T3881] veth1_macvtap: left promiscuous mode [ 2657.108591][ T3881] veth0_macvtap: left promiscuous mode [ 2657.137069][ T3881] veth1_vlan: left promiscuous mode [ 2657.138633][ T3881] veth0_vlan: left promiscuous mode [ 2760.467162][ T4412] veth0_vlan: entered promiscuous mode [ 2761.729181][ T4412] veth1_vlan: entered promiscuous mode [ 2765.457392][ T4412] veth0_macvtap: entered promiscuous mode [ 2766.001797][ T4412] veth1_macvtap: entered promiscuous mode [ 2771.278292][ T3935] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2771.639903][ T35] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2771.656677][ T35] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2771.937114][ T4419] veth0_vlan: entered promiscuous mode [ 2772.065998][ T35] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2774.006829][ T4419] veth1_vlan: entered promiscuous mode [ 2780.676039][ T4419] veth0_macvtap: entered promiscuous mode [ 2782.029581][ T4419] veth1_macvtap: entered promiscuous mode [ 2786.035305][ T3881] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2786.037929][ T3881] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2786.276607][ T3881] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2786.295798][ T3881] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3094.280387][ T3881] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3096.428944][ T3881] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3098.352742][ T3881] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3100.217592][ T3881] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3123.274685][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3123.483189][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3123.665605][ T3881] bond0 (unregistering): Released all slaves [ 3128.056317][ T3881] hsr_slave_0: left promiscuous mode [ 3128.437078][ T3881] hsr_slave_1: left promiscuous mode [ 3129.648945][ T3881] veth1_macvtap: left promiscuous mode [ 3129.650390][ T3881] veth0_macvtap: left promiscuous mode [ 3129.701032][ T3881] veth1_vlan: left promiscuous mode [ 3129.717629][ T3881] veth0_vlan: left promiscuous mode [ 3158.750671][ T3927] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3160.418393][ T3927] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3161.891097][ T3927] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3163.358556][ T3927] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3187.836286][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3188.027817][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3188.169789][ T3927] bond0 (unregistering): Released all slaves [ 3190.504939][ T3927] hsr_slave_0: left promiscuous mode [ 3190.605376][ T3927] hsr_slave_1: left promiscuous mode [ 3191.155390][ T3927] veth1_macvtap: left promiscuous mode [ 3191.158717][ T3927] veth0_macvtap: left promiscuous mode [ 3191.225923][ T3927] veth1_vlan: left promiscuous mode [ 3191.246156][ T3927] veth0_vlan: left promiscuous mode [ 3252.940961][ T4821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3253.398609][ T4821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3257.768502][ T4826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3258.113280][ T4826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3286.480820][ T4821] hsr_slave_0: entered promiscuous mode [ 3286.512963][ T4821] hsr_slave_1: entered promiscuous mode [ 3290.381262][ T4826] hsr_slave_0: entered promiscuous mode [ 3290.458706][ T4826] hsr_slave_1: entered promiscuous mode [ 3290.505209][ T4826] debugfs: 'hsr0' already exists in 'hsr' [ 3290.511266][ T4826] Cannot create hsr debugfs directory [ 3311.910398][ T4821] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 3312.817798][ T4821] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 3313.868820][ T4821] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 3315.496273][ T4821] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 3321.785563][ T4826] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 3322.241563][ T4826] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 3322.832799][ T4826] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 3323.720802][ T4826] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 3351.549032][ T4821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3358.848468][ T4826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3514.862720][ T4821] veth0_vlan: entered promiscuous mode [ 3515.831255][ T4821] veth1_vlan: entered promiscuous mode [ 3519.669561][ T4821] veth0_macvtap: entered promiscuous mode [ 3520.789396][ T4821] veth1_macvtap: entered promiscuous mode [ 3522.292205][ T4826] veth0_vlan: entered promiscuous mode [ 3524.300364][ T4826] veth1_vlan: entered promiscuous mode [ 3526.920985][ T4421] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3527.062589][ T3412] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3527.075734][ T3412] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3527.094756][ T3412] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3531.210596][ T4826] veth0_macvtap: entered promiscuous mode [ 3532.264535][ T4826] veth1_macvtap: entered promiscuous mode [ 3537.797296][ T2113] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3537.798641][ T2113] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3537.819198][ T2113] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3537.827980][ T2113] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3723.992430][ T4258] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3725.883269][ T4258] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3728.018140][ T4258] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3730.771487][ T4258] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3762.042584][ T4258] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3762.390638][ T4258] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3762.608052][ T4258] bond0 (unregistering): Released all slaves [ 3764.859571][ T4258] hsr_slave_0: left promiscuous mode [ 3764.956302][ T4258] hsr_slave_1: left promiscuous mode [ 3765.536575][ T4258] veth1_macvtap: left promiscuous mode [ 3765.560771][ T4258] veth0_macvtap: left promiscuous mode [ 3765.567027][ T4258] veth1_vlan: left promiscuous mode [ 3765.596546][ T4258] veth0_vlan: left promiscuous mode [ 3798.979957][ T4258] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3800.791755][ T4258] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3802.650050][ T4258] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3805.102852][ T4258] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3828.603002][ T4258] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3828.718869][ T4258] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3828.809589][ T4258] bond0 (unregistering): Released all slaves [ 3831.645666][ T4258] hsr_slave_0: left promiscuous mode [ 3832.224850][ T4258] hsr_slave_1: left promiscuous mode [ 3833.360594][ T4258] veth1_macvtap: left promiscuous mode [ 3833.406391][ T4258] veth0_macvtap: left promiscuous mode [ 3833.422425][ T4258] veth1_vlan: left promiscuous mode [ 3833.452338][ T4258] veth0_vlan: left promiscuous mode [ 3867.780713][ T5132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3868.011183][ T5129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3868.478809][ T5132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3869.551179][ T5129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3902.778557][ T5132] hsr_slave_0: entered promiscuous mode [ 3902.899724][ T5132] hsr_slave_1: entered promiscuous mode [ 3906.579997][ T5129] hsr_slave_0: entered promiscuous mode [ 3906.702581][ T5129] hsr_slave_1: entered promiscuous mode [ 3906.769489][ T5129] debugfs: 'hsr0' already exists in 'hsr' [ 3906.847148][ T5129] Cannot create hsr debugfs directory [ 3941.911133][ T5132] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 3942.497609][ T5132] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 3942.710965][ T5132] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 3943.168188][ T5132] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 3948.301214][ T5129] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3948.671471][ T5129] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3949.117679][ T5129] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3949.523222][ T5129] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3978.019828][ T5132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3984.201828][ T5129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4096.780405][ T5132] veth0_vlan: entered promiscuous mode [ 4097.861301][ T5132] veth1_vlan: entered promiscuous mode [ 4102.701994][ T5132] veth0_macvtap: entered promiscuous mode [ 4103.052200][ T5129] veth0_vlan: entered promiscuous mode [ 4104.102703][ T5132] veth1_macvtap: entered promiscuous mode [ 4105.082445][ T5129] veth1_vlan: entered promiscuous mode [ 4109.743218][ T4421] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4109.773105][ T4421] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4109.797038][ T4421] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4109.797899][ T4421] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4111.480727][ T5129] veth0_macvtap: entered promiscuous mode [ 4112.659432][ T5129] veth1_macvtap: entered promiscuous mode [ 4117.342171][ T3412] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4117.380177][ T3412] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4117.408235][ T3412] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4117.409339][ T3412] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4178.898689][ T5409] kvm [5409]: Failed to find VMA for hva 0x21016000 [ 4303.300584][ T3881] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4304.949013][ T3881] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4306.718725][ T3881] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4308.771387][ T3881] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4336.241099][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4336.683002][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4337.440349][ T3881] bond0 (unregistering): Released all slaves [ 4340.147809][ T3881] hsr_slave_0: left promiscuous mode [ 4340.280762][ T3881] hsr_slave_1: left promiscuous mode [ 4341.096270][ T3881] veth1_macvtap: left promiscuous mode [ 4341.128023][ T3881] veth0_macvtap: left promiscuous mode [ 4341.147473][ T3881] veth1_vlan: left promiscuous mode [ 4341.163126][ T3881] veth0_vlan: left promiscuous mode [ 4375.269179][ T3881] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4377.092598][ T3881] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4378.842574][ T3881] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4380.630798][ T3881] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4406.341113][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4406.655913][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4406.796788][ T3881] bond0 (unregistering): Released all slaves [ 4408.347540][ T3881] hsr_slave_0: left promiscuous mode [ 4408.456057][ T3881] hsr_slave_1: left promiscuous mode [ 4408.886645][ T3881] veth1_macvtap: left promiscuous mode [ 4408.902867][ T3881] veth0_macvtap: left promiscuous mode [ 4408.926572][ T3881] veth1_vlan: left promiscuous mode [ 4408.930412][ T3881] veth0_vlan: left promiscuous mode [ 4469.680428][ T5466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4470.018902][ T5466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4474.858291][ T5469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4475.192990][ T5469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4497.983181][ T5466] hsr_slave_0: entered promiscuous mode [ 4498.150130][ T5466] hsr_slave_1: entered promiscuous mode [ 4506.037560][ T5469] hsr_slave_0: entered promiscuous mode [ 4506.118872][ T5469] hsr_slave_1: entered promiscuous mode [ 4506.131724][ T5469] debugfs: 'hsr0' already exists in 'hsr' [ 4506.208820][ T5469] Cannot create hsr debugfs directory [ 4529.957328][ T5466] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 4531.456538][ T5466] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 4532.700981][ T5466] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 4533.270856][ T5466] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 4540.656035][ T5469] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 4541.111242][ T5469] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 4541.628568][ T5469] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 4542.209316][ T5469] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 4560.706744][ T5466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4569.887862][ T5469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4662.747448][ T5466] veth0_vlan: entered promiscuous mode [ 4663.610561][ T5466] veth1_vlan: entered promiscuous mode [ 4666.499984][ T5466] veth0_macvtap: entered promiscuous mode [ 4666.882200][ T5466] veth1_macvtap: entered promiscuous mode [ 4670.608583][ T3881] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4670.629316][ T4421] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4670.660390][ T4421] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4670.683482][ T4421] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4671.497989][ T5469] veth0_vlan: entered promiscuous mode [ 4673.396628][ T5469] veth1_vlan: entered promiscuous mode [ 4677.278625][ T5469] veth0_macvtap: entered promiscuous mode [ 4677.694528][ T5469] veth1_macvtap: entered promiscuous mode [ 4681.988714][ T2113] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4682.008140][ T2113] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4682.037895][ T2113] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4682.075239][ T3881] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4685.491468][ T25] audit: type=1400 audit(4684.680:104): avc: denied { setattr } for pid=5712 comm="syz.2.181" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 4859.406607][ T25] audit: type=1400 audit(4858.620:105): avc: denied { map } for pid=5828 comm="syz.2.207" path="pipe:[19819]" dev="pipefs" ino=19819 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 5052.338782][ T2113] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5056.410733][ T2113] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5058.169065][ T2113] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5060.053373][ T2113] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5080.917410][ T2113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5081.023341][ T2113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5081.132482][ T2113] bond0 (unregistering): Released all slaves [ 5083.796782][ T2113] hsr_slave_0: left promiscuous mode [ 5084.246674][ T2113] hsr_slave_1: left promiscuous mode [ 5085.188150][ T2113] veth1_macvtap: left promiscuous mode [ 5085.204331][ T2113] veth0_macvtap: left promiscuous mode [ 5085.238232][ T2113] veth1_vlan: left promiscuous mode [ 5085.258168][ T2113] veth0_vlan: left promiscuous mode [ 5121.601867][ T4421] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5123.799955][ T4421] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5125.390275][ T4421] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5126.681982][ T4421] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5144.832563][ T4421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5144.963026][ T4421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5145.086545][ T4421] bond0 (unregistering): Released all slaves [ 5147.399745][ T4421] hsr_slave_0: left promiscuous mode [ 5147.687884][ T4421] hsr_slave_1: left promiscuous mode [ 5148.305073][ T4421] veth1_macvtap: left promiscuous mode [ 5148.308406][ T4421] veth0_macvtap: left promiscuous mode [ 5148.347158][ T4421] veth1_vlan: left promiscuous mode [ 5148.350935][ T4421] veth0_vlan: left promiscuous mode [ 5219.542998][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5220.691888][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5223.750775][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5224.149553][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5257.572456][ T5925] hsr_slave_0: entered promiscuous mode [ 5257.686042][ T5925] hsr_slave_1: entered promiscuous mode [ 5260.379371][ T5930] hsr_slave_0: entered promiscuous mode [ 5260.517316][ T5930] hsr_slave_1: entered promiscuous mode [ 5260.576750][ T5930] debugfs: 'hsr0' already exists in 'hsr' [ 5260.579919][ T5930] Cannot create hsr debugfs directory [ 5296.095951][ T5925] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 5296.722183][ T5925] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 5297.338512][ T5925] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 5298.018110][ T5925] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 5304.613051][ T5930] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 5304.980169][ T5930] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 5305.373105][ T5930] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 5305.967173][ T5930] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 5331.289522][ T5925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5336.100154][ T5930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5471.826284][ T5925] veth0_vlan: entered promiscuous mode [ 5472.948037][ T5925] veth1_vlan: entered promiscuous mode [ 5477.477165][ T5930] veth0_vlan: entered promiscuous mode [ 5478.117099][ T5925] veth0_macvtap: entered promiscuous mode [ 5479.357034][ T5925] veth1_macvtap: entered promiscuous mode [ 5479.739237][ T5930] veth1_vlan: entered promiscuous mode [ 5484.505907][ T4258] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5484.765821][ T4258] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5484.780914][ T3927] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5484.782766][ T3927] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5486.891750][ T5930] veth0_macvtap: entered promiscuous mode [ 5488.388547][ T5930] veth1_macvtap: entered promiscuous mode [ 5493.780699][ T4421] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5493.786173][ T4421] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5493.825927][ T4421] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5493.848537][ T4421] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5573.522617][ T3881] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5575.337448][ T3881] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5576.692750][ T3881] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5578.223231][ T3881] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5603.369529][ T3881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5603.597327][ T3881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5603.700215][ T3881] bond0 (unregistering): Released all slaves [ 5607.866063][ T3881] hsr_slave_0: left promiscuous mode [ 5608.323341][ T3881] hsr_slave_1: left promiscuous mode [ 5609.294746][ T3881] veth1_macvtap: left promiscuous mode [ 5609.296152][ T3881] veth0_macvtap: left promiscuous mode [ 5609.299168][ T3881] veth1_vlan: left promiscuous mode [ 5609.300615][ T3881] veth0_vlan: left promiscuous mode [ 5633.059146][ T2113] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5634.598768][ T2113] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5636.133403][ T2113] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5637.161879][ T2113] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5663.407829][ T2113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 5663.731046][ T2113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 5663.967506][ T2113] bond0 (unregistering): Released all slaves [ 5666.056481][ T2113] hsr_slave_0: left promiscuous mode [ 5666.139647][ T2113] hsr_slave_1: left promiscuous mode [ 5666.620491][ T2113] veth1_macvtap: left promiscuous mode [ 5666.645869][ T2113] veth0_macvtap: left promiscuous mode [ 5666.656562][ T2113] veth1_vlan: left promiscuous mode [ 5666.665628][ T2113] veth0_vlan: left promiscuous mode [ 5728.617882][ T6224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5728.923177][ T6224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5732.302480][ T6227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5732.620964][ T6227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5756.266996][ T6224] hsr_slave_0: entered promiscuous mode [ 5756.346852][ T6224] hsr_slave_1: entered promiscuous mode [ 5760.506385][ T6227] hsr_slave_0: entered promiscuous mode [ 5760.561384][ T6227] hsr_slave_1: entered promiscuous mode [ 5760.656159][ T6227] debugfs: 'hsr0' already exists in 'hsr' [ 5760.675259][ T6227] Cannot create hsr debugfs directory [ 5790.541252][ T6224] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 5791.036388][ T6224] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 5791.497702][ T6224] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 5792.241854][ T6224] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 5796.237236][ T6227] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 5796.655996][ T6227] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 5797.057928][ T6227] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 5797.578161][ T6227] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 5818.103061][ T6224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5823.739105][ T6227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5936.491590][ T6224] veth0_vlan: entered promiscuous mode [ 5937.298564][ T6224] veth1_vlan: entered promiscuous mode [ 5940.546670][ T6224] veth0_macvtap: entered promiscuous mode [ 5941.673030][ T6224] veth1_macvtap: entered promiscuous mode [ 5943.110794][ T6227] veth0_vlan: entered promiscuous mode [ 5945.080403][ T6227] veth1_vlan: entered promiscuous mode [ 5947.139858][ T3927] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5947.143367][ T3927] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5947.279854][ T3927] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5947.287017][ T3927] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 5951.579566][ T6227] veth0_macvtap: entered promiscuous mode [ 5952.539774][ T6227] veth1_macvtap: entered promiscuous mode [ 5956.962699][ T5064] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 5956.990058][ T3927] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 5956.990935][ T3927] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 5956.991651][ T3927] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6149.683187][ T3927] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6151.467463][ T3927] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6153.154564][ T3927] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6155.527122][ T3927] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6172.578381][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6172.768570][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6172.891896][ T3927] bond0 (unregistering): Released all slaves [ 6175.119734][ T3927] hsr_slave_0: left promiscuous mode [ 6175.199538][ T3927] hsr_slave_1: left promiscuous mode [ 6175.697734][ T3927] veth1_macvtap: left promiscuous mode [ 6175.699683][ T3927] veth0_macvtap: left promiscuous mode [ 6175.729081][ T3927] veth1_vlan: left promiscuous mode [ 6175.744230][ T3927] veth0_vlan: left promiscuous mode [ 6201.920295][ T3927] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6203.241857][ T3927] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6204.621411][ T3927] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6206.202469][ T3927] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6220.790420][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6220.901025][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6220.961782][ T3927] bond0 (unregistering): Released all slaves [ 6222.197476][ T3927] hsr_slave_0: left promiscuous mode [ 6222.276531][ T3927] hsr_slave_1: left promiscuous mode [ 6222.609958][ T3927] veth1_macvtap: left promiscuous mode [ 6222.628510][ T3927] veth0_macvtap: left promiscuous mode [ 6222.640890][ T3927] veth1_vlan: left promiscuous mode [ 6222.660624][ T3927] veth0_vlan: left promiscuous mode [ 6253.381679][ T6571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6253.759857][ T6571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6258.547854][ T6578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6258.829527][ T6578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6279.578947][ T6571] hsr_slave_0: entered promiscuous mode [ 6279.650212][ T6571] hsr_slave_1: entered promiscuous mode [ 6283.811481][ T6578] hsr_slave_0: entered promiscuous mode [ 6283.851261][ T6578] hsr_slave_1: entered promiscuous mode [ 6283.915988][ T6578] debugfs: 'hsr0' already exists in 'hsr' [ 6283.918985][ T6578] Cannot create hsr debugfs directory [ 6300.638302][ T6571] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 6302.089686][ T6571] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 6303.578469][ T6571] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 6304.153368][ T6571] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 6312.070603][ T6578] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 6312.570283][ T6578] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 6313.085879][ T6578] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 6313.667102][ T6578] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 6330.809380][ T6571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6337.741294][ T6578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6435.630357][ T6571] veth0_vlan: entered promiscuous mode [ 6436.657374][ T6571] veth1_vlan: entered promiscuous mode [ 6439.510454][ T6571] veth0_macvtap: entered promiscuous mode [ 6440.029655][ T6571] veth1_macvtap: entered promiscuous mode [ 6443.442389][ T3327] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6443.455377][ T3327] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6443.467911][ T3327] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6443.506969][ T4421] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6445.308453][ T6578] veth0_vlan: entered promiscuous mode [ 6447.339268][ T6578] veth1_vlan: entered promiscuous mode [ 6451.382625][ T6578] veth0_macvtap: entered promiscuous mode [ 6451.999713][ T6578] veth1_macvtap: entered promiscuous mode [ 6455.500199][ T5933] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 6455.516750][ T5933] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 6455.552462][ T5933] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 6455.563410][ T5933] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 6692.581594][ T5064] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6694.492313][ T5064] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6697.161243][ T5064] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6699.530301][ T5064] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6728.006056][ T5064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6728.561987][ T5064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6729.038175][ T5064] bond0 (unregistering): Released all slaves [ 6732.187100][ T5064] hsr_slave_0: left promiscuous mode [ 6732.357821][ T5064] hsr_slave_1: left promiscuous mode [ 6733.221462][ T5064] veth1_macvtap: left promiscuous mode [ 6733.229477][ T5064] veth0_macvtap: left promiscuous mode [ 6733.257046][ T5064] veth1_vlan: left promiscuous mode [ 6733.276647][ T5064] veth0_vlan: left promiscuous mode [ 6828.837210][ T6949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6829.087485][ T6949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6854.471487][ T3927] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6856.176848][ T3927] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6858.008542][ T3927] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6859.528747][ T3927] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 6869.780534][ T6949] hsr_slave_0: entered promiscuous mode [ 6869.899272][ T6949] hsr_slave_1: entered promiscuous mode [ 6869.943431][ T6949] debugfs: 'hsr0' already exists in 'hsr' [ 6870.030284][ T6949] Cannot create hsr debugfs directory [ 6883.866543][ T3927] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6884.037402][ T3927] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6884.163227][ T3927] bond0 (unregistering): Released all slaves [ 6885.954923][ T3927] hsr_slave_0: left promiscuous mode [ 6886.000045][ T3927] hsr_slave_1: left promiscuous mode [ 6886.433222][ T3927] veth1_macvtap: left promiscuous mode [ 6886.437600][ T3927] veth0_macvtap: left promiscuous mode [ 6886.472126][ T3927] veth1_vlan: left promiscuous mode [ 6886.489723][ T3927] veth0_vlan: left promiscuous mode [ 6933.039449][ T6949] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 6933.427922][ T6949] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 6934.050153][ T6949] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 6934.380880][ T6949] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 6956.879117][ T7045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 6957.051767][ T6949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 6957.182842][ T7045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 6988.922181][ T7045] hsr_slave_0: entered promiscuous mode [ 6988.987769][ T7045] hsr_slave_1: entered promiscuous mode [ 7009.552151][ T7045] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7010.131046][ T7045] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7010.513366][ T7045] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7010.818284][ T7045] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7035.617545][ T7045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7053.665556][ T6949] veth0_vlan: entered promiscuous mode [ 7054.352988][ T6949] veth1_vlan: entered promiscuous mode [ 7057.732167][ T6949] veth0_macvtap: entered promiscuous mode [ 7058.388344][ T6949] veth1_macvtap: entered promiscuous mode [ 7062.021685][ T5064] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7062.055236][ T5064] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7062.070393][ T5064] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7062.100952][ T5064] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7143.469598][ T7045] veth0_vlan: entered promiscuous mode [ 7144.441550][ T7045] veth1_vlan: entered promiscuous mode [ 7147.669567][ T7045] veth0_macvtap: entered promiscuous mode [ 7148.251423][ T7045] veth1_macvtap: entered promiscuous mode [ 7151.999324][ T5933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7152.038840][ T6951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7152.070071][ T6951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7152.097700][ T6951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7359.180630][ T25] audit: type=1400 audit(7358.410:106): avc: denied { ioctl } for pid=7445 comm="syz.0.301" path="net:[4026532630]" dev="nsfs" ino=4026532630 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 7376.329214][ T7458] kvm [7458]: Failed to find VMA for hva 0x20ddd000 [ 7547.801071][ T7509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7548.229208][ T7509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7563.179634][ T7525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7563.691996][ T7525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7586.566650][ T5943] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7588.571610][ T5943] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7590.623279][ T5943] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7593.270562][ T5943] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7595.729421][ T7509] hsr_slave_0: entered promiscuous mode [ 7595.821934][ T7509] hsr_slave_1: entered promiscuous mode [ 7595.958174][ T7509] debugfs: 'hsr0' already exists in 'hsr' [ 7595.975652][ T7509] Cannot create hsr debugfs directory [ 7614.156441][ T5943] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7614.402221][ T5943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7614.549845][ T5943] bond0 (unregistering): Released all slaves [ 7616.087347][ T5943] hsr_slave_0: left promiscuous mode [ 7616.348269][ T5943] hsr_slave_1: left promiscuous mode [ 7616.976293][ T5943] veth1_macvtap: left promiscuous mode [ 7616.996989][ T5943] veth0_macvtap: left promiscuous mode [ 7617.021520][ T5943] veth1_vlan: left promiscuous mode [ 7617.035855][ T5943] veth0_vlan: left promiscuous mode [ 7645.875715][ T7525] hsr_slave_0: entered promiscuous mode [ 7645.941646][ T7525] hsr_slave_1: entered promiscuous mode [ 7649.682978][ T5943] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7651.792831][ T5943] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7654.552457][ T5943] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7656.371280][ T5943] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7675.388978][ T5943] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 7675.560682][ T5943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 7675.687373][ T5943] bond0 (unregistering): Released all slaves [ 7677.227779][ T5943] hsr_slave_0: left promiscuous mode [ 7677.271016][ T5943] hsr_slave_1: left promiscuous mode [ 7677.599810][ T5943] veth1_macvtap: left promiscuous mode [ 7677.605155][ T5943] veth0_macvtap: left promiscuous mode [ 7677.609203][ T5943] veth1_vlan: left promiscuous mode [ 7677.628391][ T5943] veth0_vlan: left promiscuous mode [ 7697.815825][ T7509] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 7699.749014][ T7509] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 7701.335803][ T7509] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 7701.973468][ T7509] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 7710.571725][ T7525] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 7710.990584][ T7525] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 7711.599251][ T7525] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 7712.044944][ T7525] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 7730.172804][ T7509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7738.319513][ T7525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7838.060192][ T7509] veth0_vlan: entered promiscuous mode [ 7838.892955][ T7509] veth1_vlan: entered promiscuous mode [ 7841.820429][ T7509] veth0_macvtap: entered promiscuous mode [ 7842.389242][ T7509] veth1_macvtap: entered promiscuous mode [ 7845.207568][ T7599] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7845.212237][ T7599] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7845.265454][ T7599] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7845.282978][ T5943] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7849.142448][ T7525] veth0_vlan: entered promiscuous mode [ 7850.226638][ T7525] veth1_vlan: entered promiscuous mode [ 7853.971515][ T7525] veth0_macvtap: entered promiscuous mode [ 7854.591799][ T7525] veth1_macvtap: entered promiscuous mode [ 7858.395781][ T4262] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7858.419323][ T5933] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7858.420245][ T5933] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7858.420937][ T5933] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 8032.457466][ T25] audit: type=1400 audit(8031.680:107): avc: denied { execute } for pid=7873 comm="syz.2.334" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 8294.128103][ T7560] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8296.822637][ T7560] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8299.318077][ T7560] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8301.612433][ T7560] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8333.232218][ T7560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 8333.590785][ T7560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 8333.781540][ T7560] bond0 (unregistering): Released all slaves [ 8336.256368][ T7560] hsr_slave_0: left promiscuous mode [ 8336.348830][ T7560] hsr_slave_1: left promiscuous mode [ 8336.998226][ T7560] veth1_macvtap: left promiscuous mode [ 8337.006709][ T7560] veth0_macvtap: left promiscuous mode [ 8337.029051][ T7560] veth1_vlan: left promiscuous mode [ 8337.041983][ T7560] veth0_vlan: left promiscuous mode [ 8438.870536][ T8013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 8439.288907][ T8013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 8475.781544][ T8013] hsr_slave_0: entered promiscuous mode [ 8475.920804][ T8013] hsr_slave_1: entered promiscuous mode [ 8476.026341][ T8013] debugfs: 'hsr0' already exists in 'hsr' [ 8476.046420][ T8013] Cannot create hsr debugfs directory [ 8506.733175][ T8013] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 8507.180784][ T8013] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 8507.522239][ T8013] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 8507.933301][ T8013] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 8540.122644][ T8013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 8685.706225][ T8013] veth0_vlan: entered promiscuous mode [ 8686.451601][ T8013] veth1_vlan: entered promiscuous mode [ 8689.776206][ T8013] veth0_macvtap: entered promiscuous mode [ 8690.368067][ T8013] veth1_macvtap: entered promiscuous mode [ 8693.767643][ T4262] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 8693.787370][ T7560] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 8693.914869][ T3881] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 8693.935203][ T3881] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 8905.438747][ T7560] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8908.441643][ T7560] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8910.192099][ T7560] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8911.370470][ T7560] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8934.631563][ T7560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 8935.073045][ T7560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 8935.317260][ T7560] bond0 (unregistering): Released all slaves [ 8938.094775][ T7560] hsr_slave_0: left promiscuous mode [ 8938.177676][ T7560] hsr_slave_1: left promiscuous mode [ 8938.865140][ T7560] veth1_macvtap: left promiscuous mode [ 8938.866424][ T7560] veth0_macvtap: left promiscuous mode [ 8938.887542][ T7560] veth1_vlan: left promiscuous mode [ 8938.918011][ T7560] veth0_vlan: left promiscuous mode [ 8962.798547][ T5064] ================================================================== [ 8962.800375][ T5064] BUG: KASAN: slab-use-after-free in __linkwatch_run_queue+0x658/0x8d4 [ 8962.802007][ T5064] Read of size 1 at addr ebf0000018a62ca1 by task kworker/u4:10/5064 [ 8962.802260][ T5064] Pointer tag: [eb], memory tag: [fe] [ 8962.802386][ T5064] [ 8962.803398][ T5064] CPU: 0 UID: 0 PID: 5064 Comm: kworker/u4:10 Not tainted syzkaller #0 PREEMPT [ 8962.803968][ T5064] Hardware name: linux,dummy-virt (DT) [ 8962.804377][ T5064] Workqueue: events_unbound linkwatch_event [ 8962.805135][ T5064] Call trace: [ 8962.805514][ T5064] show_stack+0x2c/0x3c (C) [ 8962.806105][ T5064] __dump_stack+0x30/0x40 [ 8962.806375][ T5064] dump_stack_lvl+0xd8/0x12c [ 8962.806577][ T5064] print_address_description+0xac/0x288 [ 8962.806832][ T5064] print_report+0x84/0xa0 [ 8962.807065][ T5064] kasan_report+0xb0/0x110 [ 8962.807322][ T5064] kasan_tag_mismatch+0x28/0x3c [ 8962.807593][ T5064] __hwasan_tag_mismatch+0x30/0x60 [ 8962.807835][ T5064] __linkwatch_run_queue+0x658/0x8d4 [ 8962.808053][ T5064] linkwatch_event+0x30/0x40 [ 8962.808286][ T5064] process_one_work+0x954/0x1a18 [ 8962.808565][ T5064] worker_thread+0xb58/0x11b8 [ 8962.808827][ T5064] kthread+0x794/0x9a0 [ 8962.809054][ T5064] ret_from_fork+0x10/0x20 [ 8962.809543][ T5064] [ 8962.809660][ T5064] Freed by task 7560: [ 8962.809958][ T5064] kasan_save_stack+0x40/0x6c [ 8962.810225][ T5064] save_stack_info+0x30/0x138 [ 8962.810458][ T5064] kasan_save_free_info+0x18/0x24 [ 8962.810677][ T5064] __kasan_slab_free+0x64/0x68 [ 8962.810864][ T5064] kfree+0x148/0x44c [ 8962.811052][ T5064] kvfree+0x30/0x40 [ 8962.811265][ T5064] netdev_release+0x9c/0xd0 [ 8962.811467][ T5064] device_release+0xb8/0x2a4 [ 8962.811730][ T5064] kobject_put+0x358/0x518 [ 8962.811933][ T5064] netdev_run_todo+0xe54/0xfd8 [ 8962.812165][ T5064] rtnl_unlock+0x14/0x20 [ 8962.812386][ T5064] default_device_exit_batch+0xaf4/0xb74 [ 8962.812636][ T5064] ops_undo_list+0x544/0xa08 [ 8962.812840][ T5064] cleanup_net+0x48c/0x868 [ 8962.813030][ T5064] process_one_work+0x954/0x1a18 [ 8962.813282][ T5064] worker_thread+0xb58/0x11b8 [ 8962.813521][ T5064] kthread+0x794/0x9a0 [ 8962.813715][ T5064] ret_from_fork+0x10/0x20 [ 8962.813951][ T5064] [ 8962.814039][ T5064] The buggy address belongs to the object at fff0000018a62000 [ 8962.814039][ T5064] which belongs to the cache kmalloc-cg-4k of size 4096 [ 8962.814239][ T5064] The buggy address is located 3233 bytes inside of [ 8962.814239][ T5064] 4096-byte region [fff0000018a62000, fff0000018a63000) [ 8962.814438][ T5064] [ 8962.814587][ T5064] The buggy address belongs to the physical page: [ 8962.815870][ T5064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xebf0000018a62000 pfn:0x58a60 [ 8962.816397][ T5064] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 8962.816584][ T5064] memcg:edf000001dc0b681 [ 8962.816736][ T5064] flags: 0x1ffc00000000240(workingset|head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 8962.817486][ T5064] page_type: f5(slab) [ 8962.818166][ T5064] raw: 01ffc00000000240 28f000000cc09000 ffffc1ffc06f4a10 ffffc1ffc093e210 [ 8962.818408][ T5064] raw: ebf0000018a62000 0000000000080003 00000000f5000000 edf000001dc0b681 [ 8962.818660][ T5064] head: 01ffc00000000240 28f000000cc09000 ffffc1ffc06f4a10 ffffc1ffc093e210 [ 8962.818825][ T5064] head: ebf0000018a62000 0000000000080003 00000000f5000000 edf000001dc0b681 [ 8962.818985][ T5064] head: 01ffc00000000003 ffffc1ffc0629801 00000000ffffffff 00000000ffffffff [ 8962.819150][ T5064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 8962.819278][ T5064] page dumped because: kasan: bad access detected [ 8962.819404][ T5064] [ 8962.819493][ T5064] Memory state around the buggy address: [ 8962.819850][ T5064] fff0000018a62a00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8962.820043][ T5064] fff0000018a62b00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8962.820240][ T5064] >fff0000018a62c00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8962.820387][ T5064] ^ [ 8962.820626][ T5064] fff0000018a62d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8962.820791][ T5064] fff0000018a62e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8962.820980][ T5064] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 8963.178272][ T5064] Disabling lock debugging due to kernel taint [ 8969.612665][ T7560] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8970.091349][ T7560] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8970.730596][ T7560] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8971.217890][ T7560] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 8980.096093][ T7560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 8980.259729][ T7560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 8980.376090][ T7560] bond0 (unregistering): Released all slaves [ 8981.557463][ T7560] hsr_slave_0: left promiscuous mode [ 8981.581412][ T7560] hsr_slave_1: left promiscuous mode [ 8981.774336][ T7560] veth1_macvtap: left promiscuous mode [ 8981.777380][ T7560] veth0_macvtap: left promiscuous mode [ 8981.795840][ T7560] veth1_vlan: left promiscuous mode [ 8981.799911][ T7560] veth0_vlan: left promiscuous mode [ 8991.502170][ T7560] bond0 (unregistering): Released all slaves [ 8992.553356][ T7560] bond0 (unregistering): Released all slaves VM DIAGNOSIS: 13:45:12 Registers: info registers vcpu 0 CPU#0 PC=ffff800080cb08cc X00=99f00000146fc000 X01=0000000000000000 X02=37f000000d8fe600 X03=00000000000a2820 X04=00000000ffffffff X05=0000000000000001 X06=0000000000000000 X07=ffff800080cb07ec X08=00000000000000ff X09=000000000000006f X10=0000000000ff0100 X11=00000000000000a6 X12=fffe800001472f2c X13=000000000000022d X14=0000000000002000 X15=ffff800080007680 X16=ffff800080010e20 X17=000000000000006f X18=00000000000000ff X19=efff800000000000 X20=0000000000000000 X21=99f00000146fc160 X22=0000000000000280 X23=0000000000000280 X24=0000000000000000 X25=c9f000000d9b9d88 X26=00000000000000c9 X27=0000000000007210 X28=0000000000000000 X29=ffff800080007a10 X30=ffff80008533bf8c SP=ffff800080007a10 PSTATE=604020c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=6572207265767265:730073250a0d0a0d Z02=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z03=0000000000000000:00ff00ff00000000 Z04=0000000000000000:000000000f0f0000 Z05=3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z06=7265747369676572:6e752820306d6973 Z07=202c315b20746573:6e75203a29676e69 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc6c41470:0000ffffc6c41470 Z17=ffffff80ffffffd8:0000ffffc6c41440 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000