last executing test programs: 59m49.666160801s ago: executing program 1 (id=87): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0xe}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0xfb7f0000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_PTP_KVM(r1, 0x4068aea3, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000000000/0x400000)=nil, &(0x7f0000000100)=[{0x0, &(0x7f0000000440)=[@eret={0xe6, 0x18, 0xb}, @memwrite={0x6e, 0x30, @generic={0xd000, 0x5bd, 0x7, 0x9}}, @code={0xa, 0x3c, {"0004003c008008d50038201e00a0000f0020a00d008008d51f2003d5008060c800080038008008d5"}}, @code={0xa, 0x9c, {"000c8038a02591d20020b0f2610080d2a20180d2c30180d2640080d2020000d4008008d500fc40d3001c004e609c90d20000b8f2a10180d2620080d2030180d2240180d2020000d4000028d5c0ff8dd20080b8f2410180d2820180d2230180d2240180d2020000d40014c05a80258ed20000b8f2010080d2a20080d2430180d2c40080d2020000d4"}}, @msr={0x14, 0x20, {0x603000000013de82, 0x5}}, @eret={0xe6, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013e18c}}, @code={0xa, 0x54, {"000008d5007008d5000028d50098212e202c85d20060b8f2e10180d2820080d2630180d2440080d2020000d4007008d50010202e0038601e000008d5000028d5"}}, @hvc={0x32, 0x40, {0x80000002, [0x6, 0x200, 0x7fffffff, 0x8001, 0x5]}}, @smc={0x1e, 0x40, {0x80003fff, [0x9, 0x159, 0x7, 0x7fffffffffffffff, 0x8]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x36}}, @eret={0xe6, 0x18, 0x4}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0xd00, 0x7, 0x2}}, @mrs={0xbe, 0x18, {0x603000000013c101}}, @smc={0x1e, 0x40, {0x84000053, [0x200, 0x8, 0xfffffffffffffffb, 0x9c, 0x10001]}}, @its_setup={0x82, 0x28, {0x4, 0x2, 0x238}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x603000000013c649}}, @code={0xa, 0x9c, {"a03186d200a0b0f2810080d2020080d2830080d2a40080d2020000d4007008d5a0d681d20060b0f2610080d2020180d2a30080d2e40080d2020000d4003c000e008008d50054007f004c207e40d185d20040b0f2210180d2820180d2e30080d2040080d2020000d40000589e008b99d20000b8f2610080d2a20080d2430180d2a40180d2020000d4"}}, @smc={0x1e, 0x40, {0x8400000d, [0x6, 0x81, 0x3, 0xf]}}], 0x440}], 0x1, 0x0, &(0x7f0000000140)=[@featur2={0x1, 0x2}], 0x1) 59m42.640941418s ago: executing program 1 (id=89): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000c3c000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc1, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x58) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x3000004, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000834000/0x3000)=nil, 0x930, 0x100000a, 0x8032, 0xffffffffffffffff, 0x0) 59m34.886151992s ago: executing program 1 (id=91): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8800, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xf1) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e9d000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r1, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) 59m28.558049575s ago: executing program 1 (id=93): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2b) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0xfffffff8, 0xffff, 0x0}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000bfd000/0x400000)=nil, &(0x7f00000004c0)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x240) r7 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000b00)={0x0, &(0x7f00000007c0)=[@mrs={0xbe, 0x18, {0x603000000013c2a4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x4, 0x2, 0xffffffff, 0x9, 0x2}}, @svc={0x122, 0x40, {0x8400000d, [0x8000000000000000, 0x7, 0x7000, 0xaaf, 0x8000]}}, @hvc={0x32, 0x40, {0xc4000004, [0x7, 0x8, 0xc, 0x4]}}, @msr={0x14, 0x20, {0x603000000013e66b, 0x6}}], 0xe0}, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x9}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r8, 0xc018aec0, &(0x7f00000000c0)={0x1}) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@hvc={0x32, 0x40, {0x84000008, [0x0, 0x8001, 0x8001, 0x6, 0xd1]}}, @msr={0x14, 0x20, {0x603000000013dcf3, 0x8000}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r9, 0xae80, 0x0) 59m16.734861655s ago: executing program 1 (id=96): mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x2132, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f0000000000)={0x3, 0xe3}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) 59m9.366117388s ago: executing program 1 (id=97): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x28002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100018, &(0x7f0000000100)=0xffffffffffffffff}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 58m31.805740764s ago: executing program 32 (id=95): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[], 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) close(r2) close(r3) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000100)=ANY=[], 0x30}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) close(r2) (async) close(r3) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r4, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) 58m21.837115408s ago: executing program 33 (id=97): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x28002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r5, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x6030000000100018, &(0x7f0000000100)=0xffffffffffffffff}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 53m14.745746018s ago: executing program 2 (id=98): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) (async) r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100}) (async) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r7, 0x2000004, 0x10, r6, 0x0) munmap(&(0x7f0000008000/0x4000)=nil, 0x4000) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000080)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000002000/0x2000)=nil, r9, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) 52m41.796461934s ago: executing program 3 (id=99): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x20282, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x7, 0x7fffffffffffffff, 0x0}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x8000}) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000180)={r8, 0x630d, 0x2, r5}) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000280)={0x2710, 0x0, 0x8000000, 0x1000, &(0x7f0000f6c000/0x1000)=nil, 0x2000000800000000}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) 52m26.476039611s ago: executing program 34 (id=98): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) (async) r2 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x29) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) (async) r5 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100}) (async) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@arm64={0xad, 0x40, 0xcd, '\x00', 0x100}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r7, 0x2000004, 0x10, r6, 0x0) munmap(&(0x7f0000008000/0x4000)=nil, 0x4000) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000000080)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000002000/0x2000)=nil, r9, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, 0x0) (async) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r8, 0x4018aee3, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x0, 0x23ac5f9b426e84b2, 0xffffffffffffffff, 0x0) 51m52.480529595s ago: executing program 35 (id=99): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x20282, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r5, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0x7, 0x7fffffffffffffff, 0x0}) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x8000}) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a82616}) r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000180)={r8, 0x630d, 0x2, r5}) r9 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000280)={0x2710, 0x0, 0x8000000, 0x1000, &(0x7f0000f6c000/0x1000)=nil, 0x2000000800000000}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) 44m34.466029579s ago: executing program 5 (id=107): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000080)={0xa, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000080)={0xa, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x3, 0x3000000000000000, &(0x7f0000000200)=0x100000000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000140)=@attr_other={0x0, 0x3, 0x3000000000000000, &(0x7f0000000200)=0x100000000}) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x0, 0xfffffffffffffffe}) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x0, 0x0, 0xfffffffffffffffe}) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000240)={0x0, 0x0, 0xfffffffffffffdc9}, 0x0, 0x40) r6 = eventfd2(0x0, 0x0) close(r6) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) write$eventfd(r6, 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) (async) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1a) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xa8) (async) ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xa8) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x29) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xfffffffffffffffd) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000300)={0xa, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r13, 0x4018aee3, &(0x7f00000000c0)=@attr_other={0x0, 0xf81e, 0x200, 0x0}) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) (async) r14 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x86000001, [0x2, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0x86000000, [0x2, 0x1, 0x2, 0x3, 0x3]}}], 0x80}, 0x0, 0x0) ioctl$KVM_RUN(r15, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) (async) r16 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) (async) r17 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r16, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f0000000280)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x300001e, 0x100010, r16, 0x0) 44m14.847112379s ago: executing program 5 (id=109): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000002c0)=@arm64_sys={0x603000000013df11, &(0x7f0000000280)=0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) close(r6) ioctl$KVM_CREATE_GUEST_MEMFD(r4, 0xc040aed4, &(0x7f0000000000)={0xffffffffffffffff, 0x58c3}) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) 43m57.236550089s ago: executing program 5 (id=111): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x17) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r3, r4, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000080)=@arm64_core={0x6030000000100042, &(0x7f0000000100)=0xc5c5}) r5 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r6, 0xc008aeb0, 0x0) 43m40.526991106s ago: executing program 5 (id=113): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x90) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r6, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="320000008500000040000000000000005000008400000000010000000000000002000000000000000000005600000000ff01000000000000ff010000000000001e00000000000000400000000000000010000000000000000100000001000000e0aa000000000000f7ffffffffffffff00020000000000000001000000000000220100000000000040000000000000000c0000c4000000009c0000000000000002000000000000000100000000000000090000000000000009000000000000000000000000000000180000000000000000000000000000006e0000000000000030000000000000000000000800000000d0ff0000000000008d0b0000000000000200000000000000"], 0x108}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000100)={0x5, 0x18}) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f00000000c0)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000200)=0xa}) ioctl$KVM_HAS_DEVICE_ATTR_vm(r7, 0x4018aee3, 0x0) 43m20.7674488s ago: executing program 5 (id=115): mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VM(r2, 0x400454d0, 0x7ffffffd) (async) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r5, 0x600000c, 0x28031, 0xffffffffffffffff, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x25) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = eventfd2(0x7, 0x800) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000040)={0x1, 0x4, 0x8, r11}) (async) ioctl$KVM_CLEAR_DIRTY_LOG(r7, 0xc018aec0, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) (async) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x13) (async) r13 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@uexit={0x0, 0x18, 0x5}, @hvc={0x32, 0x40, {0xc400000c, [0x85, 0x0, 0x6, 0x40, 0x1]}}, @mrs={0xbe, 0x18, {0x6030000000138015}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x0, 0x399}}, @hvc={0x32, 0x40, {0x84000007, [0x5, 0x800, 0x3, 0x154d, 0x4cc]}}], 0xe0}, &(0x7f0000000380)=[@featur2={0x1, 0x40}], 0x1) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) (async) syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000440)=ANY=[@ANYRES16=r4, @ANYRES16=r7, @ANYRES32=r2], 0x108}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async) ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f00000003c0)=0x5) (async) ioctl$KVM_RUN(r13, 0xae80, 0x0) (async) ioctl$KVM_SET_GSI_ROUTING(r12, 0x4008ae6a, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000000000000c265743c07000000000000000000000081000000faffffffae040000050000000000000000000000000000000000000000000000020000000000000000000000001000000000000040b30000000000000a0000000000000042030000b091000002000000050000000100000000000000da00000000000000020000000000000003000000000000000d00000004000000bfb709952f35efd56fe1f69e0473cd4d5f09ddf6b89654ea7be26c5b7fb9d4677741bb180d7d654abae6cec2567bc70cbdc105039ce5b41d7f423a609ed590c9"]) (async) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f0000000100)={0xc, 0xffff}) 43m2.915459975s ago: executing program 5 (id=117): r0 = openat$kvm(0x0, &(0x7f0000000080), 0xfff20bf68f1e9d2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010002a, &(0x7f00000000c0)=0xc}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r6 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20000000) close(r9) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff}) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe) 42m13.272843214s ago: executing program 36 (id=117): r0 = openat$kvm(0x0, &(0x7f0000000080), 0xfff20bf68f1e9d2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x31) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f0000000100)=@arm64_core={0x603000000010002a, &(0x7f00000000c0)=0xc}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r6 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0x80111500, 0x20000000) close(r9) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0xffffffffffffffff}) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r12, 0xc018aec0, &(0x7f00000000c0)={0x1}) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xe) 37m16.711833894s ago: executing program 4 (id=141): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r1, 0x1000002, 0x22b013, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x9) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_vgic_v3_setup(r3, 0x4, 0x60) syz_kvm_setup_cpu$arm64(r3, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e000000000000004000000000000000000000ef"], 0x80}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2c) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r10, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100018, &(0x7f0000000000)=0x7fffffffffffffff}) r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_STATS_FD_cpu(r11, 0xaece) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0xdc032, 0xffffffffffffffff, 0x0) 36m53.476783652s ago: executing program 4 (id=142): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f0000000300)=@attr_arm64={0x0, 0x0, 0x2, &(0x7f00000002c0)=0x5}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) (async) r5 = syz_kvm_vgic_v3_setup(r1, 0x2, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x4}) (async) ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x7, 0x0, &(0x7f00000000c0)=0x4}) 36m34.977549097s ago: executing program 4 (id=143): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000240)=@arm64_bitmap={0x6030000000160002, &(0x7f00000000c0)=0x3}) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000001"]) r7 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) write$eventfd(0xffffffffffffffff, &(0x7f0000000100)=0x8, 0x8) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000040)=@arm64_sve_vls={0x606000000015ffff, 0x0}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec2000/0x3000)=nil, 0x930, 0x0, 0x12, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x10010, 0xffffffffffffffff, 0x0) 36m16.34506161s ago: executing program 4 (id=144): openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0xfffffffa, 0x80001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000240)={0xffff1000, 0xa000}) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8}) (async) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r4, 0xe}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) (async) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r13, 0xae03, 0x77) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) r14 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000b40)=[@mrs={0xbe, 0x18, {0x603000000013c4cb}}, @code={0xa, 0xb4, {"c0379ed200a0b0f2610080d2c20080d2c30080d2240080d2020000d4000008d580fd83d20020b0f2610080d2420080d2e30180d2240180d2020000d400a8205e007008d540339ad20060b0f2e10080d2c20080d2830080d2640180d2020000d4000028d5000008d500e881d20080b0f2a10080d2a20180d2630180d2440080d2020000d440258fd200a0b8f2810080d2620080d2430180d2e40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x2, 0x8, 0x7, 0xffa7, 0x2}}, @its_setup={0x82, 0x28, {0x800000000001, 0x2, 0x1b8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0xffffffffffffffcf}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x1, 0x7, 0x2, 0x7, 0x2}}, @hvc={0x32, 0x40, {0x80003fff, [0x100000000, 0x8, 0x5, 0x2a4, 0xb1]}}, @eret={0xe6, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x2, 0x2, 0x3, 0x7, 0x2}}, @svc={0x122, 0x40, {0x5000000, [0x2, 0x5, 0x70838e0a, 0x2, 0x3]}}, @msr={0x14, 0x20, {0x603000000013808c, 0xfffffffffffffffd}}, @code={0xa, 0x6c, {"60f28fd20060b8f2a10180d2420080d2c30180d2e40180d2020000d40000309e008008d50000c093007008d50050204e000008d540b098d200c0b8f2a10180d2c20180d2030180d2440080d2020000d40054005f000028d5"}}, @eret={0xe6, 0x18, 0x100000000}, @svc={0x122, 0x40, {0x86000001, [0x1, 0x9, 0x3, 0xfffffffffffffffe, 0x5]}}, @smc={0x1e, 0x40, {0x84000053, [0x9, 0x0, 0xfffffffffffffff9, 0x5, 0x9]}}, @hvc={0x32, 0x40, {0x800, [0x7, 0x1, 0x9e8, 0x2, 0x1]}}, @eret={0xe6, 0x18, 0xffffffff}, @uexit={0x0, 0x18, 0x4}], 0x3c8}, 0x0, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000180)={0x0, &(0x7f0000000200)=[@hvc={0x32, 0x40, {0x80000000, [0xfffffffffffffde8, 0x3ff, 0x1, 0x200000000f, 0x800000b]}}], 0x40}, 0x0, 0x0) 35m48.368930512s ago: executing program 4 (id=145): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000040)=ANY=[@ANYBLOB="8d000000dd6096ea7cb780232c8e8e39de671ac0f2a7c7aa08d20a1392c51bdda102c7906fb1748db9a73ef1a78069f5a98cc5051c654d9a74d435b23a7a40ab03271113ed70433907453a0b9d32b0dc05ff13fd7d30746dfdbde6f8fec6a40f69e6a1d9c37aeded62c27b6e722a355f33094f6cb010a1ca72e3923e98d0a212f4fefcf37fee130a0da682df39e3144075"]) ioctl$KVM_CREATE_VM(r0, 0x401c5820, 0x20000000) 35m35.253643052s ago: executing program 4 (id=146): r0 = eventfd2(0x0, 0x0) close(r0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x6000004, 0x2011, r0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x4000)=nil, 0x930, 0x0, 0x8032, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2000008, 0x13, 0xffffffffffffffff, 0x0) 34m46.222602462s ago: executing program 37 (id=146): r0 = eventfd2(0x0, 0x0) close(r0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000200)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160000, &(0x7f00000000c0)=0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, 0x930, 0x6000004, 0x2011, r0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0xffffffffffffff94) r5 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x29) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x4000)=nil, 0x930, 0x0, 0x8032, r8, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2000008, 0x13, 0xffffffffffffffff, 0x0) 33m56.525595144s ago: executing program 6 (id=120): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x6) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r8, 0x400454d9, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xc0189436, 0x172) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000140)={0xd0ad, 0xf000, 0x1, 0xffffffffffffffff, 0x2}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r9 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000100)={0x3, 0x2bf8}) r10 = eventfd2(0x0, 0x0) close(r10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r9, 0xae04) mmap$KVM_VCPU(&(0x7f0000008000/0x3000)=nil, r11, 0x8, 0x40010, r10, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x27) r14 = syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000000)={0x0, &(0x7f0000000880)=[@svc={0x122, 0x40, {0x84000002, [0xac26, 0x943, 0x10001, 0x4, 0x2abc]}}, @code={0xa, 0x9c, {"008008d5000028d50060206e801c9fd20000b8f2a10180d2220180d2030180d2c40080d2020000d4802d8bd20040b0f2210080d2420080d2230180d2040080d2020000d4806795d20080b8f2010080d2c20080d2630180d2a40180d2020000d4201397d20040b0f2610080d2c20180d2c30080d2840180d2020000d40088201e0000df0d000028d5"}}, @eret={0xe6, 0x18, 0x400000000000e9}, @irq_setup={0x46, 0x18, {0x4, 0x2d0}}, @smc={0x1e, 0x40, {0x400, [0x80, 0x800, 0x4, 0x9, 0x4]}}, @code={0xa, 0x84, {"0004002f003292d20040b0f2010180d2820080d2830180d2a40180d2020000d4000008d5000008d5008008d5007008d5804d93d200e0b8f2210080d2220180d2230180d2040180d2020000d4a00e93d20060b8f2210080d2e20180d2230080d2640080d2020000d4000cc0380000699e"}}, @msr={0x14, 0x20, {0x603000000013801a, 0x8}}, @mrs={0xbe, 0x18, {0xc060000000278a40}}, @svc={0x122, 0x40, {0x84000001, [0x9, 0x2, 0x7, 0x101, 0x6]}}, @memwrite={0x6e, 0x30, @generic={0x2000, 0x502, 0x6, 0x7}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1400, 0x9, 0x8}}, @mrs={0xbe, 0x18, {0x603000000013e218}}, @svc={0x122, 0x40, {0x4000002, [0x3, 0x3d3, 0x3, 0x0, 0x4]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x29c}}, @smc={0x1e, 0x40, {0x86000000, [0x9, 0x5bbc, 0x8000000000000000, 0x8, 0x576f]}}, @smc={0x1e, 0x40, {0x20, [0x7eea, 0x8001, 0x8, 0x5, 0x1000]}}, @smc={0x1e, 0x40, {0x40, [0x30, 0x9, 0x746, 0x7, 0x8]}}, @mrs={0xbe, 0x18, {0x603000000013e648}}, @msr={0x14, 0x20, {0x603000000013c684, 0x43bb}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x80, 0x1, 0x3}}, @mrs={0xbe, 0x18, {0x603000000013c031}}, @smc={0x1e, 0x40, {0x6000000, [0x10, 0x8, 0x4000000000, 0x7, 0x3]}}, @smc={0x1e, 0x40, {0x20, [0x6, 0x8, 0x1, 0x5, 0x5]}}, @mrs={0xbe, 0x18, {0x603000000013dce8}}, @irq_setup={0x46, 0x18, {0x3, 0x355}}, @smc={0x1e, 0x40, {0x8400000e, [0x6f, 0x6, 0x5, 0x1, 0x100000000]}}, @memwrite={0x6e, 0x30, @generic={0x3000, 0xe48, 0xc0, 0xa}}, @mrs={0xbe, 0x18, {0x603000000013e6d5}}, @hvc={0x32, 0x40, {0x84000009, [0x8000000000000000, 0x8000000000000001, 0x2, 0x4, 0x5]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x160}}, @msr={0x14, 0x20, {0x603000000013e6ca, 0xffff}}], 0x628}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r13, 0x40000000000004, 0xc0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r16, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r15, 0xae80, 0x0) 33m36.136625204s ago: executing program 6 (id=148): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x23) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f00000000c0)) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r11 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_STATS_FD_vm(r14, 0xaece) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r16 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r12, 0xc000) syz_kvm_assert_syzos_uexit$arm64(r16, 0x0) r17 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r18 = syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r1, 0x4, 0x97f88e4044b6df6c) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r18, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) 32m47.445084972s ago: executing program 38 (id=148): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x23) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f00000000c0)) r7 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000100)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r11 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_STATS_FD_vm(r14, 0xaece) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r16 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r12, 0xc000) syz_kvm_assert_syzos_uexit$arm64(r16, 0x0) r17 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r18 = syz_kvm_add_vcpu$arm64(r17, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r1, 0x4, 0x97f88e4044b6df6c) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r18, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000280)={0x14, 0xff, 0x1}}) 23m46.673469235s ago: executing program 8 (id=158): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1) syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x161642, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8000002000000) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, &(0x7f0000000400)=[@mrs={0xbe, 0x18, {0x228f}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0xd, 0xb, 0x8, 0x3}}, @msr={0x14, 0x20, {0x6030000000138045, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x193}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138066, 0x6}}, @irq_setup={0x46, 0x18, {0x1, 0x1ea}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x8, 0x3, 0x1f2, 0x2}}, @msr={0x14, 0x20, {0x603000000013802e, 0x1}}, @svc={0x122, 0x40, {0x3f000000, [0x40, 0xad12, 0x8, 0x34b, 0x4]}}, @code={0xa, 0x6c, {"0008607c007008d500f4000f20ca8bd20040b8f2410080d2620180d2630080d2240180d2020000d4007008d5000008d560488bd200c0b0f2010080d2e20080d2e30080d2a40180d2020000d4000028d5000080920004007c"}}, @irq_setup={0x46, 0x18, {0x3, 0x204}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x80002000, [0x79c8, 0x40, 0x9]}}], 0x23c}, 0x0, 0x0) (async) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000140)={0x0, &(0x7f0000000400)=[@mrs={0xbe, 0x18, {0x228f}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x2, 0xd, 0xb, 0x8, 0x3}}, @msr={0x14, 0x20, {0x6030000000138045, 0x4}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x193}}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x6030000000138066, 0x6}}, @irq_setup={0x46, 0x18, {0x1, 0x1ea}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x3, 0x8, 0x3, 0x1f2, 0x2}}, @msr={0x14, 0x20, {0x603000000013802e, 0x1}}, @svc={0x122, 0x40, {0x3f000000, [0x40, 0xad12, 0x8, 0x34b, 0x4]}}, @code={0xa, 0x6c, {"0008607c007008d500f4000f20ca8bd20040b8f2410080d2620180d2630080d2240180d2020000d4007008d5000008d560488bd200c0b0f2010080d2e20080d2e30080d2a40180d2020000d4000028d5000080920004007c"}}, @irq_setup={0x46, 0x18, {0x3, 0x204}}, @eret={0xe6, 0x18, 0x6}, @smc={0x1e, 0x40, {0x80002000, [0x79c8, 0x40, 0x9]}}], 0x23c}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r11, 0x3, 0x11, r10, 0x0) syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) (async) syz_kvm_add_vcpu$arm64(r1, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r12 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000cb1000/0x1000)=nil, r12, 0x2000000, 0x11, r8, 0x0) r13 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) 23m42.270030562s ago: executing program 7 (id=159): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) (async) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async, rerun: 64) syz_kvm_vgic_v3_setup(r2, 0x2, 0x220) (async, rerun: 64) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4b833, r0, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) 23m22.147496346s ago: executing program 7 (id=160): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000400)={0x0, &(0x7f0000000000)=[@code={0xa, 0x6c, {"0028200e0080201f0068212e000840780000006dc06f89d20000b8f2410080d2420080d2430180d2a40180d2020000d4009c006f00b8202e208a85d20000b8f2c10180d2020080d2430180d2840080d2020000d40040005e"}}, @svc={0x122, 0x40, {0x8, [0x2, 0x6, 0x4, 0x1000, 0x4]}}, @uexit={0x0, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x0, 0x3, 0x2c80, 0x8, 0x2}}, @svc={0x122, 0x40, {0x86000000, [0x4, 0x3, 0x7, 0x8001, 0x5]}}, @eret={0xe6, 0x18, 0xadb}, @svc={0x122, 0x40, {0xc4000011, [0x5, 0xffffffffffffff79, 0x3, 0x100000001, 0xd]}}, @code={0xa, 0x9c, {"0000406940db8ad20040b0f2c10180d2a20080d2e30080d2040080d2020000d4402485d20060b0f2c10080d2220080d2430180d2840180d2020000d4008008d5403e84d20060b8f2e10180d2220080d2a30080d2e40180d2020000d49f3003d5008008d5006f87d20060b8f2e10180d2820180d2430180d2c40080d2020000d4001ca00e007008d5"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0xf, 0x6, 0x7fff, 0x4}}, @code={0xa, 0x84, {"000000f1007008d520ca88d20040b0f2810180d2a20080d2630080d2040080d2020000d4206c8ed20080b0f2810080d2220080d2c30180d2e40080d2020000d43f2003d5008008d5007008d5c0fd82d200c0b8f2210080d2820180d2430080d2440180d2020000d4000008d5008008d5"}}, @mrs={0xbe, 0x18, {0x6030000000138016}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x0, 0x5, 0x5, 0x5}}, @code={0xa, 0x6c, {"007008d500b187d20040b0f2210080d2620080d2430180d2640180d2020000d4000028d500fc4093008008d5008008d50090204e007008d580468cd200a0b8f2010180d2220080d2830180d2040080d2020000d4000880b8"}}, @code={0xa, 0x84, {"606b87d200c0b0f2a10080d2620080d2830180d2640080d2020000d40000803c0000c0da0034200e000028d50004c05a008008d5e07289d20060b8f2e10080d2e20180d2430080d2640180d2020000d4605b89d20000b8f2e10180d2020180d2030080d2a40180d2020000d4000008d5"}}], 0x3fc}, &(0x7f0000000440)=[@featur2={0x1, 0x81}], 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, r1, 0x1000008, 0x110, r2, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000940)={0x0, &(0x7f0000000480)=[@uexit={0x0, 0x18, 0x7}, @code={0xa, 0x6c, {"000008d5000028d5008008d5000008d5007008d5e09180d20000b8f2610080d2020180d2a30180d2c40080d2020000d4007008d5000008d5007008d5c0e99fd20000b0f2610080d2620080d2e30080d2240180d2020000d4"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x80, 0x5, 0x3}}, @eret={0xe6, 0x18, 0x401}, @eret={0xe6, 0x18, 0x4}, @its_send_cmd={0xaa, 0x28, {0x8, 0x1, 0x0, 0x9, 0x80000001, 0x8, 0x3}}, @code={0xa, 0x3c, {"007008d50000799e000028d50048217e008008d50000301e007008d5008008d5007008d5007008d5"}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x350}}, @svc={0x122, 0x40, {0x2, [0x6, 0x8, 0x2, 0x9, 0xfa28]}}, @uexit={0x0, 0x18, 0x90000000000}, @msr={0x14, 0x20, {0x603000000013de92, 0x4}}, @svc={0x122, 0x40, {0x80000000, [0x1, 0x8000000000000000, 0x8000000000000001, 0xec, 0x1077]}}, @mrs={0xbe, 0x18, {0x603000000013dee2}}, @svc={0x122, 0x40, {0x80, [0x6d3, 0xb7, 0x2, 0x1, 0x9]}}, @its_setup={0x82, 0x28, {0x4, 0x0, 0x2b5}}, @its_send_cmd={0xaa, 0x28, {0x0, 0x0, 0x3, 0x0, 0x6, 0x1, 0x1}}, @msr={0x14, 0x20, {0x603000000013df77, 0x5}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0x2}}, @code={0xa, 0x84, {"804e86d200e0b8f2810080d2a20080d2a30080d2040080d2020000d4003c004e0008c078406189d200a0b8f2e10080d2820180d2230180d2240080d2020000d4e0a299d200e0b8f2810180d2820180d2230180d2440080d2020000d4000028d5007008d5007008d50070000c0080c088"}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x180}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x1, 0x4, 0x5, 0x8, 0x1}}, @its_setup={0x82, 0x28, {0x3, 0x0, 0x1e9}}, @hvc={0x32, 0x40, {0x4, [0x9, 0x7fff, 0x7fffffff, 0x80000000, 0x6]}}, @mrs={0xbe, 0x18, {0x603000000013e4c8}}, @irq_setup={0x46, 0x18, {0x3, 0x1f9}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x3b9}}], 0x4b4}, &(0x7f0000000980)=[@featur2={0x1, 0x77}], 0x1) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) r6 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000d80)=[{0x0, &(0x7f00000009c0)=[@its_setup={0x82, 0x28, {0x1, 0x3, 0xd1}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x1, 0x3, 0x1, 0x1760, 0xd, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x400, 0x8001, 0xa}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0xc00, 0x4, 0x3}}, @svc={0x122, 0x40, {0x8400000e, [0x6, 0x4, 0x1, 0xfffffffffffff3e7, 0xf6f000000]}}, @code={0xa, 0x84, {"c0e384d200c0b0f2c10080d2620080d2230080d2c40080d2020000d4007008d5c08184d200c0b0f2e10180d2a20080d2030180d2840080d2020000d4007008d50000001120db82d200a0b0f2410180d2c20080d2c30080d2e40080d2020000d4007008d5000c40f800a4000d0000031e"}}, @uexit={0x0, 0x18, 0xb0}, @smc={0x1e, 0x40, {0x86000001, [0x7, 0xffff, 0x100000001, 0x4, 0xd]}}, @smc={0x1e, 0x40, {0x80000014, [0x0, 0x4, 0x2, 0x6, 0x8966]}}, @eret={0xe6, 0x18, 0x80}, @eret={0xe6, 0x18, 0x1}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x2c5}}, @eret={0xe6, 0x18, 0x101}, @eret={0xe6, 0x18}, @smc={0x1e, 0x40, {0x5000000, [0x1, 0x401, 0x6, 0x4, 0x100000001]}}, @svc={0x122, 0x40, {0xc4000005, [0x7, 0xffffffffffffffff, 0x5, 0x26d, 0xf7a6]}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x9f}}, @irq_setup={0x46, 0x18, {0x1, 0x38}}, @svc={0x122, 0x40, {0x86000001, [0xffffffffffffffff, 0x8, 0x2, 0x2, 0x6]}}], 0x3ac}], 0x1, 0x0, &(0x7f0000000dc0)=[@featur2={0x1, 0xc}], 0x1) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0xffffffff00000000) ioctl$KVM_INTERRUPT(r7, 0x4004ae86, &(0x7f0000000e00)=0x7) eventfd2(0x4, 0x80800) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000e80)=@attr_other={0x0, 0x93, 0x4, &(0x7f0000000e40)=0x9}) ioctl$KVM_PPC_ALLOCATE_HTAB(r5, 0xc004aea7, &(0x7f0000000ec0)=0x10001) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r5, 0x4068aea3, &(0x7f0000000f00)={0xe4, 0x0, 0x2}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f0000000f80)={0x1, 0x2}) r8 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000001000)={0x0, &(0x7f0000000fc0)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x90, 0x2, 0x4}}], 0x30}, &(0x7f0000001040)=[@featur1={0x1, 0x16}], 0x1) close(r8) r9 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000001640)={0x0, &(0x7f0000001080)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x400, 0xffffffff80000000, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x5}}, @uexit={0x0, 0x18, 0x6}, @hvc={0x32, 0x40, {0x84000050, [0xb, 0x7, 0x8, 0xc, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x1, 0x5, 0x9, 0x4}}, @code={0xa, 0xb4, {"405688d20080b8f2a10080d2c20080d2c30080d2040180d2020000d4007008d50038205ea06987d20080b8f2a10080d2220080d2c30180d2a40080d2020000d4007008d560b381d20040b0f2010180d2820180d2430180d2e40180d2020000d400d0000fe0d790d20000b0f2c10180d2820080d2e30080d2640080d2020000d4a0a496d200e0b0f2e10180d2020180d2230180d2c40180d2020000d4008008d5"}}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x52}}, @irq_setup={0x46, 0x18, {0x2, 0x1c9}}, @hvc={0x32, 0x40, {0x800, [0x7ff, 0xe199, 0x2, 0x9, 0x3]}}, @smc={0x1e, 0x40, {0x84000006, [0x5, 0x1, 0xfffffffffffffffd, 0x40, 0x268cfc29]}}, @msr={0x14, 0x20, {0x20}}, @smc={0x1e, 0x40, {0xc4000001, [0xca35, 0x7fff, 0x0, 0x3, 0x8]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x10, 0x9, 0x3ff}}, @svc={0x122, 0x40, {0x20, [0x9, 0x7, 0x9, 0x6, 0x3ff]}}, @smc={0x1e, 0x40, {0x4000000, [0xd, 0x0, 0x8000, 0x4]}}, @eret={0xe6, 0x18, 0x7}, @svc={0x122, 0x40, {0x32000000, [0x4, 0x7, 0x10000, 0x0, 0x4]}}, @code={0xa, 0x6c, {"204b80d200a0b0f2c10080d2820080d2630180d2e40080d2020000d40040204e007008d500d8a05e007008d5007008d5000028d5e0fb88d20060b8f2410180d2a20180d2630180d2a40080d2020000d4008008d5008008d5"}}, @mrs={0xbe, 0x18, {0x603000000013df43}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x0, 0x1, 0x4, 0x2, 0xa8, 0x4}}, @msr={0x14, 0x20, {0x603000000013deff, 0x4}}, @irq_setup={0x46, 0x18, {0x3, 0x3b6}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x280, 0x8}}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x2, 0x3c6}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x34d}}, @irq_setup={0x46, 0x18, {0x1, 0x2a7}}, @mrs={0xbe, 0x18, {0x603000000013df12}}, @smc={0x1e, 0x40, {0x80000000, [0x9, 0x6, 0x7, 0xffffffffffffff6c, 0x7]}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x3, 0x4, 0xac, 0x7, 0x4}}, @eret={0xe6, 0x18, 0x7fffffff}], 0x5b8}, &(0x7f0000001680)=[@featur2={0x1, 0x47}], 0x1) syz_kvm_setup_cpu$arm64(r5, r9, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000001cc0)=[{0x0, &(0x7f00000016c0)=[@msr={0x14, 0x20, {0x603000000013e0d0, 0x6}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0xed}}, @msr={0x14, 0x20, {0x603000000013def1, 0x27ad}}, @smc={0x1e, 0x40, {0x40000000, [0x3, 0x76da, 0x4, 0x61f9, 0xfffffffffffffffb]}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x9c}}, @msr={0x14, 0x20, {0x603000000013e708, 0x8000000000000001}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x3, 0x1, 0x3}}, @hvc={0x32, 0x40, {0x8400000e, [0x2, 0x100000000, 0x2, 0x7, 0x1]}}, @smc={0x1e, 0x40, {0x84000012, [0x1, 0x3, 0xfff, 0x1, 0x80000001]}}, @uexit={0x0, 0x18, 0x2}, @mrs={0xbe, 0x18, {0x6030000000138015}}, @hvc={0x32, 0x40, {0x84000011, [0xf0, 0x80000000, 0xd0d2, 0x6964, 0x8]}}, @msr={0x14, 0x20, {0x603000000013df6d, 0x100}}, @mrs={0xbe, 0x18, {0x603000000013c039}}, @hvc={0x32, 0x40, {0x84000005, [0x0, 0x10001, 0x3, 0x800, 0x2]}}, @uexit={0x0, 0x18, 0x3}, @irq_setup={0x46, 0x18, {0x2, 0x314}}, @code={0xa, 0xb4, {"0040621ea00198d20000b0f2a10080d2c20080d2230180d2040180d2020000d400800008000008d5007008d5a06f8ed200a0b8f2e10080d2220180d2c30080d2440180d2020000d480ab84d20020b0f2410080d2220180d2230080d2240180d2020000d420f590d20040b8f2210180d2620180d2830080d2e40180d2020000d4007008d5c00291d20060b0f2a10180d2020180d2830080d2640180d2020000d4"}}, @hvc={0x32, 0x40, {0x2000000, [0x8000000000000000, 0x2, 0x2, 0x8000000000000001, 0x1000]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x37f}}, @uexit={0x0, 0x18, 0xed85}, @smc={0x1e, 0x40, {0x84000009, [0x2, 0x5, 0xc, 0x7ff, 0x1]}}, @its_setup={0x82, 0x28, {0x3, 0x3, 0x120}}, @smc={0x1e, 0x40, {0x8400000a, [0x4, 0xffffffff, 0x4, 0x6, 0xc1]}}, @smc={0x1e, 0x40, {0xc4000003, [0xe7a5, 0x2, 0x4, 0xffffffffffffffff, 0x262]}}, @hvc={0x32, 0x40, {0xa1af3296726806b0, [0x9, 0x6, 0x6b, 0xfffffffffffffff7, 0x2]}}, @eret={0xe6, 0x18, 0x8000000000000000}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x2, 0x2, 0x117}}, @mrs={0xbe, 0x18, {0x603000000013def7}}, @hvc={0x32, 0x40, {0xc4000005, [0xf8, 0x7, 0x10, 0x0, 0x8]}}, @mrs={0xbe, 0x18, {0x1dea}}], 0x5d4}], 0x1, 0x0, &(0x7f0000001d00)=[@featur2={0x1, 0x2}], 0x1) r10 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2c) ioctl$KVM_IRQ_LINE(r10, 0x4008ae61, &(0x7f0000001d40)={0x5, 0x40}) ioctl$KVM_ARM_PREFERRED_TARGET(r6, 0x8020aeaf, &(0x7f0000001d80)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_GET_DIRTY_LOG(r10, 0x4010ae42, &(0x7f0000001dc0)={0x1f9, 0x0, &(0x7f0000e3e000/0x3000)=nil}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) 23m19.668573856s ago: executing program 8 (id=161): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x4, 0x0, 0x0, 0x2}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 23m5.40497994s ago: executing program 7 (id=162): ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4000ae84, &(0x7f0000000000)={{0x6000, 0x100000, 0x3, 0x5, 0x0, 0x0, 0xfe, 0x11, 0x20, 0x9, 0x6, 0x32}, {0x80a0000, 0x0, 0x0, 0x5, 0xb3, 0x1, 0x1, 0xeb, 0x4, 0x3, 0xf9, 0x6}, {0xdddd1000, 0xeeee8000, 0x3, 0x1, 0xff, 0x5, 0xa, 0x4b, 0xc, 0x1, 0x10, 0x7}, {0x10000, 0xd05687f65f94278d, 0x3, 0xff, 0xa5, 0xc5, 0x6, 0x5, 0xa, 0x2, 0x33, 0x7}, {0x0, 0xdddd0000, 0x2, 0x9, 0xd, 0xa, 0x6, 0x5, 0x10, 0x2, 0x0, 0xe}, {0x1000, 0x8000000, 0xb, 0x3, 0x7, 0x0, 0x2, 0xc, 0x3, 0x2, 0x5, 0x6}, {0xdddd0000, 0x0, 0xc, 0x8, 0xef, 0x9b, 0x2, 0x80, 0xd, 0x2, 0x1, 0x7}, {0xf000, 0x80a0000, 0x9, 0x7, 0x7, 0xe0, 0x40, 0x0, 0x4, 0xc, 0x7, 0x5}, {0x2, 0x81}, {0x0, 0x8}, 0x20000000, 0x0, 0xeeef0000, 0x4000, 0x3, 0x8000, 0x6000, [0x7, 0x0, 0x5, 0x8]}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = ioctl$KVM_GET_STATS_FD_cpu(r0, 0xaece) write$eventfd(r1, &(0x7f0000000140)=0x2, 0x8) ioctl$KVM_PRE_FAULT_MEMORY(r0, 0xc040aed5, &(0x7f0000000180)={0x0, 0xc000}) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000200)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f00000001c0)=0xda}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(r2, 0x4004aec2, &(0x7f0000000240)=0x6) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000280)={0x3}) syz_kvm_setup_cpu$arm64(r1, r1, &(0x7f0000bfe000/0x400000)=nil, &(0x7f0000000540)=[{0x0, &(0x7f00000002c0)=[@code={0xa, 0x6c, {"40a780d20060b8f2810180d2020180d2030080d2840080d2020000d4805789d200a0b8f2210180d2620180d2430180d2040080d2020000d40000289e000008d5000040f81f0020ab007008d5007008d50050204e007008d5"}}, @irq_setup={0x46, 0x18, {0x4, 0x131}}, @eret={0xe6, 0x18, 0xffffffffffffffc3}, @mrs={0xbe, 0x18, {0x603000000013c2a5}}, @msr={0x14, 0x20, {0x603000000013df49, 0x4}}, @eret={0xe6, 0x18, 0x7}, @smc={0x1e, 0x40, {0xffff, [0x7, 0x7fffffff, 0x204, 0xd15c, 0xfffffffffffffff0]}}, @its_setup={0x82, 0x28, {0x1, 0x4, 0x3cd}}, @memwrite={0x6e, 0x30, @generic={0x5000, 0xeb2, 0x4}}, @irq_setup={0x46, 0x18, {0x0, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x1, 0x0, 0xf, 0x5, 0x10, 0x1}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x19d}}, @smc={0x1e, 0x40, {0x84000003, [0x400, 0x0, 0x3, 0xe9fd, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013e6d5}}, @msr={0x14, 0x20, {0x603000000013df6b, 0xb0}}], 0x264}], 0x1, 0x0, &(0x7f0000000580)=[@featur2={0x1, 0xca}], 0x1) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f00000005c0)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000fe7000/0x2000)=nil, 0x5, r1}) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = mmap$KVM_VCPU(&(0x7f0000d3a000/0x2000)=nil, r3, 0x8, 0x11, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r5, 0x20, &(0x7f0000000680)="4ff55c6563564c2cdc2fc4ee8f7781e40b711d6c7f3854a0dc80c5b996cce2e7548fe63bf2c9e232ea48e403509f58297f13ee5342232b097aa5ed931b06fab03ac1f3bd5535d9a6", 0x0, 0x48) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000740)=@arm64_fp={0x604000000010006b, &(0x7f0000000700)=0x9}) syz_kvm_vgic_v3_setup(r1, 0x4, 0x140) ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000000780)={0x0, 0x4}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000d00)={0x0, &(0x7f00000007c0)=[@code={0xa, 0x6c, {"0000c02840b199d200e0b0f2210080d2620180d2230180d2240080d2020000d4609f90d200c0b0f2010080d2c20180d2c30080d2440080d2020000d400d8a02e000008d5000000b1000008d5000008d5007008d500809f0c"}}, @hvc={0x32, 0x40, {0x2000000, [0xa4e3, 0x3, 0x7, 0x5, 0x7]}}, @svc={0x122, 0x40, {0x0, [0x3, 0x3, 0x0, 0x389, 0x9]}}, @hvc={0x32, 0x40, {0x31000000, [0x3, 0x8, 0x6, 0xb9e, 0x1]}}, @hvc={0x32, 0x40, {0x2, [0x5, 0x7, 0x659a, 0x3, 0xfffffffffffffff2]}}, @hvc={0x32, 0x40, {0x0, [0x20b, 0x2, 0xe, 0x236, 0x6]}}, @msr={0x14, 0x20, {0x13f0f23bcfdb8d2c}}, @mrs={0xbe, 0x18, {0x603000000013c4cd}}, @code={0xa, 0x54, {"000008d5007008d5000008d5000028d5007008d5e03584d20060b8f2410180d2820180d2230180d2e40180d2020000d4000008d50000281e0038200e0008207c"}}, @svc={0x122, 0x40, {0x5000000, [0x7, 0x2, 0x0, 0x6, 0xfffff80000000000]}}, @smc={0x1e, 0x40, {0xc400000c, [0x8, 0x7, 0x4, 0x1000, 0x1]}}, @code={0xa, 0x54, {"007008d50024002f000000ca007008d5008008d50000003a007008d5202d9bd200c0b8f2410080d2e20080d2a30080d2640080d2020000d400000033007008d5"}}, @its_setup={0x82, 0x28, {0x0, 0x3, 0x29a}}, @irq_setup={0x46, 0x18, {0x4, 0x27d}}, @hvc={0x32, 0x40, {0x800, [0x1000, 0x10001, 0x1, 0x180, 0x5]}}, @its_setup={0x82, 0x28, {0x1, 0x1, 0x267}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x96}}, @mrs={0xbe, 0x18, {0x603000000013deb6}}, @svc={0x122, 0x40, {0x3f000000, [0x400, 0x401, 0x101, 0x7, 0x96]}}, @svc={0x122, 0x40, {0x80003fff, [0x400, 0x1, 0x8000, 0x3, 0x7fffffffffffffff]}}, @code={0xa, 0x84, {"000028d5e0f395d20000b0f2610080d2220080d2a30080d2c40080d2020000d4007008d50000c093409894d200a0b8f2210080d2e20180d2230080d2e40180d2020000d4007008d50098a10e0004c05aa0de92d200c0b8f2610180d2020080d2630080d2a40180d2020000d4000008d5"}}, @memwrite={0x6e, 0x30, @generic={0x2, 0x747, 0x2, 0x2}}], 0x528}, &(0x7f0000000d40)=[@featur1={0x1, 0x18}], 0x1) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2f) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000bfe000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000d80)={0x101ff, 0x2, 0x2, 0x1000, &(0x7f0000ddb000/0x1000)=nil}) syz_kvm_vgic_v3_setup(r7, 0x4, 0x40) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000e00)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000000dc0)=0x101}) ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f0000000e40)={0x10200, 0x0, &(0x7f0000cfc000/0x3000)=nil}) r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x34) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000e80)={0x7ff, 0x101}) ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000ec0)={0x5000, 0x18000}) ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000000f00)={0x86, "404a46a60799b72926afe19736c6a5013c63f13cdd4a0c2a02efd0c83cc21b9672ea9057dad4b776c611fbdc27e985e1251fa8e251fbb5f0270ad093f43f3f42aca10f82bab80e2b761746241e2851fc150e663141a7ae6653ff728be3b166ba8bb3293dc6cfdf7fb20cf0a46ad4ea07b6706d13809f3b82cadb6a6660e2a80196942ab5dd66"}) 23m0.76805613s ago: executing program 8 (id=163): openat$kvm(0x0, &(0x7f0000000100), 0x82001, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000100), 0x82001, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x6) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x3000007, 0x2012, r0, 0x0) 22m49.035366902s ago: executing program 7 (id=164): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x9610, 0x7fff, 0x0}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r5, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000000)=0x10}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, &(0x7f0000000000)=0x1b}) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000000140)={0x6, 0x326780be}) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f0000000100)={0xf000, 0x11000}) 22m45.958008228s ago: executing program 8 (id=165): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000100)={0x0, 0x0}, &(0x7f00000001c0)=[@featur2={0x1, 0x24}], 0x1) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) syz_kvm_vgic_v3_setup(r5, 0x1, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000040)=0xe7}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f00000000c0)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000080)=0x30}) r8 = eventfd2(0x0, 0x0) close(r8) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r8, &(0x7f0000000180)=0x5, 0xfffffde3) 22m22.687969917s ago: executing program 8 (id=166): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, &(0x7f0000000380)}, &(0x7f0000000300)=[@featur1={0x1, 0x3a}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000) 22m21.533763705s ago: executing program 7 (id=167): openat$kvm(0xffffffffffffff9c, 0x0, 0x18b080, 0x0) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f00005b7000/0x400000)=nil) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x8, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000000c0)=@attr_other={0x0, 0x8, 0xa, 0x0}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) 22m5.803221654s ago: executing program 8 (id=168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r4, 0x2000009, 0x11, r2, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0) 22m3.622916178s ago: executing program 7 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1}) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 21m17.284856881s ago: executing program 39 (id=168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x33) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x2000)=nil, r4, 0x2000009, 0x11, r2, 0x0) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x1800002, 0x11, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, 0xffffffffffffffff, 0x0) 21m7.063545681s ago: executing program 40 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_irq_timer={0x0, 0x1, 0x1, 0x0}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1}) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)=@arm64_core={0x603000000010004a, 0x0}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) 1m53.390143628s ago: executing program 0 (id=198): ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000000)) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_other={0x0, 0x8, 0x0, &(0x7f0000000300)=0x137}) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 1m34.183345506s ago: executing program 0 (id=199): syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0x84}}], 0x28}, &(0x7f0000000080)=[@featur1={0x1, 0x14}], 0x1) (async) r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0x84}}], 0x28}, &(0x7f0000000080)=[@featur1={0x1, 0x14}], 0x1) ioctl$KVM_ARM_VCPU_INIT(r0, 0x4020aeae, &(0x7f00000000c0)={0x5, 0xeb}) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000100)=0x25) (async) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000100)=0x25) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31) syz_kvm_setup_cpu$arm64(r1, r0, &(0x7f0000bff000/0x400000)=nil, &(0x7f0000000880)=[{0x0, &(0x7f0000000140)=[@hvc={0x32, 0x40, {0x47000023, [0x74f, 0xf, 0x1, 0x0, 0x4]}}, @smc={0x1e, 0x40, {0xc4000003, [0x0, 0x0, 0x4, 0x2, 0x5]}}, @uexit={0x0, 0x18, 0x4f84779d}, @mrs={0xbe, 0x18, {0x6030000000138010}}, @mrs={0xbe, 0x18, {0x2ba5}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x0, 0xffffffffffffbf65, 0xa}}, @svc={0x122, 0x40, {0xc400000c, [0x0, 0x10, 0x4, 0x8, 0x7]}}, @code={0xa, 0xb4, {"007008d5e01c91d20040b8f2e10180d2220180d2830180d2640080d2020000d4c00f92d20000b8f2c10080d2a20080d2430080d2240080d2020000d40008a07800c594d20020b0f2c10080d2420080d2430080d2840080d2020000d4003d93d20060b8f2c10080d2c20180d2a30080d2440080d2020000d40028217ec03e87d20060b8f2a10080d2620080d2230180d2e40080d2020000d4002c207e007008d5"}}, @smc={0x1e, 0x40, {0x2, [0x5, 0x21, 0xffffffffffffffeb, 0xa012849, 0x7]}}, @smc={0x1e, 0x40, {0x84000012, [0x3, 0xc, 0xff, 0x80000000, 0xc]}}, @its_send_cmd={0xaa, 0x28, {0x55f47df7cb241a9d, 0x0, 0x1, 0x2, 0x80, 0x0, 0x2}}, @code={0xa, 0x9c, {"009c007f000028d5e07191d200a0b0f2810180d2820080d2c30180d2e40180d2020000d4000008d500a0800d20618fd200e0b0f2010080d2a20180d2c30080d2240080d2020000d440598ad20060b8f2610180d2020180d2830080d2640080d2020000d4806d8ad20040b8f2e10080d2220180d2c30180d2640080d2020000d4008008d5000008d5"}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x0, 0x3, 0x9a, 0x8d0e, 0x2}}, @irq_setup={0x46, 0x18, {0x4, 0x2a9}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x70, 0xa}}, @hvc={0x32, 0x40, {0x84000050, [0x600000000000000, 0x9, 0x83, 0x3, 0xe118]}}, @code={0xa, 0x54, {"806c83d20040b0f2c10180d2620080d2430080d2440180d2020000d4008008d500f8302e008008d5008008d5008008d50030202e0090802f0004801a0000181e"}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x2d7}}, @mrs={0xbe, 0x18, {0x603000000013def6}}, @msr={0x14, 0x20, {0x603000000013df7a, 0x8}}, @hvc={0x32, 0x40, {0x8000, [0x200, 0x3, 0xcd, 0x5, 0x7]}}, @eret={0xe6, 0x18}, @msr={0x14, 0x20, {0x603000000013e6cf}}, @hvc={0x32, 0x40, {0x84000051, [0x6, 0x2, 0x7, 0x1e2, 0xfffffffffffffffd]}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x38}}, @eret={0xe6, 0x18, 0x1}, @smc={0x1e, 0x40, {0x84000052, [0xfffffffffffffff8, 0x7, 0x6, 0x9, 0x6]}}, @mrs={0xbe, 0x18, {0x6030000000139e01}}, @code={0xa, 0x9c, {"000008d5000028d5e0c490d20020b8f2a10080d2220080d2830180d2640180d2020000d40094002fa05181d20060b8f2c10080d2420180d2030180d2840080d2020000d400d8210e007008d5607386d20020b0f2e10080d2820080d2030180d2240180d2020000d4008008d5403391d20040b8f2a10080d2220080d2e30180d2440180d2020000d4"}}, @svc={0x122, 0x40, {0x400, [0x7fffffff, 0xe0d0, 0x3bd, 0x4, 0x9b0]}}, @uexit={0x0, 0x18, 0x7fffffffffffffff}], 0x708}], 0x1, 0x0, &(0x7f00000008c0)=[@featur2={0x1, 0xf}], 0x1) r2 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x7f, 0x8080000, 0x1, r2, 0x4}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000940), 0x400, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000940), 0x400, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000980)={0xdf, 0x0, 0x1000}) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000a00)={0xdf, 0x0, 0x1a000}) (async) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000a00)={0xdf, 0x0, 0x1a000}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000f00)={0x0, &(0x7f0000000a80)=[@irq_setup={0x46, 0x18, {0x4, 0x29c}}, @msr={0x14, 0x20, {0x603000000013f102}}, @msr={0x14, 0x20, {0x603000000013df76, 0x418}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8180000, 0x0, 0x80000001, 0x4}}, @code={0xa, 0xb4, {"000008d580808ad20000b8f2e10080d2c20180d2e30080d2c40180d2020000d4a08688d20000b0f2610080d2020180d2630180d2040180d2020000d4e0829bd20040b0f2610180d2c20180d2e30080d2640080d2020000d4008008d5e0ee97d20080b0f2610180d2820180d2030180d2440080d2020000d400d8217e0038202ee05a92d20000b8f2210180d2220080d2430080d2e40080d2020000d4000008d5"}}, @eret={0xe6, 0x18, 0x1}, @code={0xa, 0x6c, {"00a0ff0d0080000f008008d5000028d580229bd20080b8f2610080d2a20080d2630180d2a40180d2020000d4007008d50000007d206b93d200c0b0f2410080d2020080d2030180d2640080d2020000d40014c0da00d8a07e"}}, @irq_setup={0x46, 0x18, {0x0, 0x2d8}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x3, 0x8, 0x9, 0x81, 0x3}}, @uexit={0x0, 0x18}, @eret={0xe6, 0x18, 0x7}, @code={0xa, 0x84, {"007008d50038212e20019ed200a0b8f2810180d2420180d2830080d2040080d2020000d4000000cb60db9ad20080b8f2210080d2820080d2030080d2c40080d2020000d4000c803c008008d5007008d5007008d5e07e8bd200a0b8f2810080d2c20080d2e30180d2040180d2020000d4"}}, @its_setup={0x82, 0x28, {0x0, 0x4, 0x11c}}, @memwrite={0x6e, 0x30, @generic={0xeeee0000, 0x87, 0x1, 0xf}}, @msr={0x14, 0x20, {0x603000000013d920, 0x7fffffffffffffff}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x8a}}, @eret={0xe6, 0x18}, @svc={0x122, 0x40, {0x8000, [0x2, 0x8, 0x3, 0x9, 0x5]}}, @code={0xa, 0x9c, {"0020c09ac08881d200c0b0f2c10180d2a20180d2430080d2840080d2020000d4e0b290d200c0b8f2a10080d2620080d2030080d2e40180d2020000d40078210e000008d5007008d5006090d20080b0f2810080d2620080d2830080d2040080d2020000d4e0d491d200a0b0f2810080d2820180d2e30080d2e40180d2020000d400c0e00d000008d5"}}], 0x448}, &(0x7f0000000f40)=[@featur1={0x1, 0xf2}], 0x1) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000f80)={0x4, 0xd}) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000fbc000/0x4000)=nil, r6, 0x2000000, 0x100010, r5, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000fbc000/0x4000)=nil, r6, 0x2000000, 0x100010, r5, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r0, 0x4018aee1, &(0x7f0000001000)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000fc0)=0x3ddc1ad8}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000001040)={0x1, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000010c0)=@attr_arm64={0x0, 0x3, 0x0, &(0x7f0000001080)=0x5}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000001100)={0x30, 0xff34}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000001140)={0x2, 0x3, 0x100000, 0x1000, &(0x7f0000eb6000/0x1000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000001140)={0x2, 0x3, 0x100000, 0x1000, &(0x7f0000eb6000/0x1000)=nil}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000001180)={0x4, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000001200)=@attr_other={0x0, 0x9, 0xef11, &(0x7f00000011c0)=0x1}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000001280)=@attr_arm64={0x0, 0x1, 0x0, &(0x7f0000001240)=0x2}) mmap$KVM_VCPU(&(0x7f0000d1f000/0x2000)=nil, r6, 0xa, 0x110, r2, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000d1f000/0x2000)=nil, r6, 0xa, 0x110, r2, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x9) (async) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x9) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f00000012c0)={0x4000, 0x6000, 0x9, 0x0, 0x8}) syz_kvm_vgic_v3_setup(r1, 0x3, 0xc0) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000001300)={0x2, 0x46}) (async) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r1, 0x4010aeb5, &(0x7f0000001300)={0x2, 0x46}) 1m17.439045703s ago: executing program 0 (id=200): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x123080, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xc0189436, 0x172) 1m17.199340779s ago: executing program 9 (id=170): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x10000, 0x4000}) r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x2, 0x100) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r8, 0x40086602, 0x8000000400000004) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r5, 0x4010aeb5, &(0x7f0000000100)={0x55}) 1m2.785034526s ago: executing program 0 (id=201): syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r2}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000981000/0x400000)=nil) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x26) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x37d03030d7a92616}) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r4, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r5 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0x40086602, 0x80000001) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) r6 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r6, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x28) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r8, r10, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=[@code={0xa, 0xcc, {"e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x0, 0x9, 0xe}}, @hvc={0x32, 0x40, {0x6000000, [0x0, 0x78f7, 0x8, 0x3, 0x9]}}, @smc={0x1e, 0x40, {0x84000009, [0x5, 0x10, 0xd7f, 0x1000, 0x5]}}, @irq_setup={0x46, 0x18, {0x0, 0x5a}}, @mrs={0xbe, 0x18, {0x6030000000139828}}, @msr={0x14, 0x20, {0x603000000013c085, 0x100000001}}, @hvc={0x32, 0x40, {0xc400000d, [0xffffffff, 0x100, 0x6, 0x7, 0x8000000000000000]}}, @hvc={0x32, 0x40, {0x8400000b, [0x4, 0x8, 0x6, 0x6, 0xdd]}}, @mrs={0xbe, 0x18, {0x77fe}}], 0x25c}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 58.635860781s ago: executing program 9 (id=202): r0 = openat$kvm(0x0, &(0x7f0000000040), 0xf0082, 0x0) (async, rerun: 64) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0xc40102, 0x0) (rerun: 64) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xa) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000000)={0x1, 0x300, 0x2c0, 0x0}) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r7, 0x4068aea3, &(0x7f0000000080)={0xa8, 0x0, 0x3}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x5, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) syz_kvm_setup_cpu$arm64(r7, 0xffffffffffffffff, &(0x7f0000000000/0x400000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000500)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) close(0xffffffffffffffff) (async) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x27) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (async) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = syz_kvm_vgic_v3_setup(r12, 0x3, 0xa0) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x9, 0x1, 0x0}) (async) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0}) (async) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000000)={0x1, 0x6000, 0x0, 0xffffffffffffffff, 0x8}) (async) r14 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r15 = ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r15, 0x4004ae8b, &(0x7f0000000380)=ANY=[@ANYBLOB='\b\x00']) (async) ioctl$KVM_ARM_VCPU_FINALIZE(r15, 0x4004aec2, &(0x7f0000000000)=0x2) r16 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) ioctl$KVM_REGISTER_COALESCED_MMIO(r16, 0x4010ae67, &(0x7f0000000100)={0xdddd1000, 0x1800, 0x1}) 35.99737163s ago: executing program 0 (id=203): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r3, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000640)=@arm64_sys={0x603000000013c028, &(0x7f0000000600)=0x5d70}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe6) 29.476004181s ago: executing program 9 (id=204): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000140)=@arm64_bitmap={0x6070000000160002, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x220c00, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x320) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0xc) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) openat$kvm(0xffffff9c, 0x0, 0x1a17f2, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) r9 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r8, 0xae04) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, r9, 0x600000c, 0x28031, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) r13 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x280000a, 0x11, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r12, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x12a545ec934a75a6, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000080)={0x3, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r14, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) 17.794541077s ago: executing program 0 (id=205): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f00000000c0)=[@code={0xa, 0x84, {"00f8a00e0054000f000028d5e02785d200a0b8f2e10180d2220080d2c30080d2840180d2020000d40008e03c0100a0d4008008d50014005f00ad84d20000b0f2c10180d2420180d2430180d2a40080d2020000d4404c97d20060b0f2410080d2020180d2c30080d2e40180d2020000d4"}}, @svc={0x122, 0x40, {0x5000000, [0x0, 0x8, 0x113, 0x1, 0x6]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x3, 0x6, 0xc7e, 0x6, 0x2}}, @eret={0xe6, 0x18, 0x4}, @svc={0x122, 0x40, {0x8600ff01, [0x8, 0xffff, 0x7, 0x4, 0xe]}}, @hvc={0x32, 0x40, {0x4, [0x1000, 0x100000001, 0x66a, 0x1f, 0x7]}}, @irq_setup={0x46, 0x18, {0x0, 0x25b}}, @uexit={0x0, 0x18, 0x1}, @its_setup={0x82, 0x28, {0x2, 0x0, 0x13f}}, @mrs={0xbe, 0x18, {0x603000000013f288}}, @msr={0x14, 0x20, {0x603000000013c4d3, 0x101}}, @eret={0xe6, 0x18, 0x8}, @uexit={0x0, 0x18, 0x1}, @msr={0x14, 0x20, {0x603000000013da15, 0x80}}, @msr={0x14, 0x20, {0x603000000013ff10, 0x9}}, @svc={0x122, 0x40, {0x80008000, [0x0, 0x8, 0x8000000000000001, 0x1, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0x9, 0xffff69c0, 0x6, 0x2}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0x280, 0xfffffffffffffff5, 0x7}}, @eret={0xe6, 0x18, 0xb}, @hvc={0x32, 0x40, {0x3f000000, [0x3, 0x100000000, 0x5, 0x4, 0x80000001]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x1, 0x2, 0x3, 0x3, 0x9, 0x3}}, @svc={0x122, 0x40, {0x84000008, [0x7, 0x2, 0x7, 0x9, 0x3]}}, @hvc={0x32, 0x40, {0x5d16ab4fd44073db, [0x7, 0x5, 0xffffffffffff85e3, 0x2, 0xa]}}, @msr={0x14, 0x20, {0x603000000013e721}}, @irq_setup={0x46, 0x18, {0x1, 0x257}}, @svc={0x122, 0x40, {0xc4001014, [0xe3c, 0xfffffffffffffffa, 0x3, 0xfffffffffffffdba, 0x6]}}, @msr={0x14, 0x20, {0x5f32, 0x8}}, @irq_setup={0x46, 0x18, {0x2, 0x256}}], 0x4cc}, &(0x7f0000000600)=[@featur1={0x1, 0xb}], 0x1) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@mrs={0xbe, 0x18, {0x603000000013c00b}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000a40)=[{0x0, &(0x7f0000000640)=[@its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0x6, 0x7, 0x21cb, 0x4}}, @svc={0x122, 0x40, {0x4000, [0xf67, 0xffffffffffffb9d8, 0x8, 0x16f6, 0x3]}}, @uexit={0x0, 0x18, 0x7}, @mrs={0xbe, 0x18, {0x603000000013c664}}, @eret={0xe6, 0x18, 0xf2}, @msr={0x14, 0x20, {0x603000000013c100, 0x3}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x4, 0x773, 0x2}}, @code={0xa, 0x84, {"807983d20040b8f2010180d2c20080d2a30080d2c40180d2020000d4007008d5c0b69ad200c0b0f2c10080d2620080d2c30180d2e40180d2020000d40000289e000080290080209b000008d5008008d5000008d5c04b85d20040b0f2210180d2020180d2630080d2440080d2020000d4"}}, @svc={0x122, 0x40, {0x34003faf, [0x800, 0x0, 0xfbd0, 0x7, 0x8]}}, @smc={0x1e, 0x40, {0xc100002c, [0x805, 0x4, 0x80000000, 0xfffffffffffffffa, 0x9]}}, @uexit={0x0, 0x18, 0xa}, @code={0xa, 0x6c, {"000008d50020600da09e9fd20080b8f2210080d2e20080d2230080d2440180d2020000d400a8205e409297d20040b8f2a10080d2a20080d2a30080d2640180d2020000d4000000aa008008d50040002f008008d50028c09a"}}, @code={0xa, 0xcc, {"000028d5e0cc93d200e0b0f2a10180d2420180d2830080d2c40080d2020000d4a0438dd200a0b0f2010180d2c20080d2030180d2440080d2020000d4e0bf84d20020b0f2210080d2020180d2630080d2e40080d2020000d4008008d5e0ea8ed20060b0f2010180d2620080d2430080d2440180d2020000d4e0959fd20000b0f2210080d2a20080d2e30080d2840180d2020000d4407989d200c0b0f2a10180d2e20180d2c30080d2440080d2020000d4007c209b00c8a12e"}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xc00, 0x5, 0x8}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0x603000000013c642}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x1, 0xd, 0x7ff, 0xc14, 0x3}}], 0x3dc}], 0x1, 0x0, &(0x7f0000000a80)=[@featur2={0x1, 0x44}], 0x1) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r7, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r7, 0x4010aeab, &(0x7f0000000000)={0xff, 0xffff1000}) 0s ago: executing program 9 (id=206): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000300017867a08"]) kernel console output (not intermixed with test programs): [ 390.027767][ T3152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.076872][ T3152] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:19803' (ED25519) to the list of known hosts. [ 581.292580][ T25] audit: type=1400 audit(580.530:61): avc: denied { name_bind } for pid=3303 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 584.086000][ T25] audit: type=1400 audit(583.330:62): avc: denied { execute } for pid=3304 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 584.117279][ T25] audit: type=1400 audit(583.360:63): avc: denied { execute_no_trans } for pid=3304 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 605.246247][ T25] audit: type=1400 audit(604.490:64): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 605.281589][ T25] audit: type=1400 audit(604.520:65): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 605.360414][ T3304] cgroup: Unknown subsys name 'net' [ 605.413984][ T25] audit: type=1400 audit(604.660:66): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 605.797464][ T3304] cgroup: Unknown subsys name 'cpuset' [ 605.898460][ T3304] cgroup: Unknown subsys name 'rlimit' [ 606.276891][ T25] audit: type=1400 audit(605.520:67): avc: denied { setattr } for pid=3304 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 606.296517][ T25] audit: type=1400 audit(605.540:68): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 606.322118][ T25] audit: type=1400 audit(605.560:69): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 607.505114][ T3307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 607.524976][ T25] audit: type=1400 audit(606.760:70): avc: denied { relabelto } for pid=3307 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.562377][ T25] audit: type=1400 audit(606.790:71): avc: denied { write } for pid=3307 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 607.714433][ T25] audit: type=1400 audit(606.960:72): avc: denied { read } for pid=3304 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.731981][ T25] audit: type=1400 audit(606.970:73): avc: denied { open } for pid=3304 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 607.775793][ T3304] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 661.836021][ T25] audit: type=1400 audit(661.080:74): avc: denied { execmem } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 667.171407][ T25] audit: type=1400 audit(666.410:75): avc: denied { read } for pid=3315 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 667.204141][ T25] audit: type=1400 audit(666.430:76): avc: denied { open } for pid=3315 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 667.274879][ T25] audit: type=1400 audit(666.500:77): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 667.512795][ T25] audit: type=1400 audit(666.750:78): avc: denied { module_request } for pid=3315 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 667.527393][ T25] audit: type=1400 audit(666.770:79): avc: denied { module_request } for pid=3316 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 668.622829][ T25] audit: type=1400 audit(667.860:80): avc: denied { sys_module } for pid=3315 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 692.234144][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 692.465345][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 692.544899][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 692.876365][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.674164][ T3316] hsr_slave_0: entered promiscuous mode [ 709.702090][ T3316] hsr_slave_1: entered promiscuous mode [ 710.772312][ T3315] hsr_slave_0: entered promiscuous mode [ 710.808688][ T3315] hsr_slave_1: entered promiscuous mode [ 710.845082][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 710.851834][ T3315] Cannot create hsr debugfs directory [ 716.071115][ T25] audit: type=1400 audit(715.310:81): avc: denied { create } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.101619][ T25] audit: type=1400 audit(715.340:82): avc: denied { write } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.190653][ T25] audit: type=1400 audit(715.420:83): avc: denied { read } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.335540][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 716.616465][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 716.866306][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 717.204765][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 718.607808][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 718.882528][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 719.161058][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 719.347966][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 731.234872][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 733.772939][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 788.352902][ T3316] veth0_vlan: entered promiscuous mode [ 788.875672][ T3316] veth1_vlan: entered promiscuous mode [ 790.565215][ T3316] veth0_macvtap: entered promiscuous mode [ 790.987846][ T3316] veth1_macvtap: entered promiscuous mode [ 791.436268][ T3315] veth0_vlan: entered promiscuous mode [ 792.115444][ T3315] veth1_vlan: entered promiscuous mode [ 793.152089][ T3388] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.162607][ T3388] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.331973][ T3388] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.335989][ T3388] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.704864][ T3315] veth0_macvtap: entered promiscuous mode [ 795.424591][ T3315] veth1_macvtap: entered promiscuous mode [ 796.016886][ T25] audit: type=1400 audit(795.260:84): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 796.146126][ T25] audit: type=1400 audit(795.390:85): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.STIBPG/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 796.315758][ T25] audit: type=1400 audit(795.560:86): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 796.562224][ T25] audit: type=1400 audit(795.800:87): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.STIBPG/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 796.811517][ T25] audit: type=1400 audit(796.040:88): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/syzkaller.STIBPG/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 797.422342][ T25] audit: type=1400 audit(796.660:89): avc: denied { unmount } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 797.512038][ T3420] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.517787][ T3420] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.543694][ T3420] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.580588][ T3420] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.665767][ T25] audit: type=1400 audit(796.900:90): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 797.802066][ T25] audit: type=1400 audit(797.040:91): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=3769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 798.025275][ T25] audit: type=1400 audit(797.270:92): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 798.123896][ T25] audit: type=1400 audit(797.370:93): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 799.606027][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 810.284795][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 810.298333][ T25] audit: type=1400 audit(809.530:98): avc: denied { read } for pid=3468 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 810.362411][ T25] audit: type=1400 audit(809.590:99): avc: denied { open } for pid=3468 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 810.494836][ T25] audit: type=1400 audit(809.740:100): avc: denied { ioctl } for pid=3468 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 823.894236][ T25] audit: type=1400 audit(823.140:101): avc: denied { write } for pid=3478 comm="syz.0.5" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 845.654658][ T25] audit: type=1400 audit(844.850:102): avc: denied { ioctl } for pid=3487 comm="syz.1.8" path="net:[4026532617]" dev="nsfs" ino=4026532617 ioctlcmd=0xb705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 855.154197][ T25] audit: type=1400 audit(854.400:103): avc: denied { append } for pid=3489 comm="syz.0.9" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 915.737739][ T25] audit: type=1400 audit(914.980:104): avc: denied { execute } for pid=3539 comm="syz.0.23" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4686 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 994.622203][ T25] audit: type=1400 audit(993.850:105): avc: denied { setattr } for pid=3576 comm="syz.1.33" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1011.225058][ T3584] kvm [3584]: Failed to find VMA for hva 0x20c01000 [ 1103.767987][ T25] audit: type=1400 audit(1103.010:106): avc: denied { map } for pid=3627 comm="syz.0.48" path="pipe:[2782]" dev="pipefs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1123.204248][ T25] audit: type=1400 audit(1122.450:107): avc: denied { map } for pid=3639 comm="syz.1.53" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1123.256806][ T25] audit: type=1400 audit(1122.500:108): avc: denied { execute } for pid=3639 comm="syz.1.53" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1471.364389][ T3797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1471.641667][ T3797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1491.221760][ T3807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1491.571414][ T3807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1498.880170][ T3797] hsr_slave_0: entered promiscuous mode [ 1498.934518][ T3797] hsr_slave_1: entered promiscuous mode [ 1499.003752][ T3797] debugfs: 'hsr0' already exists in 'hsr' [ 1499.042823][ T3797] Cannot create hsr debugfs directory [ 1513.578731][ T3797] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1514.004233][ T3797] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1514.277953][ T3797] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1514.658832][ T3797] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1519.407974][ T3807] hsr_slave_0: entered promiscuous mode [ 1519.525600][ T3807] hsr_slave_1: entered promiscuous mode [ 1519.672503][ T3807] debugfs: 'hsr0' already exists in 'hsr' [ 1519.684971][ T3807] Cannot create hsr debugfs directory [ 1534.786873][ T3802] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1536.207020][ T3802] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1537.367359][ T3802] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1538.294682][ T3802] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.021714][ T3807] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1544.034589][ T3807] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1544.612244][ T3807] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1545.108218][ T3807] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1560.541377][ T3802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1560.922172][ T3802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1561.173556][ T3802] bond0 (unregistering): Released all slaves [ 1563.220629][ T3802] hsr_slave_0: left promiscuous mode [ 1563.282612][ T3802] hsr_slave_1: left promiscuous mode [ 1563.750749][ T3802] veth1_macvtap: left promiscuous mode [ 1563.754636][ T3802] veth0_macvtap: left promiscuous mode [ 1563.782272][ T3802] veth1_vlan: left promiscuous mode [ 1563.793690][ T3802] veth0_vlan: left promiscuous mode [ 1588.208257][ T3797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1616.217708][ T3807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1709.032331][ T3797] veth0_vlan: entered promiscuous mode [ 1709.827369][ T3797] veth1_vlan: entered promiscuous mode [ 1714.605587][ T3797] veth0_macvtap: entered promiscuous mode [ 1715.397596][ T3797] veth1_macvtap: entered promiscuous mode [ 1718.536859][ T3886] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1718.544200][ T3886] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1718.592693][ T3886] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1718.722511][ T51] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1743.642784][ T3807] veth0_vlan: entered promiscuous mode [ 1745.094822][ T3807] veth1_vlan: entered promiscuous mode [ 1748.988230][ T3807] veth0_macvtap: entered promiscuous mode [ 1749.541671][ T3807] veth1_macvtap: entered promiscuous mode [ 1752.951232][ T3887] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1752.991991][ T3886] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1753.004937][ T3811] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1753.090912][ T3811] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1840.966775][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1842.882673][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1844.467784][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1847.353012][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1871.221668][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1871.518221][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1871.705769][ T51] bond0 (unregistering): Released all slaves [ 1873.775666][ T51] hsr_slave_0: left promiscuous mode [ 1873.864010][ T51] hsr_slave_1: left promiscuous mode [ 1874.305223][ T51] veth1_macvtap: left promiscuous mode [ 1874.328780][ T51] veth0_macvtap: left promiscuous mode [ 1874.338483][ T51] veth1_vlan: left promiscuous mode [ 1874.373473][ T51] veth0_vlan: left promiscuous mode [ 1894.524676][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1896.146862][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1897.595636][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1899.192623][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1907.086383][ T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1910.968062][ T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1913.514249][ T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1915.886472][ T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1923.085422][ T4008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1923.602091][ T4008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1937.734072][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1937.817249][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1937.891491][ T51] bond0 (unregistering): Released all slaves [ 1940.797242][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1940.888798][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1940.961711][ T51] bond0 (unregistering): Released all slaves [ 1943.224900][ T51] hsr_slave_0: left promiscuous mode [ 1943.291121][ T51] hsr_slave_1: left promiscuous mode [ 1943.620986][ T51] hsr_slave_0: left promiscuous mode [ 1943.670533][ T51] hsr_slave_1: left promiscuous mode [ 1944.240523][ T51] veth1_macvtap: left promiscuous mode [ 1944.243764][ T51] veth0_macvtap: left promiscuous mode [ 1944.257410][ T51] veth1_vlan: left promiscuous mode [ 1944.268750][ T51] veth0_vlan: left promiscuous mode [ 1944.342449][ T51] veth1_macvtap: left promiscuous mode [ 1944.347546][ T51] veth0_macvtap: left promiscuous mode [ 1944.364231][ T51] veth1_vlan: left promiscuous mode [ 1944.367881][ T51] veth0_vlan: left promiscuous mode [ 1983.352040][ T4008] hsr_slave_0: entered promiscuous mode [ 1983.387221][ T4008] hsr_slave_1: entered promiscuous mode [ 1984.215738][ T4030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1984.773547][ T4030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1996.563765][ T4008] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1996.822360][ T4008] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1997.057658][ T4008] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1997.272659][ T4008] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2008.711962][ T4030] hsr_slave_0: entered promiscuous mode [ 2008.784096][ T4030] hsr_slave_1: entered promiscuous mode [ 2008.853585][ T4030] debugfs: 'hsr0' already exists in 'hsr' [ 2008.856465][ T4030] Cannot create hsr debugfs directory [ 2022.157100][ T4008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2023.762174][ T4030] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2024.294552][ T4030] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2024.982011][ T4030] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2025.472591][ T4030] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2056.175399][ T4030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2144.724938][ T4008] veth0_vlan: entered promiscuous mode [ 2145.754629][ T4008] veth1_vlan: entered promiscuous mode [ 2149.222854][ T4008] veth0_macvtap: entered promiscuous mode [ 2149.716438][ T4008] veth1_macvtap: entered promiscuous mode [ 2154.049992][ T3887] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2154.051206][ T3887] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2154.081691][ T3887] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2154.092501][ T3887] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2182.647589][ T4030] veth0_vlan: entered promiscuous mode [ 2183.856412][ T4030] veth1_vlan: entered promiscuous mode [ 2187.405773][ T4030] veth0_macvtap: entered promiscuous mode [ 2188.198668][ T4030] veth1_macvtap: entered promiscuous mode [ 2191.485350][ T4038] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2191.491800][ T4038] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2191.613908][ T4038] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2191.620608][ T4038] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2430.167424][ T3613] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2432.893552][ T3613] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2435.298341][ T3613] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2437.491619][ T3613] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2466.364610][ T3613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2466.772740][ T3613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2467.098319][ T3613] bond0 (unregistering): Released all slaves [ 2470.451456][ T3613] hsr_slave_0: left promiscuous mode [ 2470.553391][ T3613] hsr_slave_1: left promiscuous mode [ 2471.400772][ T3613] veth1_macvtap: left promiscuous mode [ 2471.430596][ T3613] veth0_macvtap: left promiscuous mode [ 2471.441673][ T3613] veth1_vlan: left promiscuous mode [ 2471.454051][ T3613] veth0_vlan: left promiscuous mode [ 2572.338877][ T4387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2572.817482][ T4387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2614.535109][ T4387] hsr_slave_0: entered promiscuous mode [ 2614.604468][ T4387] hsr_slave_1: entered promiscuous mode [ 2614.701841][ T4387] debugfs: 'hsr0' already exists in 'hsr' [ 2614.715982][ T4387] Cannot create hsr debugfs directory [ 2637.266866][ T4387] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2637.767803][ T4387] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2638.408763][ T4387] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2639.061056][ T4387] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2677.604030][ T4387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2851.065014][ T4387] veth0_vlan: entered promiscuous mode [ 2852.902584][ T4387] veth1_vlan: entered promiscuous mode [ 2858.434983][ T4387] veth0_macvtap: entered promiscuous mode [ 2859.455908][ T4387] veth1_macvtap: entered promiscuous mode [ 2868.440405][ T3344] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2869.715716][ T3877] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2870.484238][ T3344] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2870.516786][ T3344] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2870.561686][ T3886] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2872.485652][ T3877] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2874.348212][ T3877] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2876.094890][ T3877] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2910.486099][ T3877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2910.892416][ T3877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2911.172075][ T3877] bond0 (unregistering): Released all slaves [ 2914.051298][ T3877] hsr_slave_0: left promiscuous mode [ 2914.173151][ T3877] hsr_slave_1: left promiscuous mode [ 2915.033445][ T3877] veth1_macvtap: left promiscuous mode [ 2915.048012][ T3877] veth0_macvtap: left promiscuous mode [ 2915.073465][ T3877] veth1_vlan: left promiscuous mode [ 2915.091941][ T3877] veth0_vlan: left promiscuous mode [ 2993.026074][ T4654] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2995.038090][ T4654] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2996.777222][ T4654] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2998.818828][ T4654] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3024.536599][ T4654] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3024.751497][ T4654] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3024.943107][ T4654] bond0 (unregistering): Released all slaves [ 3028.361208][ T4654] hsr_slave_0: left promiscuous mode [ 3028.700926][ T4654] hsr_slave_1: left promiscuous mode [ 3029.356118][ T4654] veth1_macvtap: left promiscuous mode [ 3029.364389][ T4654] veth0_macvtap: left promiscuous mode [ 3029.383486][ T4654] veth1_vlan: left promiscuous mode [ 3029.393837][ T4654] veth0_vlan: left promiscuous mode [ 3072.172225][ T4648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3072.506214][ T4648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3098.162427][ T4693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3098.413616][ T4693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3103.274644][ T4648] hsr_slave_0: entered promiscuous mode [ 3103.344515][ T4648] hsr_slave_1: entered promiscuous mode [ 3124.347969][ T4648] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3125.067661][ T4648] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3125.488649][ T4648] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3126.127887][ T4648] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3137.453794][ T4693] hsr_slave_0: entered promiscuous mode [ 3137.573436][ T4693] hsr_slave_1: entered promiscuous mode [ 3137.641576][ T4693] debugfs: 'hsr0' already exists in 'hsr' [ 3137.644560][ T4693] Cannot create hsr debugfs directory [ 3158.071979][ T4693] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 3158.448449][ T4693] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 3159.433871][ T4693] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 3160.102939][ T4693] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 3162.626367][ T4648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3202.484750][ T4693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3331.965415][ T4648] veth0_vlan: entered promiscuous mode [ 3333.138297][ T4648] veth1_vlan: entered promiscuous mode [ 3337.688528][ T4648] veth0_macvtap: entered promiscuous mode [ 3338.634548][ T4648] veth1_macvtap: entered promiscuous mode [ 3342.414689][ T4607] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3342.417062][ T4607] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3342.484158][ T4607] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3342.524726][ T3344] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3372.040809][ T4693] veth0_vlan: entered promiscuous mode [ 3374.158261][ T4693] veth1_vlan: entered promiscuous mode [ 3378.894681][ T4693] veth0_macvtap: entered promiscuous mode [ 3379.608691][ T4693] veth1_macvtap: entered promiscuous mode [ 3384.405552][ T4652] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3384.643124][ T4652] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3384.684499][ T4654] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3384.688695][ T4654] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3828.644976][ T5058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3829.097606][ T5058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3837.336488][ T5062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3837.978791][ T5062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3866.928556][ T5125] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3869.643103][ T5125] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3872.677819][ T5125] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3875.866434][ T5125] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3907.857721][ T5125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3908.458683][ T5125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3908.672651][ T5125] bond0 (unregistering): Released all slaves [ 3912.374855][ T5125] hsr_slave_0: left promiscuous mode [ 3912.572543][ T5125] hsr_slave_1: left promiscuous mode [ 3913.482087][ T5125] veth1_macvtap: left promiscuous mode [ 3913.490889][ T5125] veth0_macvtap: left promiscuous mode [ 3913.492872][ T5125] veth1_vlan: left promiscuous mode [ 3913.494319][ T5125] veth0_vlan: left promiscuous mode [ 3948.871888][ T5058] hsr_slave_0: entered promiscuous mode [ 3948.974791][ T5058] hsr_slave_1: entered promiscuous mode [ 3949.043406][ T5058] debugfs: 'hsr0' already exists in 'hsr' [ 3949.104808][ T5058] Cannot create hsr debugfs directory [ 3953.846820][ T5062] hsr_slave_0: entered promiscuous mode [ 3954.003949][ T5062] hsr_slave_1: entered promiscuous mode [ 3954.164588][ T5062] debugfs: 'hsr0' already exists in 'hsr' [ 3954.171501][ T5062] Cannot create hsr debugfs directory [ 3958.056966][ T5125] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3960.887966][ T5125] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3963.944372][ T5125] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3966.398551][ T5125] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3997.353213][ T5125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3997.688019][ T5125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3997.935007][ T5125] bond0 (unregistering): Released all slaves [ 3999.993023][ T5125] hsr_slave_0: left promiscuous mode [ 4000.128449][ T5125] hsr_slave_1: left promiscuous mode [ 4000.648297][ T5125] veth1_macvtap: left promiscuous mode [ 4000.711224][ T5125] veth0_macvtap: left promiscuous mode [ 4000.716820][ T5125] veth1_vlan: left promiscuous mode [ 4000.762030][ T5125] veth0_vlan: left promiscuous mode [ 4039.691446][ T5058] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 4042.012708][ T5058] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 4042.680890][ T5058] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 4044.672313][ T5058] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 4055.557113][ T5062] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4056.055093][ T5062] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4056.564541][ T5062] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4057.298519][ T5062] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 4083.024403][ T5058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4094.732454][ T5062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4233.069897][ T5062] veth0_vlan: entered promiscuous mode [ 4234.314355][ T5062] veth1_vlan: entered promiscuous mode [ 4238.023586][ T5062] veth0_macvtap: entered promiscuous mode [ 4238.727026][ T5062] veth1_macvtap: entered promiscuous mode [ 4242.126035][ T4652] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4242.140814][ T4652] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4242.151022][ T4652] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4242.173393][ T4652] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4251.755115][ T5058] veth0_vlan: entered promiscuous mode [ 4254.492948][ T5058] veth1_vlan: entered promiscuous mode [ 4346.861889][ T3802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4347.466690][ T3802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4348.032613][ T3802] bond0 (unregistering): Released all slaves [ 4352.093316][ T3802] hsr_slave_0: left promiscuous mode [ 4352.315576][ T3802] hsr_slave_1: left promiscuous mode [ 4353.378210][ T3802] veth1_vlan: left promiscuous mode [ 4353.464216][ T3802] veth0_vlan: left promiscuous mode [ 4485.255169][ T5347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4485.648300][ T5347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4536.732673][ T5347] hsr_slave_0: entered promiscuous mode [ 4536.843090][ T5347] hsr_slave_1: entered promiscuous mode [ 4574.854576][ T5347] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 4575.625072][ T5347] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 4576.234273][ T5347] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 4576.805594][ T5347] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 4620.694770][ T5347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 4821.252475][ T5347] veth0_vlan: entered promiscuous mode [ 4822.671924][ T5347] veth1_vlan: entered promiscuous mode [ 4827.394530][ T5347] veth0_macvtap: entered promiscuous mode [ 4828.323212][ T5347] veth1_macvtap: entered promiscuous mode [ 4833.634455][ T3887] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4833.718749][ T3887] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4834.065660][ T3887] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4834.094923][ T3344] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4922.115071][ T5671] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xc0f0000000000000 pfn:0x5bb28 [ 4922.143045][ T5671] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x90) [ 4922.232595][ T5671] raw: 01ffe40000000000 ffffc1ffc07d29c8 ffffc1ffc0939d08 0000000000000000 [ 4922.291782][ T5671] raw: c0f0000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 4922.355892][ T5671] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 4922.378959][ T5671] ------------[ cut here ]------------ [ 4922.379233][ T5671] kernel BUG at ./include/linux/mm.h:1036! [ 4922.381019][ T5671] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 4922.386803][ T5671] Modules linked in: [ 4922.388941][ T5671] CPU: 0 UID: 0 PID: 5671 Comm: syz.0.205 Not tainted syzkaller #0 PREEMPT [ 4922.390558][ T5671] Hardware name: linux,dummy-virt (DT) [ 4922.391866][ T5671] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4922.393306][ T5671] pc : kvm_s2_put_page+0x374/0x3a0 [ 4922.395595][ T5671] lr : kvm_s2_put_page+0x374/0x3a0 [ 4922.396543][ T5671] sp : ffff80008f727570 [ 4922.397312][ T5671] x29: ffff80008f727570 x28: 62f0000024e74000 x27: 62f0000024e74000 [ 4922.399068][ T5671] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 4922.400490][ T5671] x23: ffffc1ffc06eca08 x22: 0000000000000000 x21: ffffc1ffc06eca34 [ 4922.401827][ T5671] x20: 0000000000000000 x19: ffffc1ffc06eca00 x18: 000000005b51bc36 [ 4922.403255][ T5671] x17: 0000000003e8ade3 x16: 000000005b518c3e x15: 00000000b85ebb0c [ 4922.404682][ T5671] x14: ffffffffffffffff x13: fff000001a901d88 x12: 0000000000000001 [ 4922.406114][ T5671] x11: 0000000000080000 x10: 0000000000031b65 x9 : 19490ef23cddd300 [ 4922.407638][ T5671] x8 : 19490ef23cddd300 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 4922.409046][ T5671] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff8000803915d0 [ 4922.410398][ T5671] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 4922.412019][ T5671] Call trace: [ 4922.412929][ T5671] kvm_s2_put_page+0x374/0x3a0 (P) [ 4922.414256][ T5671] stage2_free_walker+0x1b0/0x264 [ 4922.415395][ T5671] __kvm_pgtable_walk+0x7d8/0xa68 [ 4922.416364][ T5671] kvm_pgtable_walk+0x294/0x468 [ 4922.417370][ T5671] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 4922.418444][ T5671] kvm_free_stage2_pgd+0x198/0x28c [ 4922.419484][ T5671] kvm_uninit_stage2_mmu+0x20/0x38 [ 4922.420502][ T5671] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 4922.421518][ T5671] kvm_mmu_notifier_release+0x48/0xa8 [ 4922.422369][ T5671] mmu_notifier_unregister+0x128/0x42c [ 4922.423459][ T5671] kvm_put_kvm+0x6a0/0xfa8 [ 4922.424292][ T5671] kvm_vcpu_release+0x70/0x9c [ 4922.425267][ T5671] __fput+0x4ac/0x980 [ 4922.426118][ T5671] ____fput+0x20/0x58 [ 4922.426993][ T5671] task_work_run+0x1bc/0x254 [ 4922.427882][ T5671] get_signal+0x13ec/0x1554 [ 4922.428791][ T5671] do_signal+0x23c/0x4dd0 [ 4922.429605][ T5671] do_notify_resume+0xb0/0x270 [ 4922.430484][ T5671] el0_svc+0xb8/0x164 [ 4922.431299][ T5671] el0t_64_sync_handler+0x84/0x12c [ 4922.432201][ T5671] el0t_64_sync+0x198/0x19c [ 4922.433640][ T5671] Code: f00375a1 912ec421 aa1303e0 97f9c9f2 (d4210000) [ 4922.435479][ T5671] ---[ end trace 0000000000000000 ]--- [ 4922.437072][ T5671] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 4922.440922][ T5671] Kernel Offset: disabled [ 4922.441713][ T5671] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 4922.442853][ T5671] Memory Limit: none [ 4922.444522][ T5671] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:14:49 Registers: info registers vcpu 0 CPU#0 PC=ffff800080020220 X00=0000000000000012 X01=0000000100000003 X02=0000000000000002 X03=ffff800080490084 X04=0000000000000000 X05=0000000000000000 X06=ffff80008048b328 X07=ffff800080015834 X08=19490ef23cddd300 X09=19490ef23cddd300 X10=0000000000033101 X11=0000000000080000 X12=0000000000000004 X13=fff000001a901d88 X14=0000000000000002 X15=ffff800087f69a20 X16=0000000000000000 X17=0000000003e8ade3 X18=000000005b51bc36 X19=efff800000000000 X20=ffff8000801b05a0 X21=ffff80008f727420 X22=0000000000000000 X23=0000000000008001 X24=00000000000000ff X25=ffff80008734e000 X26=00000000000000ff X27=62f0000024e74000 X28=43f000001a901d80 X29=ffff80008f7272a0 X30=ffff800080020220 SP=ffff80008f727270 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0a0a0a0a0a0a0a0a:0a0a0a0a0a0a0a0a Z01=3030303030300000:2930203d3d202965 Z02=635f6665725f6567:617028454741505f Z03=000000000000ffff:0000000000000000 Z04=0000000000000000:000000ff00000000 Z05=5f65676170284547:41505f4e4f5f4755 Z06=30303030303a676e:697070616d20303a Z07=65646e6920303030:3030303030303030 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffff3247ba0:0000fffff3247ba0 Z17=ffffff80ffffffd8:0000fffff3247b70 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000