last executing test programs: 29m38.948827423s ago: executing program 1 (id=421): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x8, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000000)={0x2, 0x8}) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x13, r2, 0x0) 29m31.1830306s ago: executing program 1 (id=423): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) openat$kvm(0xfffffffff5000000, &(0x7f0000000040), 0x4000, 0x0) 29m28.267881952s ago: executing program 0 (id=424): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, r0, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x400001, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0xb) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x300, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000100)=@arm64_fw={0x6030000000140000, &(0x7f0000000180)=0x1}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7000013, 0x4f833, r5, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) 29m23.081329563s ago: executing program 1 (id=425): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000000)={0x40000, 0x100000}) r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x210402, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc9, 0x3}) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000280)="d6011813013c360000000000f4ff8000802346cbd98762c7795582ba3948ecff090001000000000000000000040000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x7, 0x11, r10, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4030582b, &(0x7f0000000040)=@attr_other={0x0, 0x0, 0xfffffffffffffff7, 0x0}) r12 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r13 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x80f9c257efd1481a, 0x11, r12, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xc0189436, 0x20003fff) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x55, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x5, 0x400000000002}) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x2) ioctl$KVM_ARM_VCPU_FINALIZE(r16, 0xc018ae85, 0x0) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x50) 29m15.225944264s ago: executing program 0 (id=426): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000140)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100050, &(0x7f0000000000)=0x85c7}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r6, &(0x7f0000000180)=0x5, 0xfffffde3) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@riscv64_smstateen_csr={0x8030000003020000, &(0x7f0000000000)=0x9}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r8, 0x40a0ae49, &(0x7f0000000080)={0x1ff, 0x3, 0xeeee8000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x10000}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r11 = ioctl$KVM_CREATE_VM(r10, 0x894c, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xb701, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) 29m6.740942654s ago: executing program 1 (id=427): write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0xfffffdef) openat$kvm(0xffffffffffffff9c, 0x0, 0x141201, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x8280, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000cd6000/0x4000)=nil, 0x0, 0x0, 0x10, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) r4 = openat$kvm(0x0, &(0x7f0000000100), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x10200, 0x1, 0x0, 0x2000, &(0x7f0000fed000/0x2000)=nil}) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000140)=0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r12 = eventfd2(0x0, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x1f01) write$eventfd(r12, &(0x7f0000000180)=0x5, 0xfffffde3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8200, 0x0) 29m5.570805146s ago: executing program 0 (id=428): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20000000000016) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000000)={0x7, 0x5}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x10004, 0x3, 0x3000, 0x2000, &(0x7f0000ffe000/0x2000)=nil, 0xecc, r3}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000000c0)={0xba, "3530655ca0a6c997172cb7233eed9364cc7ba3d402ea0affd570ab7fe7ce89e6415fbb10858520170e54dbfdf96ef6ee6d9562d3f1f9f89763379095298f88733d001d63defb3c44c359894babcd5728d273d0e2f961cb6428983e4b189cf9f4e46a4e56e0ae4b6d0047cec5673228d46e5b0277ae49c41f8b27c1dce4f84c113728cfb224fa27e4a6038ac9dffb71d6884ce06c9a0148ec76ddd49b34ca35aca1ac24b4bc1c2e8775a42493e89aaaa6fa51e8ee94849b044b33"}) close(r1) eventfd2(0x6, 0xc0000) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 28m57.26786908s ago: executing program 0 (id=429): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) openat$kvm(0xfffffffff8000000, &(0x7f0000000040), 0x4000, 0x0) 28m54.898902946s ago: executing program 1 (id=430): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000240)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f0000000140)=@arm64_sys={0x603000000013d801, &(0x7f0000000000)=0x8005}) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42042, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000000)={0x1000, 0x11c000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000200)={0xc000, 0x11000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r11, 0x4010ae68, &(0x7f0000000040)={0x17000, 0x13000, 0x1}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r12, 0x4018aee3, &(0x7f0000000900)=@attr_other={0x0, 0x0, 0x8000, 0x0}) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x2a) ioctl$KVM_CREATE_VM(r13, 0x400454de, 0x9) 28m51.01889781s ago: executing program 0 (id=431): r0 = syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000280)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0x8, 0x48, 0xb, 0xe6, 0x40, 0x9, 0x0, 0x81, 0x80}, {0x5000, 0xe000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xb000, 0xf, 0x3, 0x16, 0x7, 0xaa, 0x8, 0x9, 0x9, 0x77, 0x97}, {0x1, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x11, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3]}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r3, &(0x7f00000001c0)=0xffffffffffffffff, 0xfdef) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x7}) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000180)=0x6) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x100000c, 0x4d832, 0xffffffffffffffff, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000080)=0xfffffffffffffff7}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000280)=@attr_arm64={0x0, 0x4, 0x2, 0x0}) r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_ARM_PREFERRED_TARGET(r0, 0x8020aeaf, &(0x7f0000000040)) ioctl$KVM_ARM_VCPU_INIT(0xffffffffffffffff, 0x4020aeae, &(0x7f0000000200)={0x5, 0x8}) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000140)={0xd, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) write$eventfd(r10, &(0x7f00000001c0), 0xe80) 28m43.268330298s ago: executing program 1 (id=432): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f00009e9000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) r6 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x304, &(0x7f00000000c0)=0x6d5c074d}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) (async) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r7 = eventfd2(0x10000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0x4) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r7, 0x3}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r7, 0xb16b, 0x2, r7}) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r7, 0xb16b, 0x2, r7}) 28m40.993429556s ago: executing program 0 (id=433): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000140)=@arm64_sve={0x603000000013df02, 0x0}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x5000}) r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x50}}, @uexit={0x0, 0x18, 0x5f}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x32e}}, @hvc={0x32, 0x40, {0x2000000, [0x8, 0x7, 0x101, 0x3, 0x7fffffff]}}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x16d}}, @smc={0x1e, 0x40, {0xc4000814, [0x6, 0x1, 0x100000000, 0x5, 0xfffffffffffffffc]}}, @svc={0x122, 0x40, {0xc400000e, [0x21b, 0x4, 0x8, 0xfffffffffffffffe, 0x4430]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x7, 0xfff, 0xf6}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x4c6, 0x2e8336f6, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x5, 0x1, 0x7, 0x4}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x6}}, @svc={0x122, 0x40, {0x84000010, [0x6, 0x80000000, 0x1, 0x8bfc, 0x7]}}, @hvc={0x32, 0x40, {0x8400000e, [0xfcdb, 0x7fffffffffffffff, 0x2e, 0x0, 0x100000001]}}, @code={0xa, 0x9c, {"008008d5007008d50000e00d00bc85d20020b0f2610080d2620080d2c30180d2040180d2020000d4008008d5e0fe9ad20000b8f2a10180d2a20080d2a30080d2640180d2020000d4c0ee8cd20020b0f2810080d2c20180d2630080d2a40180d2020000d4007008d5006598d20000b0f2410080d2c20080d2a30180d2640180d2020000d40070000e"}}, @uexit={0x0, 0x18, 0x80000001}, @eret={0xe6, 0x18, 0x101}, @smc={0x1e, 0x40, {0xc4000014, [0x8, 0x1, 0x8, 0x80000000, 0x100]}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x3c, {"0000209b007008d5007008d5007008d50034007f007008d5008008d5007008d50078207e0000208a"}}, @eret={0xe6, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x247}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x29e}}, @irq_setup={0x46, 0x18, {0x4, 0x255}}, @svc={0x122, 0x40, {0xf5000053, [0x5, 0x8, 0x8, 0x5, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x7, 0x401, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df63}}, @svc={0x122, 0x40, {0x8400000a, [0x1, 0x6, 0x3, 0xaf, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x8, 0x4, 0x6}}], 0x540}, &(0x7f00000006c0)=[@featur2={0x1, 0xe0}], 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xb701, 0x0) ioctl$KVM_CREATE_VCPU(r15, 0x8004b707, 0x2) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r9, 0x4010aeb5, &(0x7f0000000040)={0x0, 0x8c5}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r10, 0x4018aee2, &(0x7f0000000740)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000700)=0x401}) 27m57.309157233s ago: executing program 32 (id=432): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f00009e9000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) r6 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000180)=@attr_other={0x0, 0x1, 0x304, &(0x7f00000000c0)=0x6d5c074d}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(0x0, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) (async) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r7 = eventfd2(0x10000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0x4) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r7, 0x3}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r7, 0xb16b, 0x2, r7}) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r7, 0xb16b, 0x2, r7}) 27m54.378627619s ago: executing program 33 (id=433): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r6, 0x4010aeab, &(0x7f0000000140)=@arm64_sve={0x603000000013df02, 0x0}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x5000}) r7 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000680)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x50}}, @uexit={0x0, 0x18, 0x5f}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x32e}}, @hvc={0x32, 0x40, {0x2000000, [0x8, 0x7, 0x101, 0x3, 0x7fffffff]}}, @uexit={0x0, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x3, 0x4, 0x16d}}, @smc={0x1e, 0x40, {0xc4000814, [0x6, 0x1, 0x100000000, 0x5, 0xfffffffffffffffc]}}, @svc={0x122, 0x40, {0xc400000e, [0x21b, 0x4, 0x8, 0xfffffffffffffffe, 0x4430]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x3, 0x7, 0xfff, 0xf6}}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x4c6, 0x2e8336f6, 0x3}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x5, 0x1, 0x7, 0x4}}, @msr={0x14, 0x20, {0x603000000013dce4, 0x6}}, @svc={0x122, 0x40, {0x84000010, [0x6, 0x80000000, 0x1, 0x8bfc, 0x7]}}, @hvc={0x32, 0x40, {0x8400000e, [0xfcdb, 0x7fffffffffffffff, 0x2e, 0x0, 0x100000001]}}, @code={0xa, 0x9c, {"008008d5007008d50000e00d00bc85d20020b0f2610080d2620080d2c30180d2040180d2020000d4008008d5e0fe9ad20000b8f2a10180d2a20080d2a30080d2640180d2020000d4c0ee8cd20020b0f2810080d2c20180d2630080d2a40180d2020000d4007008d5006598d20000b0f2410080d2c20080d2a30180d2640180d2020000d40070000e"}}, @uexit={0x0, 0x18, 0x80000001}, @eret={0xe6, 0x18, 0x101}, @smc={0x1e, 0x40, {0xc4000014, [0x8, 0x1, 0x8, 0x80000000, 0x100]}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x3c, {"0000209b007008d5007008d5007008d50034007f007008d5008008d5007008d50078207e0000208a"}}, @eret={0xe6, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x247}}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x29e}}, @irq_setup={0x46, 0x18, {0x4, 0x255}}, @svc={0x122, 0x40, {0xf5000053, [0x5, 0x8, 0x8, 0x5, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x7, 0x401, 0x7}}, @mrs={0xbe, 0x18, {0x603000000013df63}}, @svc={0x122, 0x40, {0x8400000a, [0x1, 0x6, 0x3, 0xaf, 0x5]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x8, 0x4, 0x6}}], 0x540}, &(0x7f00000006c0)=[@featur2={0x1, 0xe0}], 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r14 = ioctl$KVM_CREATE_VM(r13, 0x894c, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xb701, 0x0) ioctl$KVM_CREATE_VCPU(r15, 0x8004b707, 0x2) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r9, 0x4010aeb5, &(0x7f0000000040)={0x0, 0x8c5}) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r10, 0x4018aee2, &(0x7f0000000740)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000700)=0x401}) 23m22.130934734s ago: executing program 2 (id=434): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xc2881, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)=[@irq_setup={0x46, 0x18, {0x1, 0x195}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x0, 0x1, 0x36, 0x1}}, @mrs={0xbe, 0x18, {0x6030000000138037}}, @msr={0x14, 0x20, {0x603000000013e602, 0x6e23}}, @irq_setup={0x46, 0x18, {0x4, 0x360}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x3, 0x2ff}}, @uexit={0x0, 0x18, 0xbed}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0xc, 0x9, 0x80, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0xf9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x80, 0x1}}, @irq_setup={0x46, 0x18, {0x2, 0x2c8}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0xbc}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x4, 0xa, 0xf3b, 0x3, 0x2}}, @msr={0x14, 0x20, {0x603000000013c647, 0xffff}}], 0x1e0}, &(0x7f0000000180)=[@featur1={0x1, 0x10}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000240)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000001c0)={0x4, 0x2, 0x1}}) r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r11, 0x3, 0x40b2811, r10, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ebf000/0x1000)=nil, r1, 0xa, 0x1c013, r15, 0x0) 23m11.90107332s ago: executing program 3 (id=435): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x4018, 0x0) 22m35.457759407s ago: executing program 34 (id=434): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xc2881, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x101282, 0x0) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f00000002c0)=[@irq_setup={0x46, 0x18, {0x1, 0x195}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x3, 0x0, 0x1, 0x36, 0x1}}, @mrs={0xbe, 0x18, {0x6030000000138037}}, @msr={0x14, 0x20, {0x603000000013e602, 0x6e23}}, @irq_setup={0x46, 0x18, {0x4, 0x360}}, @eret={0xe6, 0x18, 0x9}, @irq_setup={0x46, 0x18, {0x3, 0x2ff}}, @uexit={0x0, 0x18, 0xbed}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0xc, 0x9, 0x80, 0x3}}, @its_setup={0x82, 0x28, {0x3, 0x4, 0xf9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xffd0, 0x80, 0x1}}, @irq_setup={0x46, 0x18, {0x2, 0x2c8}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0xbc}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x4, 0xa, 0xf3b, 0x3, 0x2}}, @msr={0x14, 0x20, {0x603000000013c647, 0xffff}}], 0x1e0}, &(0x7f0000000180)=[@featur1={0x1, 0x10}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000240)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f00000001c0)={0x4, 0x2, 0x1}}) r9 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r11, 0x3, 0x40b2811, r10, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f0000ebf000/0x1000)=nil, r1, 0xa, 0x1c013, r15, 0x0) 22m23.860376126s ago: executing program 35 (id=435): r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x4018, 0x0) 15m46.626269871s ago: executing program 4 (id=436): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0xeeee0000, 0x103000}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0xdddd0000, 0x60000, 0x300000, 0x1, 0xd3fe}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x1}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a91000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0, 0x2d}, &(0x7f0000000140)=[@featur1={0x1, 0x42}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0xfec00000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 15m30.439063633s ago: executing program 5 (id=437): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf5) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000340)=[@smc={0x1e, 0x40, {0x4000000, [0x8000000000000000, 0x1, 0x85d, 0xfffffffffffffff8, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013defa}}, @uexit={0x0, 0x18, 0xb52}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x8}}, @irq_setup={0x46, 0x18, {0x3, 0x3e}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x2, 0x4, 0x7, 0x1}}, @uexit={0x0, 0x18, 0x4724b95f}, @svc={0x122, 0x40, {0x84000053, [0x0, 0x8, 0x3, 0x0, 0x9]}}, @mrs={0xbe, 0x18, {0x6030000000138077}}, @eret={0xe6, 0x18, 0x8000000000000000}, @irq_setup={0x46, 0x18, {0x1, 0x29c}}, @svc={0x122, 0x40, {0x20, [0x8, 0x917, 0x4, 0x3, 0x400]}}, @mrs={0xbe, 0x18, {0x603000000013df4e}}, @hvc={0x32, 0x40, {0xc4000010, [0x7, 0x9, 0x4, 0x1000, 0x3]}}], 0x208}, &(0x7f00000000c0)=[@featur1={0x1, 0x12}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) 14m59.156153519s ago: executing program 36 (id=436): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0xeeee0000, 0x103000}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f00000000c0)={0xdddd0000, 0x60000, 0x300000, 0x1, 0xd3fe}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x1}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000a91000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0, 0x2d}, &(0x7f0000000140)=[@featur1={0x1, 0x42}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x2000001, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000000, 0x4f831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0xfec00000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 14m43.088599029s ago: executing program 37 (id=437): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xf5) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000000)={0x0, &(0x7f0000000340)=[@smc={0x1e, 0x40, {0x4000000, [0x8000000000000000, 0x1, 0x85d, 0xfffffffffffffff8, 0x4]}}, @mrs={0xbe, 0x18, {0x603000000013defa}}, @uexit={0x0, 0x18, 0xb52}, @msr={0x14, 0x20, {0x603000000013c2a9, 0x8}}, @irq_setup={0x46, 0x18, {0x3, 0x3e}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0x2, 0x4, 0x7, 0x1}}, @uexit={0x0, 0x18, 0x4724b95f}, @svc={0x122, 0x40, {0x84000053, [0x0, 0x8, 0x3, 0x0, 0x9]}}, @mrs={0xbe, 0x18, {0x6030000000138077}}, @eret={0xe6, 0x18, 0x8000000000000000}, @irq_setup={0x46, 0x18, {0x1, 0x29c}}, @svc={0x122, 0x40, {0x20, [0x8, 0x917, 0x4, 0x3, 0x400]}}, @mrs={0xbe, 0x18, {0x603000000013df4e}}, @hvc={0x32, 0x40, {0xc4000010, [0x7, 0x9, 0x4, 0x1000, 0x3]}}], 0x208}, &(0x7f00000000c0)=[@featur1={0x1, 0x12}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000040)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) 2m59.664510952s ago: executing program 6 (id=462): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x57fd, 0x2}}) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r5, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) munmap(&(0x7f0000000000/0x4000)=nil, 0x4000) r7 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x4}) ioctl$KVM_SET_DEVICE_ATTR(r9, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x8, 0x4, &(0x7f0000000280)=0x4f627b94}) mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r6, 0x3000003, 0x2011, r5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r8, 0x40a0ae49, &(0x7f00000002c0)={0x0, 0x3, 0xa000, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0xd, r5}) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) 2m40.328619453s ago: executing program 7 (id=463): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x8000000000000000, 0x4, 0x17d}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x40000000, 0xfffe, 0x0, 0x0, 0x10000001}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000340)={0x5}) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce9, 0x8000}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r11, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)=0x4) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r6, 0x4010aeb5, &(0x7f0000000140)={0x1}) 2m38.130280134s ago: executing program 6 (id=464): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x14, 0x9, 0xd}}, @smc={0x1e, 0x40, {0x40000000, [0x5bf73043, 0x4, 0x39, 0x7, 0x6]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xe7d0, 0x6}}], 0xa0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x4000000002b) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000ff1000/0x2000)=nil, r7, 0xa, 0x13, r6, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x2}}, @irq_setup={0x46, 0x18, {0x2, 0x1f3}}], 0x40}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) ioctl$KVM_GET_MP_STATE(r12, 0x8004ae98, &(0x7f0000000000)) r13 = eventfd2(0x0, 0x0) write$eventfd(r13, 0xffffffffffffffff, 0x0) r14 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r15, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) r16 = syz_kvm_vgic_v3_setup(r14, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x1, 0x400, &(0x7f0000000140)=0x8}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x1}) r17 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r18, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x6, 0x6, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x9, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x400000000002}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000140)={0x4, 0x0, [{0x1, 0x1, 0x0, 0x0, @adapter={0x8000000000000001, 0x8, 0x2, 0xa, 0x10}}, {0x9, 0x3, 0x0, 0x0, @adapter={0xd4ff}}, {0x0, 0x0, 0x0, 0x0, @msi}, {0x0, 0x0, 0x1, 0x0, @adapter={0x0, 0x5, 0x2, 0x7f, 0xb2d}}]}) 2m15.499556859s ago: executing program 7 (id=465): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2b) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x2513, 0x140, 0x140, &(0x7f0000000240)=[0x46be852, 0x3f01, 0x4, 0xfffffffffffffff7, 0x100, 0xfffffffffffffffe, 0x9, 0x2, 0xfff, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb, 0x1, 0x3335, 0xfffffffffffffeff, 0x3, 0x8, 0x100000001, 0xbf5, 0x0, 0x8, 0x7fff, 0xd9a, 0x2, 0xb8, 0x7, 0x8, 0x6, 0x6, 0x9, 0x8000000000000000, 0x0, 0x3, 0xc12a, 0x751b, 0x8, 0x0, 0xe0ca, 0x401, 0x3bff, 0x3, 0x1, 0x4, 0x80000001, 0x5, 0x6f, 0x6, 0x1, 0x2, 0x7, 0xe636, 0x5, 0x8, 0x5, 0x2, 0x25e, 0xfffffffffffffc00, 0x6, 0x2, 0x4, 0xabcf, 0x5, 0x100, 0x9, 0x0, 0x4, 0x7dff, 0x1, 0x3, 0x5, 0x9, 0x3, 0xb, 0x9, 0x5, 0x9, 0x85, 0x1, 0x8, 0x7, 0x5, 0x8, 0x1, 0xb, 0x9, 0x3, 0x7, 0x5, 0x100000000, 0x3, 0x0, 0x4, 0x3, 0x8, 0x0, 0x80000000, 0xacc, 0xffffffff, 0x3, 0x2, 0x8, 0x1, 0x2, 0xb, 0xfffffffffffffffd, 0xfffffffffffffff2, 0x8, 0xffffffffffffffff, 0xfffffffffffffffb, 0x2, 0x4, 0x80000000, 0x8000000000000001, 0x1, 0x5437, 0x1000, 0x4, 0x1, 0xbe, 0xb, 0x4, 0x6e1, 0xfffffffffffffff6, 0x9, 0x10000]}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x9, 0x5, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x9, 0x5, 0x0}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) (async) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x8080000, 0x106000, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x8080000, 0x106000, 0x1}) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r7 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r6, 0x2, 0x12, r5, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x4000)=nil, r6, 0x100000a, 0x12, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000001c0)="fb016b03002e5ee42ec6a29ea6ab8000000004ef0000c20cecf80a97ab78000000040000000000000000409700000000ffffffff00000000a0eb00df00", 0x0, 0xffffffffffffff69) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0xf95aa27e86bf153d, 0x2, 0xeeee0000, 0x1000, &(0x7f0000012000/0x1000)=nil}) 2m11.869614276s ago: executing program 6 (id=466): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x48) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x2}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r6, 0x4020aeae, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000006000/0x2000)=nil, r7, 0x1, 0x810, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1b37f3, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) ioctl$KVM_CREATE_VM(r8, 0x40049409, 0x6) 1m51.047709317s ago: executing program 7 (id=467): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0x80111500, 0x20000000) write$eventfd(r1, &(0x7f0000000000), 0xfffffdef) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xf, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f0000000040)={0xdddd1000, 0x8000}) 1m50.367426503s ago: executing program 6 (id=468): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3d) ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000400)={0x1ff, 0xc0, 0x100, &(0x7f0000000000)=[0x100000001, 0x1, 0x10, 0x7, 0xffffffffffffffff, 0x40d4, 0x7, 0x4f4, 0x5, 0x9, 0xffffffffffffffe3, 0x8, 0x10001, 0x100, 0x0, 0x0, 0xd, 0xff, 0x7fffffffffffffff, 0x4881, 0x101, 0xf16f, 0x0, 0x7f, 0x6e81, 0x1ff, 0x200, 0x7, 0x40, 0x4, 0x4527, 0x40, 0x2, 0x3ff, 0x1ff, 0x40000, 0x3, 0x2f2b, 0x100, 0x6, 0x4, 0x0, 0x6, 0x340, 0x7ff, 0x6, 0x4, 0x9, 0x5, 0x7, 0x5, 0xf819, 0x6, 0x9, 0x5, 0x8, 0x0, 0x8000, 0x6, 0x8, 0x2, 0xfffffffffffffff9, 0x9dd, 0xfff, 0x7, 0x8, 0x5cb, 0x6, 0x0, 0x200, 0xd, 0x9d5, 0xfffffffffffffff9, 0x81, 0x6, 0x9, 0x8000000000000001, 0x7, 0x0, 0x4, 0x8207, 0x4, 0x7, 0x5, 0x2597, 0x40, 0x1, 0x10, 0x10000, 0x7fffffff, 0x6, 0x1, 0xffff, 0x6, 0x9c9e, 0xc5, 0x3, 0x2, 0x746, 0x200, 0x7fffffffffffffff, 0x1, 0x1000, 0x7fffffffffffffff, 0x1a24, 0x7000000000000000, 0xd592, 0xfffffffffffffff7, 0x1, 0xffffffffffffb3ae, 0x5, 0x6, 0x2, 0x7, 0x7d, 0x0, 0x2, 0x2000000000000, 0x3ff, 0x0, 0x3ff, 0xd, 0x1, 0x4, 0x7, 0x3, 0x9, 0x1]}) r1 = syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CAP_ARM_MTE(r0, 0x4068aea3, &(0x7f0000000440)) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f00000004c0)={0x9f, 0x1}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e) ioctl$KVM_CAP_DIRTY_LOG_RING(r0, 0x4068aea3, &(0x7f0000000500)={0xc0, 0x0, 0x4000}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000580)={0x5, 0xffffffffffffffff, 0x1}) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000600)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0xc, &(0x7f00000005c0)=0x100000001}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r0, 0x4010aeb5, &(0x7f0000000640)={0x1, 0x7fffffffffffffff}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000680)={0xb000, 0x110000}) eventfd2(0x77, 0x1) r4 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000007c0)={0x0, &(0x7f00000006c0)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x300, 0x1, 0x11}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x7136, 0x8fd73ada30748064}}, @svc={0x122, 0x40, {0x2000, [0x9, 0x0, 0x8, 0x4, 0xe]}}, @mrs={0xbe, 0x18, {0x603000000013c118}}, @smc={0x1e, 0x40, {0x84000000, [0xffffffff80000000, 0x401, 0x2, 0xfffffffffffffff8, 0x7fff]}}], 0xf8}, &(0x7f0000000800)=[@featur1={0x1, 0x20}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000880)=@attr_other={0x0, 0x3, 0x0, &(0x7f0000000840)=0x7ef6219b}) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) syz_kvm_setup_cpu$arm64(r5, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000e00)=[{0x0, &(0x7f00000008c0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x20020, 0x9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8, 0x0, 0x2}}, @irq_setup={0x46, 0x18, {0x3, 0xf2}}, @hvc={0x32, 0x40, {0x80007fff, [0x198, 0x83, 0xf, 0x3, 0x400]}}, @smc={0x1e, 0x40, {0x4, [0x2, 0x5, 0x7ff, 0x8f, 0x10001]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x7, 0x800, 0x5}}, @irq_setup={0x46, 0x18, {0x0, 0x1d4}}, @uexit={0x0, 0x18, 0x3}, @msr={0x14, 0x20, {0x603000000013e65a, 0x1}}, @code={0xa, 0x9c, {"0000631e0024c09ae0a285d20000b8f2810080d2c20080d2c30080d2840180d2020000d4e04584d20020b8f2a10080d2420080d2430080d2e40080d2020000d400a798d200e0b0f2610080d2420080d2c30180d2440080d2020000d40070000e007008d520628cd20020b8f2010180d2620180d2e30180d2840180d2020000d4007008d5007008d5"}}, @uexit={0x0, 0x18, 0xfffffffffffffffc}, @irq_setup={0x46, 0x18, {0x1, 0x22}}, @eret={0xe6, 0x18, 0xe296e1f}, @uexit={0x0, 0x18, 0xf9}, @uexit={0x0, 0x18, 0x1}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x2, 0x7, 0x2, 0x80000001, 0x4}}, @eret={0xe6, 0x18, 0x8}, @svc={0x122, 0x40, {0x1000, [0x8, 0x5, 0xf12, 0x1, 0x8001]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x1, 0x6, 0x10, 0x6, 0x1, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x3f5}}, @hvc={0x32, 0x40, {0xc400000e, [0x1ff, 0x4, 0x3, 0x4, 0x9]}}, @svc={0x122, 0x40, {0x80008000, [0xffffffffffffffff, 0x5, 0x0, 0x8, 0x2c68edc5]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x1e5}}, @eret={0xe6, 0x18, 0x1}, @memwrite={0x6e, 0x30, @generic={0x200000, 0x8d, 0x8, 0x4}}, @smc={0x1e, 0x40, {0x8400000d, [0x8, 0xf, 0x2000000, 0x100000001, 0x1]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf10, 0x6, 0x1}}, @code={0xa, 0x54, {"007008d5000028d500d4202e007008d500d8a02e008008d520198cd200a0b8f2010180d2220080d2430180d2c40080d2020000d4007008d5000028d5008008d5"}}], 0x508}], 0x1, 0x0, &(0x7f0000000e40)=[@featur1={0x1, 0x4a}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vm(r2, 0x4018aee1, &(0x7f0000000ec0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000e80)={0x8, 0x8}}) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f0000000f00)={0x2, 0x9}) ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f0000000f40)={0x0, 0x4, 0x200000, 0x2000, &(0x7f0000faa000/0x2000)=nil, 0x5, r6}) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000001040)=@attr_other={0x0, 0xb, 0x80000000, &(0x7f0000001000)=0xfffffffffffff801}) syz_kvm_vgic_v3_setup(r5, 0x4, 0x20) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f00000010c0)=@arm64_core={0x603000000010003c, &(0x7f0000001080)=0xffffffffffff6659}) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000001100)) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000011c0)=@attr_riscv64=@attr_imsic={0x0, 0x1, 0xa32, &(0x7f0000001180)=0x10000}) syz_kvm_setup_cpu$arm64(r4, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000001280)=[{0x0, &(0x7f0000001200)=[@uexit={0x0, 0x18, 0x7fffffff}, @msr={0x14, 0x20, {0x6030000000138006, 0x4}}, @hvc={0x32, 0x40, {0xc400000d, [0x81, 0x1, 0x7fffffff, 0x7, 0xb]}}], 0x78}], 0x1, 0x0, &(0x7f00000012c0)=[@featur1={0x1, 0x44}], 0x1) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000001300)={0xdf, 0x0, 0x8000}) syz_kvm_setup_cpu$arm64(r5, r4, &(0x7f0000bfd000/0x400000)=nil, &(0x7f0000001900)=[{0x0, &(0x7f0000001380)=[@mrs={0xbe, 0x18, {0x603000000013c031}}, @mrs={0xbe, 0x18, {0x603000000013e65d}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x40, 0x8000, 0x2}}, @smc={0x1e, 0x40, {0x80003fff, [0x0, 0x8, 0x1, 0x3, 0x8]}}, @msr={0x14, 0x20, {0x603000000013deb5, 0x2dbd}}, @memwrite={0x6e, 0x30, @generic={0x800e800, 0x71b, 0x1, 0xc}}, @code={0xa, 0x6c, {"000840fa403c90d20080b0f2a10180d2420180d2630080d2a40180d2020000d400000013000008d50054000fa0928ad20000b8f2610080d2620180d2030080d2c40180d2020000d4007008d50080ff0d000008d500c0601e"}}, @eret={0xe6, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013df4f}}, @smc={0x1e, 0x40, {0xc4007f7c, [0x8000000000000001, 0x100000000, 0x0, 0x8, 0xcd9b]}}, @hvc={0x32, 0x40, {0xc301a3de45b4c86a, [0x6, 0x3d, 0xffffffff00000000, 0x6, 0x1]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x2f6}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x6e, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x4, 0xd, 0x0, 0xffffff79, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x58, 0xffffffffffffffff, 0xc}}, @svc={0x122, 0x40, {0x84000014, [0x10001, 0x400, 0x7, 0x9345, 0x5]}}, @eret={0xe6, 0x18, 0x10000}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x6c, {"c05e9cd20000b8f2a10180d2c20180d2c30080d2e40180d2020000d4008008d5000008d5a0d183d200e0b8f2210180d2020080d2c30180d2440080d2020000d40068217e000080ac0080204e0090800f0000181ee0079f1a"}}, @uexit={0x0, 0x18, 0x5}, @svc={0x122, 0x40, {0x6000000, [0x1, 0x18, 0xada4, 0x97, 0xfffffffffffffff8]}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x3, 0x8, 0x8, 0xff, 0x4}}, @mrs={0xbe, 0x18, {0x603000000013deb3}}, @hvc={0x32, 0x40, {0x10, [0x2, 0x9, 0x5ee, 0x6, 0xffff]}}, @svc={0x122, 0x40, {0xc4000003, [0x8001, 0x5, 0x95d, 0x2, 0x10001]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0xf, 0x9, 0x8, 0x4}}, @msr={0x14, 0x20, {0x6030000000138027, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xffd0, 0x0, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc, 0xf, 0xc}}], 0x558}], 0x1, 0x0, &(0x7f0000001940)=[@featur1={0x1, 0xc}], 0x1) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000001980)) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bd1000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000001a00)=@attr_riscv64=@attr_config={0x0, 0x1, 0x0, &(0x7f00000019c0)=0xffff}) 1m35.101386742s ago: executing program 7 (id=469): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20a703, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x10001) r3 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r4, 0x4004aec2, &(0x7f0000000040)=0x5) ioctl$KVM_CAP_ARM_MTE(r3, 0x4068aea3, &(0x7f0000000100)) 1m34.420074009s ago: executing program 6 (id=470): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r5, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) r6 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013c65e, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1m6.669785084s ago: executing program 7 (id=471): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x0, 0x1, 0x11, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="3b1921be3f972268debc6ca0362c4ffcf568059d6c47ba8c97dc917f8ed9cd278d1c3ba873ab5ed3fe8eafbba3b880b298ff206c9aa52bb20f125e518e95d87f501c78fadc06afca", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_MMIO(r0, 0x20, &(0x7f0000000080)="7eb3a4fc78182d884f09d0889902d5d102d6794e542bd918", 0x0, 0x18) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000000c0)="1b43a6678b2feca3b5401c0e512cbcae7c231f22ad230ce5c5a677ad07c446ad34ce31bc2b89a0be9983373a6ff600441ec6a8e907967914eb9b1429f6e84d7ed5989950e5cea103", 0x0, 0x48) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000140)="ea7a26337c4d6e5305072e6e326f8b068ed30fb0dd67b44e11e31f737c1016e9edf7bc441af15ec02940b29a99968a06ce996ae72f3837ec124a5b891b4807b805015b4152d67348", 0x0, 0x48) r1 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, 0x0, 0x1000000, 0x10, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f00000001c0)="b965cf2af3624f2ea2a93d6c16bc78a529f9074c9698dbfb", 0x0, 0x18) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000740)={0x0, &(0x7f0000000200)=[@eret={0xe6, 0x18, 0xfffffffffffffff5}, @its_send_cmd={0xaa, 0x28, {0xa, 0x0, 0x0, 0x2, 0x4, 0xa}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0xc1}}, @hvc={0x32, 0x40, {0x800, [0xe, 0x1000, 0x100000001, 0x2, 0x9]}}, @hvc={0x32, 0x40, {0x20, [0x2, 0x80000000, 0x0, 0x9, 0x2]}}, @svc={0x122, 0x40, {0x8400000a, [0x0, 0x2, 0x6, 0xffff, 0x3]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xc00, 0x2, 0x9}}, @irq_setup={0x46, 0x18, {0x0, 0x205}}, @svc={0x122, 0x40, {0xc4000005, [0xc73, 0x9, 0x1, 0x10, 0x6]}}, @uexit={0x0, 0x18, 0x101}, @its_setup={0x82, 0x28, {0x3, 0x1, 0x103}}, @msr={0x14, 0x20, {0x603000000013defd, 0x89}}, @mrs={0xbe, 0x18, {0x603000000013c085}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x6, 0x4f42, 0x0, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x40, 0x7, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x1, 0x426c, 0x0, 0x4}}, @irq_setup={0x46, 0x18, {0x2, 0x1e7}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x168}}, @msr={0x14, 0x20, {0x603000000013c2a5, 0x7fff}}, @eret={0xe6, 0x18, 0x9}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x5, 0x8, 0x6, 0x4}}, @eret={0xe6, 0x18, 0x13}, @mrs={0xbe, 0x18, {0x603000000013deae}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x2f}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1d0}}, @svc={0x122, 0x40, {0x0, [0x727e, 0xe, 0x2, 0x0, 0x401]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0x4, 0x394c, 0x1, 0x2}}, @smc={0x1e, 0x40, {0x2000200, [0x7f, 0x4, 0x7, 0x800, 0x1]}}, @msr={0x14, 0x20, {0x603000000013df05, 0xe92}}, @svc={0x122, 0x40, {0x84000013, [0xffffffff, 0x7cef, 0x3, 0x80, 0x7]}}, @irq_setup={0x46, 0x18, {0x0, 0x243}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0x7, 0x5, 0x2}}], 0x510}, &(0x7f0000000780)=[@featur2], 0x1) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000007c0)=0xa) r3 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x1000007, 0x1010, r2, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r3, 0x20, &(0x7f0000000800)="df484e95d5eb73cb7f53247e084d750e11f7ee047dc9c720", 0x0, 0x18) ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r2, 0x4018aee1, &(0x7f0000000880)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000840)=0x1}) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20) syz_kvm_setup_cpu$arm64(r4, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000e80)=[{0x0, &(0x7f00000008c0)=[@mrs={0xbe, 0x18, {0x603000000013df5a}}, @hvc={0x32, 0x40, {0x0, [0xc87, 0x1, 0x10001, 0x4, 0x2a49]}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x4, 0xa, 0x7, 0x81, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x3, 0x10, 0xc, 0x257f, 0x3}}, @code={0xa, 0x54, {"008008d50010c0da007008d5008008d5007008d500fca09b007008d5000008d5001e8ad20080b0f2e10080d2420080d2a30180d2640080d2020000d4000028d5"}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0x6, 0x6, 0x81, 0x1}}, @irq_setup={0x46, 0x18, {0x4, 0xed}}, @svc={0x122, 0x40, {0x8990f4bfd39db5e2, [0x8, 0x10, 0x0, 0x4, 0x44ff]}}, @mrs={0xbe, 0x18, {0x50280000001a33da}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x178}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x1, 0x0, 0x6, 0x2, 0x9, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xf00, 0x400, 0x7}}, @hvc={0x32, 0x40, {0x4000000, [0x3, 0x305bb27b, 0x717, 0x1, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x38e}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x9, 0x7, 0xffff8dfa, 0x2}}, @hvc={0x32, 0x40, {0x40, [0xe9, 0xff, 0xb8, 0xffffffffffff9515, 0x1ab]}}, @code={0xa, 0x9c, {"007008d5401784d20020b8f2c10080d2e20080d2c30180d2240180d2020000d4007008d5608392d20060b8f2810180d2220080d2030180d2e40080d2020000d4007008d5c07897d20040b8f2810180d2e20180d2030180d2040080d2020000d4000820fce0ea88d20000b0f2e10180d2220080d2230180d2840180d2020000d4000028d50048210e"}}, @hvc={0x32, 0x40, {0x40, [0x100, 0x7b0, 0xffffffffffffffff, 0x2, 0x3]}}, @hvc={0x32, 0x40, {0x84000051, [0x5, 0x6, 0xff, 0x1, 0x1]}}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x1, 0x0, 0x5, 0x2, 0x4}}, @msr={0x14, 0x20, {0x603000000013dea1, 0x3}}, @code={0xa, 0x6c, {"007008d560d383d20000b0f2e10080d2820180d2230080d2040180d2020000d4007008d5000008d500d8a07e007008d5007008d5a0cf8dd200c0b8f2a10080d2e20180d2630180d2c40180d2020000d400d8212e000028d5"}}, @irq_setup={0x46, 0x18, {0x1, 0x2f2}}, @irq_setup={0x46, 0x18, {0x3, 0x27d}}, @code={0xa, 0x9c, {"a0af83d20040b0f2210180d2020080d2430180d2e40080d2020000d4000008d5809298d200c0b0f2810080d2e20080d2830180d2c40180d2020000d40058000e000000ad008008d580de86d20020b0f2610080d2e20180d2430080d2040180d2020000d4000008d560629cd20000b8f2c10080d2c20180d2630180d2240180d2020000d4000008d5"}}], 0x598}], 0x1, 0x0, &(0x7f0000000ec0)=[@featur1={0x1, 0x46}], 0x1) ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f0000000f00)={0x400000, 0xfffc}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000f80)=@riscv64_config={0x8030000000100007, &(0x7f0000000f40)=0x114d}) ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000fc0)={0xc0, 0x0, 0x4000}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000001040)="ab92fbbeb5ae207c77ef2fe0d11a16339179830edccfb8648035208fd630f526bc1e26c774e920ab46b7b9c6f2ed9c90c8c637ba108eb5647a49d947fc670975684f292ed2fceb26", 0x0, 0x48) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000001340)={0x0, &(0x7f00000010c0)=[@eret={0xe6, 0x18, 0x100000001}, @svc={0x122, 0x40, {0x8600ff01, [0x97c, 0x3, 0xffffffffffffffae, 0x4, 0x7]}}, @irq_setup={0x46, 0x18, {0x4, 0x392}}, @smc={0x1e, 0x40, {0xc5000021, [0xf0d4, 0x7fffffff, 0x0, 0x2, 0x3]}}, @smc={0x1e, 0x40, {0x86000001, [0x100000000, 0x8, 0x6, 0xa, 0xfffffffffffffffd]}}, @hvc={0x32, 0x40, {0x8400000a, [0x7f, 0xf, 0xffffffff, 0x6, 0x3ff]}}, @uexit={0x0, 0x18, 0x9}, @svc={0x122, 0x40, {0x86000000, [0x5038, 0x3, 0x7fff, 0xffffffffffff60d3, 0x9]}}, @mrs={0xbe, 0x18, {0x603000000013f289}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0x2, 0x2, 0x1, 0x3}}, @code={0xa, 0x84, {"007008d5007008d540359cd200a0b0f2010180d2020180d2a30180d2e40180d2020000d40040621e60168dd20060b0f2610080d2c20080d2c30080d2840180d2020000d40008c05a0000007ac0c086d20080b8f2410080d2020180d2030180d2840080d2020000d4000008d5008008d5"}}], 0x24c}, &(0x7f0000001380)=[@featur1={0x1, 0x8a}], 0x1) ioctl$KVM_SET_GUEST_DEBUG_arm64(r6, 0x4208ae9b, &(0x7f00000013c0)={0x30000, 0x0, {[0xc49, 0x8000000000000000, 0x5, 0x8, 0x7, 0x6, 0x4, 0x100, 0x100000000, 0x3, 0x5, 0x4, 0xc, 0x4, 0x8000000000000000, 0x7], [0x8, 0x4, 0x5, 0x5245e3fb, 0x0, 0x3, 0x0, 0x81, 0x5, 0x3, 0x6, 0x5, 0x862, 0x10, 0x10, 0x3], [0xefd, 0x19, 0x7, 0x6, 0x0, 0x101, 0xee7b, 0x8, 0x1356, 0x5, 0x4, 0xfffffffffffffffb, 0x4, 0x8, 0x5, 0x1], [0x81, 0x2, 0x2, 0x5, 0x1, 0x784, 0x1, 0xa16, 0xb, 0xffffffffffffffc0, 0x1e, 0x8, 0x5, 0x1, 0x5, 0xc]}}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000fec000/0x4000)=nil, r7, 0x3000008, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000001600)="629f7756498359b463f13e473efeb7de8f99629e4d96d2a8b0eb03ad2b3a2a8964e453488b6b99ff3d4117948c4a34ca54969ff39eb56a4607045dec086f757abb7181d36ebecba1", 0x0, 0x48) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001680), 0x90080, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x3) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000001700)=@riscv64_core={0xb9fffc7cba7b1077, &(0x7f00000016c0)=0x1}) ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f0000001dc0)={0x0, 0x699}) 1m6.076076988s ago: executing program 6 (id=472): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x9e) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x80000000, 0x7, 0xaca, 0x2, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf4) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34) syz_kvm_setup_cpu$arm64(r6, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000080)=[@irq_setup={0x46, 0x18, {0x0, 0xec}}], 0x18}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x20}], 0x1) 50.962361528s ago: executing program 7 (id=473): openat$kvm(0x0, 0x0, 0x0, 0x0) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2a) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000000)=@arm64_fw={0x6030000000140000, 0x0}) r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0xf0ffffffffffffff, 0x0}, 0x0, 0x0) 18.289352657s ago: executing program 38 (id=472): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x9e) r3 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x8400000a, [0x80000000, 0x7, 0xaca, 0x2, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xf4) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x34) syz_kvm_setup_cpu$arm64(r6, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f00000000c0)=[{0x0, &(0x7f0000000080)=[@irq_setup={0x46, 0x18, {0x0, 0xec}}], 0x18}], 0x1, 0x0, &(0x7f0000000140)=[@featur1={0x1, 0x20}], 0x1) 0s ago: executing program 39 (id=473): openat$kvm(0x0, 0x0, 0x0, 0x0) r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2a) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000000)=@arm64_fw={0x6030000000140000, 0x0}) r6 = syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000040)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000080)={0xf0ffffffffffffff, 0x0}, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 391.721934][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.756255][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:4368' (ED25519) to the list of known hosts. [ 606.907928][ T24] audit: type=1400 audit(606.160:61): avc: denied { name_bind } for pid=3330 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 607.766835][ T24] audit: type=1400 audit(607.020:62): avc: denied { execute } for pid=3331 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 607.794514][ T24] audit: type=1400 audit(607.050:63): avc: denied { execute_no_trans } for pid=3331 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 631.931570][ T24] audit: type=1400 audit(631.180:64): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 631.966530][ T24] audit: type=1400 audit(631.220:65): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.059646][ T3331] cgroup: Unknown subsys name 'net' [ 632.115887][ T24] audit: type=1400 audit(631.370:66): avc: denied { unmount } for pid=3331 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 632.530226][ T3331] cgroup: Unknown subsys name 'cpuset' [ 632.645083][ T3331] cgroup: Unknown subsys name 'rlimit' [ 633.517558][ T24] audit: type=1400 audit(632.770:67): avc: denied { setattr } for pid=3331 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 633.535968][ T24] audit: type=1400 audit(632.790:68): avc: denied { mounton } for pid=3331 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 633.585078][ T24] audit: type=1400 audit(632.840:69): avc: denied { mount } for pid=3331 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 635.744836][ T3333] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 635.800805][ T24] audit: type=1400 audit(635.040:70): avc: denied { relabelto } for pid=3333 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 635.848178][ T24] audit: type=1400 audit(635.100:71): avc: denied { write } for pid=3333 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 636.145155][ T24] audit: type=1400 audit(635.400:72): avc: denied { read } for pid=3331 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 636.189384][ T24] audit: type=1400 audit(635.420:73): avc: denied { open } for pid=3331 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 636.241483][ T3331] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 694.552551][ T24] audit: type=1400 audit(693.810:74): avc: denied { execmem } for pid=3337 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 702.600531][ T24] audit: type=1400 audit(701.850:75): avc: denied { open } for pid=3341 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 702.617639][ T24] audit: type=1400 audit(701.860:76): avc: denied { read } for pid=3342 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 702.759704][ T24] audit: type=1400 audit(702.010:77): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 703.072851][ T24] audit: type=1400 audit(702.310:78): avc: denied { module_request } for pid=3341 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 703.083220][ T24] audit: type=1400 audit(702.320:79): avc: denied { module_request } for pid=3342 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 704.094717][ T24] audit: type=1400 audit(703.340:80): avc: denied { sys_module } for pid=3342 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 726.950016][ T3342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.391546][ T3342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.458209][ T3341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.775010][ T3341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.935374][ T3342] hsr_slave_0: entered promiscuous mode [ 739.964085][ T3342] hsr_slave_1: entered promiscuous mode [ 740.896198][ T3341] hsr_slave_0: entered promiscuous mode [ 740.953051][ T3341] hsr_slave_1: entered promiscuous mode [ 740.994799][ T3341] debugfs: 'hsr0' already exists in 'hsr' [ 741.010724][ T3341] Cannot create hsr debugfs directory [ 747.156121][ T24] audit: type=1400 audit(746.410:81): avc: denied { create } for pid=3342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 747.231430][ T24] audit: type=1400 audit(746.450:82): avc: denied { write } for pid=3342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 747.314651][ T24] audit: type=1400 audit(746.520:83): avc: denied { read } for pid=3342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 747.436123][ T3342] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 747.785573][ T3342] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 748.053779][ T3342] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 748.281404][ T3342] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 750.296156][ T3341] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 750.521888][ T3341] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 750.664038][ T3341] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 750.891999][ T3341] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 764.772865][ T3342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 769.192172][ T3341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 819.589405][ T3342] veth0_vlan: entered promiscuous mode [ 820.204425][ T3342] veth1_vlan: entered promiscuous mode [ 822.807865][ T3342] veth0_macvtap: entered promiscuous mode [ 823.414423][ T3342] veth1_macvtap: entered promiscuous mode [ 824.125341][ T3341] veth0_vlan: entered promiscuous mode [ 825.242199][ T3341] veth1_vlan: entered promiscuous mode [ 826.960448][ T3391] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.980891][ T3391] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.984587][ T3391] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.010122][ T3391] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.797755][ T3341] veth0_macvtap: entered promiscuous mode [ 830.604036][ T3341] veth1_macvtap: entered promiscuous mode [ 830.706720][ T24] audit: type=1400 audit(829.950:84): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 831.057384][ T24] audit: type=1400 audit(830.310:85): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/syzkaller.uWREbD/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 831.362290][ T24] audit: type=1400 audit(830.600:86): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 831.830349][ T24] audit: type=1400 audit(831.070:87): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/syzkaller.uWREbD/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 832.066958][ T24] audit: type=1400 audit(831.320:88): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/syzkaller.uWREbD/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 833.129540][ T24] audit: type=1400 audit(832.380:89): avc: denied { unmount } for pid=3342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 833.532752][ T24] audit: type=1400 audit(832.780:90): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1546 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 833.656671][ T24] audit: type=1400 audit(832.910:91): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="gadgetfs" ino=3749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 833.942616][ T3391] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.950667][ T3391] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.010674][ T3391] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.024875][ T3391] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.213130][ T24] audit: type=1400 audit(833.470:92): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 834.332189][ T24] audit: type=1400 audit(833.580:93): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 836.518254][ T3342] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 838.171479][ T24] kauditd_printk_skb: 1 callbacks suppressed [ 838.172410][ T24] audit: type=1400 audit(837.400:95): avc: denied { read write } for pid=3342 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 838.173312][ T24] audit: type=1400 audit(837.410:96): avc: denied { open } for pid=3342 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 838.174086][ T24] audit: type=1400 audit(837.410:97): avc: denied { ioctl } for pid=3342 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 847.451023][ T24] audit: type=1400 audit(846.690:98): avc: denied { read } for pid=3496 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 847.478034][ T24] audit: type=1400 audit(846.730:99): avc: denied { open } for pid=3496 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 848.224645][ T24] audit: type=1400 audit(847.480:100): avc: denied { ioctl } for pid=3496 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.677698][ T24] audit: type=1400 audit(853.910:101): avc: denied { execute } for pid=3496 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3872 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 855.465620][ T3499] KVM: debugfs: duplicate directory 3499-5 [ 859.322641][ T24] audit: type=1400 audit(858.570:102): avc: denied { append } for pid=3502 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 872.970425][ T24] audit: type=1400 audit(872.220:103): avc: denied { write } for pid=3508 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 913.840570][ T24] audit: type=1400 audit(913.070:104): avc: denied { create } for pid=3534 comm="syz.1.12" anonclass=[kvm-gmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 913.964941][ T24] audit: type=1400 audit(913.220:105): avc: denied { map } for pid=3534 comm="syz.1.12" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4520 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 914.047748][ T24] audit: type=1400 audit(913.250:106): avc: denied { read } for pid=3534 comm="syz.1.12" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=4520 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 977.928956][ C0] hrtimer: interrupt took 1009920 ns [ 1042.762629][ T24] audit: type=1400 audit(1042.010:107): avc: denied { write } for pid=3602 comm="syz.1.37" path=2F5B6B766D2D676D656D5D202864656C6574656429 dev="guest_memfd" ino=5604 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1132.250910][ T24] audit: type=1400 audit(1131.500:108): avc: denied { ioctl } for pid=3660 comm="syz.1.54" path="net:[4026532629]" dev="nsfs" ino=4026532629 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1204.016909][ T3705] kvm [3705]: Failed to find VMA for hva 0x20c79000 [ 1302.510239][ T24] audit: type=1400 audit(1301.690:109): avc: denied { execute } for pid=3766 comm="syz.0.86" path=2F34332F10FBFF67525673312B0104 dev="tmpfs" ino=234 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1332.070413][ T24] audit: type=1400 audit(1331.320:110): avc: denied { setattr } for pid=3779 comm="syz.0.91" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1333.199977][ T24] audit: type=1400 audit(1332.420:111): avc: denied { map } for pid=3779 comm="syz.0.91" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1596.075360][ T3937] debugfs: 'vgic-its-state@8080000' already exists in '3937-8' [ 2116.214117][ T24] audit: type=1400 audit(2115.460:112): avc: denied { execute } for pid=4238 comm="syz.0.234" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 2589.582532][ T4520] kvm [4520]: Failed to find VMA for hva 0x20c01000 [ 2716.865926][ T4610] debugfs: 'vgic-its-state@8080000' already exists in '4610-4' [ 2773.343129][ T4639] kvm [4639]: Failed to find VMA for hva 0x20c01000 [ 3135.181718][ T4825] kvm [4825]: Failed to find VMA for hva 0x20c79000 [ 3342.190006][ T4887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3342.368301][ T4890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3342.555816][ T4887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3342.657597][ T4890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3371.723410][ T4887] hsr_slave_0: entered promiscuous mode [ 3371.814546][ T4887] hsr_slave_1: entered promiscuous mode [ 3371.885330][ T4887] debugfs: 'hsr0' already exists in 'hsr' [ 3371.889377][ T4887] Cannot create hsr debugfs directory [ 3374.427976][ T4890] hsr_slave_0: entered promiscuous mode [ 3374.543728][ T4890] hsr_slave_1: entered promiscuous mode [ 3374.593909][ T4890] debugfs: 'hsr0' already exists in 'hsr' [ 3374.596918][ T4890] Cannot create hsr debugfs directory [ 3388.512058][ T4887] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 3388.994136][ T4887] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 3389.485183][ T4887] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 3390.037937][ T4887] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 3394.536066][ T4890] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 3394.954522][ T4890] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 3395.413045][ T4890] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 3395.768175][ T4890] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 3418.227344][ T4887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3424.863312][ T4890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3520.603246][ T4887] veth0_vlan: entered promiscuous mode [ 3521.436568][ T4887] veth1_vlan: entered promiscuous mode [ 3524.404116][ T4887] veth0_macvtap: entered promiscuous mode [ 3524.992040][ T4887] veth1_macvtap: entered promiscuous mode [ 3528.830242][ T4890] veth0_vlan: entered promiscuous mode [ 3529.237868][ T2140] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3529.241866][ T2140] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3529.243445][ T2140] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3529.244252][ T2140] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3530.594645][ T4890] veth1_vlan: entered promiscuous mode [ 3536.552819][ T4890] veth0_macvtap: entered promiscuous mode [ 3537.592658][ T4890] veth1_macvtap: entered promiscuous mode [ 3541.373871][ T2140] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3541.399900][ T2140] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3541.482858][ T2140] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3541.504487][ T2140] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3669.255859][ T4986] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3672.366810][ T4986] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3675.572759][ T4986] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3678.335524][ T4986] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3695.594870][ T4986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3695.725312][ T4986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3695.807555][ T4986] bond0 (unregistering): Released all slaves [ 3697.600356][ T4986] hsr_slave_0: left promiscuous mode [ 3697.675618][ T4986] hsr_slave_1: left promiscuous mode [ 3698.430135][ T4986] veth1_macvtap: left promiscuous mode [ 3698.456169][ T4986] veth0_macvtap: left promiscuous mode [ 3698.490938][ T4986] veth1_vlan: left promiscuous mode [ 3698.510625][ T4986] veth0_vlan: left promiscuous mode [ 3722.668131][ T5053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3724.635454][ T5053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3731.367278][ T4986] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3733.203396][ T4986] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3734.835847][ T4986] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3736.812845][ T4986] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3743.990827][ T5059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3745.164002][ T5059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3749.527263][ T4986] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3751.346616][ T4986] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3752.512660][ T4986] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3753.720643][ T4986] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3764.923655][ T4986] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3766.386582][ T5053] hsr_slave_0: entered promiscuous mode [ 3766.495529][ T5053] hsr_slave_1: entered promiscuous mode [ 3766.593091][ T5053] debugfs: 'hsr0' already exists in 'hsr' [ 3766.600905][ T5053] Cannot create hsr debugfs directory [ 3767.110612][ T4986] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3768.964824][ T4986] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3770.744604][ T4986] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3793.616757][ T4986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3793.706974][ T4986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3793.767656][ T4986] bond0 (unregistering): Released all slaves [ 3796.536231][ T4986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3796.614104][ T4986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3796.672224][ T4986] bond0 (unregistering): Released all slaves [ 3799.457650][ T4986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3799.554737][ T4986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3799.616405][ T4986] bond0 (unregistering): Released all slaves [ 3801.253239][ T5059] hsr_slave_0: entered promiscuous mode [ 3801.283525][ T5059] hsr_slave_1: entered promiscuous mode [ 3801.304921][ T5059] debugfs: 'hsr0' already exists in 'hsr' [ 3801.307862][ T5059] Cannot create hsr debugfs directory [ 3801.435526][ T4986] hsr_slave_0: left promiscuous mode [ 3801.476447][ T4986] hsr_slave_1: left promiscuous mode [ 3801.596719][ T4986] hsr_slave_0: left promiscuous mode [ 3801.626449][ T4986] hsr_slave_1: left promiscuous mode [ 3801.760995][ T4986] hsr_slave_0: left promiscuous mode [ 3801.794213][ T4986] hsr_slave_1: left promiscuous mode [ 3802.141801][ T4986] veth1_macvtap: left promiscuous mode [ 3802.144912][ T4986] veth0_macvtap: left promiscuous mode [ 3802.167471][ T4986] veth1_vlan: left promiscuous mode [ 3802.177545][ T4986] veth0_vlan: left promiscuous mode [ 3802.206788][ T4986] veth1_macvtap: left promiscuous mode [ 3802.221119][ T4986] veth0_macvtap: left promiscuous mode [ 3802.224685][ T4986] veth1_vlan: left promiscuous mode [ 3802.236868][ T4986] veth0_vlan: left promiscuous mode [ 3802.310952][ T4986] veth1_macvtap: left promiscuous mode [ 3802.314000][ T4986] veth0_macvtap: left promiscuous mode [ 3802.325796][ T4986] veth1_vlan: left promiscuous mode [ 3802.334017][ T4986] veth0_vlan: left promiscuous mode [ 3841.954604][ T5053] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 3842.456936][ T5053] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 3842.987586][ T5053] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 3844.963893][ T5053] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 3859.056842][ T5059] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 3859.415313][ T5059] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 3859.746181][ T5059] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 3859.997783][ T5059] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 3871.749839][ T5053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3882.322559][ T5059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3982.474709][ T5053] veth0_vlan: entered promiscuous mode [ 3983.712552][ T5053] veth1_vlan: entered promiscuous mode [ 3986.444848][ T5053] veth0_macvtap: entered promiscuous mode [ 3986.921503][ T5053] veth1_macvtap: entered promiscuous mode [ 3989.909566][ T4986] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.914494][ T4986] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.944781][ T4986] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3989.991787][ T4986] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3993.743911][ T24] audit: type=1400 audit(3992.990:113): avc: denied { unmount } for pid=5053 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 3996.364285][ T5059] veth0_vlan: entered promiscuous mode [ 3997.471657][ T5059] veth1_vlan: entered promiscuous mode [ 4001.117201][ T5059] veth0_macvtap: entered promiscuous mode [ 4001.925776][ T5059] veth1_macvtap: entered promiscuous mode [ 4005.677726][ T4903] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4005.703482][ T4903] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4005.820243][ T4903] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4005.931216][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4158.213754][ T5305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4158.568005][ T5305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4184.736248][ T5317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4185.301394][ T5317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4210.314470][ T5305] hsr_slave_0: entered promiscuous mode [ 4210.440601][ T5305] hsr_slave_1: entered promiscuous mode [ 4211.006588][ T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4213.574175][ T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4216.377015][ T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4218.434734][ T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4245.632775][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4245.758131][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4245.863782][ T12] bond0 (unregistering): Released all slaves [ 4248.250066][ T12] hsr_slave_0: left promiscuous mode [ 4248.340706][ T12] hsr_slave_1: left promiscuous mode [ 4248.676414][ T12] veth1_macvtap: left promiscuous mode [ 4248.722595][ T12] veth0_macvtap: left promiscuous mode [ 4248.755074][ T12] veth1_vlan: left promiscuous mode [ 4248.780186][ T12] veth0_vlan: left promiscuous mode [ 4276.495678][ T5317] hsr_slave_0: entered promiscuous mode [ 4276.574499][ T5317] hsr_slave_1: entered promiscuous mode [ 4276.640623][ T5317] debugfs: 'hsr0' already exists in 'hsr' [ 4276.650093][ T5317] Cannot create hsr debugfs directory [ 4282.938038][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4283.451279][ T5305] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 4284.274765][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4285.492719][ T5305] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 4286.115138][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4287.741368][ T5305] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 4288.477818][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4289.433719][ T5305] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 4311.291428][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4311.791070][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4312.101609][ T12] bond0 (unregistering): Released all slaves [ 4314.044621][ T12] hsr_slave_0: left promiscuous mode [ 4314.105040][ T12] hsr_slave_1: left promiscuous mode [ 4314.563141][ T12] veth1_macvtap: left promiscuous mode [ 4314.567106][ T12] veth0_macvtap: left promiscuous mode [ 4314.583412][ T12] veth1_vlan: left promiscuous mode [ 4314.587068][ T12] veth0_vlan: left promiscuous mode [ 4347.007768][ T5317] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 4347.528178][ T5317] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 4348.053904][ T5317] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 4348.603265][ T5317] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 4357.397445][ T5305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4378.155340][ T5317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4499.991143][ T5305] veth0_vlan: entered promiscuous mode [ 4501.429441][ T5305] veth1_vlan: entered promiscuous mode [ 4505.549846][ T5305] veth0_macvtap: entered promiscuous mode [ 4506.291588][ T5305] veth1_macvtap: entered promiscuous mode [ 4510.765958][ T4903] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4510.767597][ T4903] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4510.834423][ T5389] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4510.882896][ T5389] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4529.977685][ T5317] veth0_vlan: entered promiscuous mode [ 4531.514122][ T5317] veth1_vlan: entered promiscuous mode [ 4536.689277][ T5317] veth0_macvtap: entered promiscuous mode [ 4537.855563][ T5317] veth1_macvtap: entered promiscuous mode [ 4543.199865][ T4903] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4543.202387][ T4903] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4543.271416][ T4903] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4543.282978][ T4903] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4600.237937][ T5583] KVM: debugfs: duplicate directory 5583-5 [ 5084.787808][ T5736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5085.443835][ T5736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5104.045958][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5104.690811][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5147.064973][ T5736] hsr_slave_0: entered promiscuous mode [ 5147.243747][ T5736] hsr_slave_1: entered promiscuous mode [ 5147.392861][ T5736] debugfs: 'hsr0' already exists in 'hsr' [ 5147.450005][ T5736] Cannot create hsr debugfs directory [ 5173.145817][ T5743] hsr_slave_0: entered promiscuous mode [ 5173.401901][ T5743] hsr_slave_1: entered promiscuous mode [ 5173.523012][ T5743] debugfs: 'hsr0' already exists in 'hsr' [ 5173.527639][ T5743] Cannot create hsr debugfs directory [ 5200.544908][ T5736] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 5203.702768][ T5736] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 5205.623523][ T5736] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 5206.145531][ T5736] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 5224.595801][ T5743] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 5225.435472][ T5743] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 5226.392281][ T5743] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 5227.261625][ T5743] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 5268.793439][ T5736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5286.737604][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 5342.031437][ T26] INFO: task syz.7.473:5722 blocked for more than 430 seconds. [ 5342.033109][ T26] Not tainted syzkaller #0 [ 5342.033993][ T26] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5342.034519][ T26] task:syz.7.473 state:D stack:0 pid:5722 tgid:5722 ppid:5317 task_flags:0x400040 flags:0x00000011 [ 5342.035992][ T26] Call trace: [ 5342.036496][ T26] __switch_to+0x584/0xb00 (T) [ 5342.150577][ T26] __schedule+0x1da4/0x3678 [ 5342.151373][ T26] schedule+0xac/0x27c [ 5342.151910][ T26] schedule_timeout+0x68/0x1ec [ 5342.152384][ T26] do_wait_for_common+0x28c/0x440 [ 5342.152798][ T26] wait_for_completion+0x44/0x5c [ 5342.153318][ T26] __synchronize_srcu+0x2a4/0x320 [ 5342.153744][ T26] synchronize_srcu+0x3d0/0x4f8 [ 5342.154171][ T26] mmu_notifier_unregister+0x320/0x428 [ 5342.154638][ T26] kvm_put_kvm+0x698/0xbe0 [ 5342.155080][ T26] kvm_vm_release+0x58/0x78 [ 5342.155584][ T26] __fput+0x4ac/0x978 [ 5342.156104][ T26] ____fput+0x20/0x58 [ 5342.156625][ T26] task_work_run+0x1b8/0x250 [ 5342.157107][ T26] exit_to_user_mode_loop+0x110/0x188 [ 5342.157591][ T26] el0_svc+0x17c/0x238 [ 5342.158012][ T26] el0t_64_sync_handler+0x84/0x12c [ 5342.383945][ T26] el0t_64_sync+0x198/0x19c [ 5342.407427][ T26] [ 5342.407427][ T26] Showing all locks held in the system: [ 5342.408070][ T26] 3 locks held by kworker/u4:0/12: SYZFAIL: failed to recv rpc [ 5342.472343][ T26] 1 lock held by khungtaskd/26: [ 5342.472823][ T26] #0: ffff800087c971f8 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x0/0x44 [ 5342.475239][ T26] 3 locks held by kworker/u4:4/48: [ 5342.475712][ T26] 2 locks held by getty/3201: [ 5342.476049][ T26] #0: 6ef00000128868a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c [ 5342.477754][ T26] #1: acff80008ca2b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x308/0x1234 [ 5342.675254][ T26] 1 lock held by sshd-session/3330: [ 5342.675616][ T26] 2 locks held by syz-executor/3331: [ 5342.675937][ T26] 3 locks held by kworker/u4:3/3383: [ 5342.676264][ T26] 2 locks held by kworker/u4:7/3987: [ 5342.676559][ T26] #0: 14f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 5342.770350][ T26] #1: ffff80008e4c7ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94 [ 5342.772329][ T26] 3 locks held by kworker/u4:5/4903: [ 5342.772682][ T26] 2 locks held by kworker/u4:9/4986: [ 5342.772989][ T26] 3 locks held by kworker/u4:10/4988: [ 5342.773341][ T26] 3 locks held by kworker/u4:1/5355: [ 5342.773659][ T26] 3 locks held by kworker/u4:2/5389: [ 5342.773983][ T26] 2 locks held by kworker/u4:8/5708: [ 5342.774299][ T26] #0: 14f000000d036548 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x7f8/0x1d94 [ 5342.776279][ T26] #1: ffff80008f507ca8 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x884/0x1d94 [ 5342.777958][ T26] 2 locks held by syz.6.472/5716: [ 5342.778355][ T26] 3 locks held by kworker/u4:11/5740: [ 5342.950161][ T26] 1 lock held by syz-executor/5743: [ 5342.950624][ T26] #0: ffff800087fc8700 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c [ 5342.952512][ T26] 3 locks held by kworker/u4:13/5797: [ 5342.952870][ T26] 3 locks held by kworker/u4:14/5867: [ 5342.953201][ T26] 1 lock held by modprobe/5902: [ 5342.953522][ T26] 3 locks held by modprobe/5903: [ 5343.039935][ T26] [ 5343.040611][ T26] ============================================= [ 5343.040611][ T26] [ 5343.041670][ T26] Kernel panic - not syncing: hung_task: blocked tasks [ 5343.046756][ T26] CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 5343.048258][ T26] Hardware name: linux,dummy-virt (DT) [ 5343.049216][ T26] Call trace: [ 5343.050016][ T26] show_stack+0x2c/0x3c (C) [ 5343.051087][ T26] __dump_stack+0x30/0x40 [ 5343.052061][ T26] dump_stack_lvl+0x30/0x12c [ 5343.053034][ T26] dump_stack+0x1c/0x28 [ 5343.053946][ T26] vpanic+0x4d0/0x848 [ 5343.054756][ T26] vpanic+0x0/0x848 [ 5343.055547][ T26] hung_task_panic+0x0/0x2c [ 5343.056528][ T26] kthread+0x4d4/0x51c [ 5343.057400][ T26] ret_from_fork+0x10/0x20 [ 5343.059302][ T26] Kernel Offset: disabled [ 5343.060063][ T26] CPU features: 0x0000000,001a3005,fbe327a1,057ffe1f [ 5343.061154][ T26] Memory Limit: none [ 5343.063422][ T26] Rebooting in 86400 seconds..