last executing test programs: 10m16.353796083s ago: executing program 1 (id=159): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f0000000040)=@arm64_core={0x6030000000100004, &(0x7f0000000000)=0x300000000000}) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x9032, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) 10m11.657166489s ago: executing program 0 (id=160): mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, 0x930, 0x4, 0x4f833, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000680)="38ce8347fc1e86008cfc72bb352c8659dcc9225b48cb5cb00c73b0b33018748e73f7f1f493e89c859e17625ad1b19ca88da9c227db3473a7fd4ce992bfc316bd22ccc646cd69c728", 0x0, 0x48) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x444080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000001c0)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013addb, 0x7}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10m8.967973447s ago: executing program 1 (id=161): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x2, 0x100) r5 = eventfd2(0x1, 0x80001) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r5, 0x3}) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, 0x0) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f00000011c0)=@attr_set_pmu={0x0, 0x0, 0x3, 0x0}) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) ioctl$KVM_IRQ_LINE_STATUS(r13, 0xc008ae67, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000007, 0x4f833, 0xffffffffffffffff, 0x0) 10m6.690560322s ago: executing program 0 (id=162): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@msr={0x14, 0x20, {0x603000000013df40, 0x8000}}], 0x20}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000140)=@attr_pmu_init) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_reg(r3, 0x603000000013df40, 0x8000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c58000/0x1000)=nil, r6, 0x2000003, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eda000/0x3000)=nil, r6, 0xf, 0x110, r3, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x500000f, 0x4d832, 0xffffffffffffffff, 0x0) 9m59.64595297s ago: executing program 0 (id=163): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (async) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000000)=0x7}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x8840, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000140)={0x0, &(0x7f0000000200)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0xc4000053, [0x0, 0x1, 0x2, 0x3, 0x6]}}], 0x80}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) (async) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r12, 0x4004ae99, &(0x7f0000000000)=0x5) (async) ioctl$KVM_SET_MP_STATE(r12, 0x4004ae99, &(0x7f0000000000)=0x5) r13 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_GUEST_DEBUG_arm64(r12, 0x4208ae9b, &(0x7f0000000200)={0x30003, 0x0, {[0x101, 0x200e10ce, 0x5, 0x68c5, 0xd, 0x100000000, 0x1, 0x777, 0x80000000, 0x9, 0x2, 0xfffffffffffffe70, 0x4, 0x9, 0x8, 0x4], [0x2, 0xc16f, 0x2, 0xe, 0x5, 0x2, 0x5, 0x27e2b2cf, 0xfffffffffffffff9, 0x2, 0x9, 0x8000000000000001, 0x4, 0x3, 0x81, 0x1], [0x7, 0x3d3e, 0x8000000000000003, 0x80000000, 0x7ff, 0x401, 0x1, 0xffffffffffffffb4, 0xffffffffffffff11, 0x29f, 0xe, 0x101, 0x101, 0x1, 0x1, 0xff], [0xb3f, 0x1, 0x7, 0x8, 0x8000000000000000, 0xdf, 0xb, 0x8000, 0x9701, 0x7, 0xd1, 0x5, 0x8, 0x7, 0x3, 0xbe]}}) syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0) (async) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) r15 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r16 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r15, 0x3, 0x11, r14, 0x0) r17 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r18 = ioctl$KVM_CREATE_VM(r17, 0xae01, 0x0) r19 = syz_kvm_setup_syzos_vm$arm64(r18, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r19, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, 0x0, 0x0) (async) r20 = syz_kvm_add_vcpu$arm64(r19, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7ffc}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r20, 0xae80, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r16, 0xffffffffffffffff) 9m58.806139577s ago: executing program 1 (id=164): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x0, 0x5, &(0x7f0000000280)=0x400000080a00ed}) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000080)={0x0, &(0x7f0000000240)}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000000c0)={0x3}) mmap$KVM_VCPU(&(0x7f00007d0000/0x3000)=nil, 0x930, 0x1000002, 0x2010, 0xffffffffffffffff, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r7, 0xae04) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000140)={0x5}) mmap$KVM_VCPU(&(0x7f0000e2b000/0x1000)=nil, r8, 0x100000d, 0x40010, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, r8, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0x5451, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 9m51.929958088s ago: executing program 0 (id=165): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x11, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000003000/0x3000)=nil, 0x3000) 9m47.26102225s ago: executing program 1 (id=166): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r3 = ioctl$KVM_CREATE_VM(r2, 0x400454c8, 0x1) ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x2000}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) 9m45.305513252s ago: executing program 0 (id=167): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x28) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0xa642, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xc0045878, 0x40000000000001b) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x18}], 0x1, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x10002, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x10000000005) ioctl$KVM_CREATE_VM(r7, 0x80111500, 0x1000020000000) write$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0xb) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000) r9 = openat$kvm(0x0, 0x0, 0x140, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2e) openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0xb) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r12 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r13, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r0, 0x400454d0, 0x29) 9m40.474257312s ago: executing program 1 (id=168): r0 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0xffffffffffffffff}, @hvc={0x32, 0x40, {0x100, [0x2, 0x1, 0x1, 0x1ff, 0x7]}}], 0x58}, &(0x7f00000000c0)=[@featur1={0x1, 0x91}], 0x1) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r0, 0x4018aee3, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f0000000100)=0x1c}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000180)={0xa, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0xd, 0x2, &(0x7f00000001c0)=0x9}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x34) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000240)={0x2, 0x10000, 0xffff4f98, 0x1, 0x3}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r2, 0x4008ae73, &(0x7f0000000280)={0x3df, 0x5}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x400000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x1fe, 0x4, 0x4, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x26) ioctl$KVM_CAP_ARM_MTE(r4, 0x4068aea3, &(0x7f0000000340)) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000003c0)) r6 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000005c0)={0x0, &(0x7f0000000400)=[@uexit={0x0, 0x18, 0x2034}, @uexit={0x0, 0x18, 0xffffffffffffff8c}, @mrs={0xbe, 0x18, {0x6030000000138057}}, @code={0xa, 0xcc, {"20e589d20060b8f2c10080d2a20080d2830180d2840080d2020000d4007008d540f69dd200e0b0f2e10080d2020080d2430180d2640080d2020000d400b292d200c0b8f2810080d2220080d2830080d2240180d2020000d4007008d5005382d20020b8f2810080d2020080d2430080d2e40180d2020000d420eb98d200e0b8f2410180d2620180d2c30180d2e40180d2020000d4008008d5c0ff8cd200c0b8f2c10180d2620180d2c30080d2640080d2020000d4002cc01a"}}, @its_setup={0x82, 0x28, {0x0, 0x0, 0x289}}, @eret={0xe6, 0x18, 0x5}, @eret={0xe6, 0x18, 0x7786}, @uexit={0x0, 0x18, 0x80000000}], 0x184}, &(0x7f0000000600)=[@featur1={0x1, 0x71}], 0x1) ioctl$KVM_ARM_SET_DEVICE_ADDR(r6, 0x4010aeab, &(0x7f0000000640)={0x1, 0x6000}) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000680)=0x6) openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0), 0x40c840, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000700)=@arm64={0x2, 0x9, 0x2, '\x00', 0xb354}) ioctl$KVM_GET_REGS(r0, 0x8360ae81, &(0x7f0000000740)) r8 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, 0x30, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r8, 0x20, &(0x7f0000000800)="64c389e41c09e5c0f06420b8a7ff8cd7ee6e1a473cb1816733f9a4e318e119bd62ef5ac1bf713f22d5c243ca11c0ff974f724caefd689915d8c0bf25b8a3fc2082d68db881c693a6", 0x0, 0x48) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000880)={0xfff, 0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x2c400, 0x0) r9 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x2000000, 0x80010, r4, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000900)="9d032a85867e045fd700a8bb921a543d3f9a121247333fb5828c98787130b8fec8edb7474fc4a8c842399221c99917437410d987a145311b54642a9a85ffb52a8487d2d20392d748", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000ffe000/0x1000)=nil, 0x0, 0x3, 0x12, r7, 0x0) ioctl$KVM_GET_API_VERSION(r3, 0xae00, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000980)={0x10000, 0x4, 0x4000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) 9m33.775197524s ago: executing program 1 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffd) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x5, 0x8080000, 0x2000, &(0x7f0000e53000/0x2000)=nil}) (async) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) (async) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r2, 0x2000006, 0x4010, r6, 0x0) 9m27.42211502s ago: executing program 0 (id=170): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r4, 0x541b, 0x2000001c) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) (async) ioctl$KVM_CREATE_VM(r4, 0x541b, 0x2000001c) (async) 8m46.765999177s ago: executing program 32 (id=169): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffd) munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1ff, 0x5, 0x8080000, 0x2000, &(0x7f0000e53000/0x2000)=nil}) (async) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) (async) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x33) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0xb, 0x30d2a4fbfbfad6b8, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000005c0)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, r2, 0x2000006, 0x4010, r6, 0x0) 8m40.289274565s ago: executing program 33 (id=170): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r4, 0x541b, 0x2000001c) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x1}}) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0xef000000, [0x0, 0x5, 0x2, 0x3]}}], 0x40}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0x80111500, 0x20000000) (async) ioctl$KVM_CREATE_VM(r4, 0x541b, 0x2000001c) (async) 1m58.428090897s ago: executing program 2 (id=185): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG_arm64(r4, 0x4208ae9b, &(0x7f0000000280)={0x20002, 0x0, {[0x4e, 0x3, 0x271, 0x9, 0xf, 0x28a07d71, 0x5, 0x2, 0x2, 0x1000, 0x1, 0xf63, 0x2, 0x3, 0x7fffffff, 0x66d], [0x63f, 0x0, 0x3ff, 0x3, 0x8001, 0x7, 0x80000001, 0x6, 0x5, 0x4, 0x96, 0x4, 0x10000, 0x0, 0x2c, 0xffffffff], [0xfa93, 0x200, 0x4, 0x3, 0xbf7, 0x7, 0x1, 0x3, 0x2, 0x4, 0x0, 0x0, 0x3, 0x7ff, 0xb1c, 0xe0], [0x0, 0x7, 0x44, 0x3ff, 0x9, 0x5, 0xfff, 0x3, 0x5, 0x1000, 0x5ef3, 0x100000000, 0x4, 0x8f81, 0x2, 0x8]}}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r6, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r7, 0x0, 0x40032, 0xffffffffffffffff, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x40040, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r11, &(0x7f0000c00000/0x400000)=nil) r13 = syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000180)={0x0, &(0x7f0000000780)=[@code={0xa, 0x6c, {"007008d50000a09b00c8a00e007008d50000181e206186d200c0b0f2410180d2c20180d2630080d2840080d2020000d4006894d200c0b8f2c10180d2620180d2830180d2640180d2020000d400cca00e000040f90040641e"}}, @code={0xa, 0x84, {"000008d5006e96d20000b0f2810180d2020080d2030180d2840180d2020000d4000028d5008008d5c09f9bd20000b0f2410080d2220180d2030180d2c40080d2020000d480899fd20020b0f2c10180d2a20180d2230080d2240080d2020000d4007008d5007008d5007008d500b8210e"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x200, 0x100000000, 0x4}}, @irq_setup={0x46, 0x18, {0x4, 0x38d}}, @uexit={0x0, 0x18, 0x1000}, @uexit={0x0, 0x18, 0x8e}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x211}}, @svc={0x122, 0x40, {0xe1f181474cd68d6b, [0x7, 0x2a, 0x10001, 0x7, 0x7ff]}}, @eret={0xe6, 0x18, 0x4000000}, @smc={0x1e, 0x40, {0x0, [0x4, 0x6, 0xffffffff, 0x4, 0x8000000000000000]}}, @its_setup={0x82, 0x28, {0x2, 0x1, 0x2d3}}, @msr={0x14, 0x20, {0x603000000013df7c, 0x7}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x2, 0x5, 0x1, 0x7, 0x3}}], 0x298}, 0x0, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) 1m39.548580673s ago: executing program 2 (id=187): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000100)=@arm64_bitmap={0x6030000000160002, &(0x7f0000000000)=0x7}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x2c) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138014, 0x8003}}], 0x20}, 0x0, 0x0) ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f0000000040)={0x1a, 0x7}) ioctl$KVM_RUN(r7, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0) 1m21.898849804s ago: executing program 2 (id=189): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) (async) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x6, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000000000000000000002000000ff"]) (async) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000040)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000280)=@attr_other={0x0, 0xfffffe1a, 0xfffffffffffffffc, 0x0}) (async) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r8, 0x8040aeb6, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x1, 0x0}) (async) r9 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x2c) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013df19, 0x8003}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async) ioctl$KVM_SET_SIGNAL_MASK(r12, 0x4004ae8b, &(0x7f00000000c0)={0x61, "3d6b3ce837f06dbc4598f625c1b9445f106a8faed6b7d3544da666a8d0a9c0b332b8d3f34651cbcc9e9b419f4f6b62dfb5637cbd43c3664d72753559a765d53c2f939abdb39363285d901aaa8351700defd90084f4efa2277edeb965f3fc31718f"}) (async) r13 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0x0, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r13, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) (async) r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x25) syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) syz_kvm_vgic_v3_setup(r15, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r15, 0x4008ae61, &(0x7f0000000000)={0xfffff828, 0x6}) ioctl$KVM_CREATE_DEVICE(r15, 0xc00caee0, &(0x7f0000000180)={0x8}) syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000bfd000/0x400000)=nil) 1m19.439861376s ago: executing program 3 (id=190): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000100)={0xb6, 0x0, 0x81}) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x9) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffe) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x2e) r4 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x161681, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x1000000000000015) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r2, r8, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000200)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0xffffffffffffffe5) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000100)=@arm64_ccsidr={0x6020000000110002, 0xfffffffffffffffe}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r9 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x29) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) r12 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r11, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0) openat$kvm(0x3f, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) r13 = openat$kvm(0x0, &(0x7f00000001c0), 0x52200, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, 0x0, 0x4e}, 0x0, 0xfffffffffffffe87) 59.206947451s ago: executing program 2 (id=191): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x22083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f00000003c0)=[@mrs={0xbe, 0x18, {0x603000000013c520}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@its_setup={0x7, 0x28, {0x2, 0x2, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r6, 0x3, 0xa0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x8}) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0xfffffffffffffffd, 0x5}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r10, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r10, 0xc00caee0, &(0x7f0000000180)={0x8}) ioctl$KVM_RUN(r11, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x28) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x1) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r13, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r13, 0x0) openat$kvm(0xffffff9c, 0x0, 0xa00f2, 0x408) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x6832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x8, 0x5c1fd1b6565d2f2, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x80402, 0x0) 56.360712343s ago: executing program 3 (id=192): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) ioctl$KVM_SET_GUEST_DEBUG_arm64(r0, 0x4208ae9b, &(0x7f0000000000)={0x10000, 0x0, {[0x2, 0x4, 0x7, 0x2, 0xca2, 0x7fffffff, 0xa1b, 0xc41, 0x1, 0x9f, 0x0, 0x0, 0xfffffffffffffff9, 0x5, 0xffff], [0x9, 0x0, 0xf, 0x400, 0x4, 0xa, 0x7, 0xc, 0x7ff, 0x0, 0x1, 0x6, 0x8, 0x8000000000000001, 0x9, 0x3], [0x5, 0x9, 0xffffffffffffff00, 0x4, 0x8, 0x0, 0x42, 0x2e6, 0xfffffffffffffff9, 0x1, 0x3, 0xf, 0xfffffffffffffffe, 0x1, 0x398000000, 0xa4ee], [0x101, 0x1, 0x6, 0x7, 0x4, 0x4, 0x0, 0x6, 0x2, 0x200, 0x2221, 0x1000, 0x80000001, 0x6, 0x7fffffffffffffff, 0xc]}}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r0, 0x4018aee2, &(0x7f0000000280)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000240)=0x9}) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f00000002c0)={0x9d, "fe68fa4e40829d77b50761a61758b72caac0100a1a38ef65c061de8ad8f4795144a9121300927f9c51181b7a58afe81b25af6771caae166d5ebc23d7ddc981af8976537b136ecf1836aca428cc410f3e5734815983bc4381a03968843c26a1612a46fe7f63584b9d291fc1b0ad4504715a2f01bc406ff5e5699a598e4cfcf7f5817d57ac484828fbc8b8d729439a3b491ca35bde3b2073c677f184f449"}) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000007c0)={0x0, &(0x7f0000000380)=[@irq_setup={0x46, 0x18, {0x4, 0x25b}}, @uexit={0x0, 0x18, 0x401}, @memwrite={0x6e, 0x30, @generic={0xdddd0000, 0x79e, 0x3, 0x4}}, @msr={0x14, 0x20, {0x603000000013dce5, 0x2}}, @code={0xa, 0x54, {"00c0641ec0e991d20000b8f2810180d2620080d2e30080d2e40080d2020000d4008008d500e4002f000028d5007008d50004006e0000204a000008d50000006a"}}, @memwrite={0x6e, 0x30, @generic={0x1, 0xff4, 0x7f, 0x4}}, @uexit={0x0, 0x18, 0x9}, @eret={0xe6, 0x18, 0x3}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x1, 0x3, 0xffffffff, 0x7f, 0x1}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfff0, 0x3, 0x2}}, @uexit={0x0, 0x18, 0xdc}, @code={0xa, 0xe4, {"00a4000f20d497d200a0b8f2e10180d2220080d2c30080d2440180d2020000d4000008d560999ed20020b8f2410080d2620180d2630180d2240180d2020000d4c01892d20000b8f2e10080d2220180d2630180d2e40180d2020000d4a05f86d20020b8f2010080d2220080d2c30180d2840180d2020000d4000040d3601d9ad200a0b8f2010080d2820080d2c30180d2440180d2020000d440449fd200e0b8f2610080d2a20180d2830180d2c40180d2020000d400b680d200c0b0f2e10080d2420180d2830080d2c40080d2020000d4"}}, @its_send_cmd={0xaa, 0x28, {0x4, 0x0, 0x1, 0x8, 0x0, 0xfff, 0x4}}, @svc={0x122, 0x40, {0x8400000a, [0x8000, 0x40, 0x6, 0x2, 0x4]}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x2, 0x1, 0x2, 0x1, 0x9, 0x4, 0x1}}, @mrs={0xbe, 0x18, {0x603000000013c521}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0xb2}}, @irq_setup={0x46, 0x18, {0x2, 0x1ac}}, @smc={0x1e, 0x40, {0x84000000, [0x5, 0x7fffffff, 0x40, 0x7, 0x3fffc00000000000]}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xb59127d6d08b704f, 0x6, 0x2}}], 0x408}, &(0x7f0000000800)=[@featur2={0x1, 0x80}], 0x1) ioctl$KVM_SET_SREGS(r1, 0x4000ae84, &(0x7f0000000840)={{0x100000, 0x3000, 0x0, 0x8, 0x5, 0x1, 0x7, 0x80, 0xf2, 0x4, 0x8, 0x7}, {0x8080000, 0x3000, 0xf, 0xa, 0x33, 0x7, 0xe0, 0x2, 0x6, 0x2, 0x1, 0xef}, {0x4, 0xeeef0000, 0x9, 0x8, 0x7, 0x6, 0xf8, 0x0, 0x8, 0x4, 0x0, 0x3}, {0x3000, 0xd000, 0xb, 0x7, 0xf1, 0x35, 0xc3, 0x8, 0xfd, 0x6, 0x2, 0x9}, {0xf000, 0x1, 0x10, 0x0, 0x5, 0x61, 0x8, 0x4, 0x1, 0x6, 0x1a, 0x15}, {0x2000, 0x5000, 0xd, 0x6, 0xa, 0xc, 0x0, 0x1, 0x9, 0x9, 0x6, 0x1}, {0x4000, 0xeeee0000, 0xb, 0x0, 0x6, 0x2, 0x81, 0x4, 0x7b, 0x4, 0xa9, 0x3}, {0x0, 0xd000, 0x9, 0x3, 0xd3, 0xe, 0xb, 0x2, 0x0, 0x5, 0x7, 0xe}, {0xffff1000, 0x9}, {0xeeee0000, 0x800}, 0x2, 0x0, 0xd000, 0x240200, 0x5, 0x400, 0x0, [0x6e5, 0x3, 0xd, 0x9]}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r1, 0x4018aee1, &(0x7f0000000980)=@attr_pmu_init) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001140)={0x0, &(0x7f00000009c0)=[@eret={0xe6, 0x18, 0x58417941}, @code={0xa, 0x84, {"0000800cc02e97d20000b8f2e10180d2020180d2230080d2e40080d2020000d4008008d50004002f000028d5e0469dd20040b0f2c10080d2420180d2430080d2a40180d2020000d4000040b3e0ee88d200e0b0f2c10080d2c20080d2e30080d2440080d2020000d40024c09a0068a038"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x7, 0xb9, 0x7, 0x1}}, @eret={0xe6, 0x18, 0xb}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0x6, 0x8db, 0xf6b3, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x10, 0x2}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x4, 0x3, 0x8, 0xfffffffe, 0x3}}, @smc={0x1e, 0x40, {0x84000006, [0x6, 0x200, 0x2, 0x5f70, 0x9]}}, @smc={0x1e, 0x40, {0xc400000e, [0xccf, 0x7ff, 0xc, 0x5, 0x2]}}, @msr={0x14, 0x20, {0x603000000013f528, 0x75}}, @code={0xa, 0xcc, {"005888d200e0b8f2410080d2820080d2c30080d2440080d2020000d4000008d5007008d50000609e404f9ad200e0b0f2210180d2220080d2e30080d2e40080d2020000d4e0ea87d200c0b0f2c10180d2c20080d2830180d2a40080d2020000d480c99fd20080b8f2e10180d2820180d2e30180d2840080d2020000d460b781d200a0b8f2610180d2c20180d2e30180d2640180d2020000d4804d87d20080b8f2e10180d2c20180d2230080d2840080d2020000d4007008d5"}}, @smc={0x1e, 0x40, {0xc1808061, [0x4, 0x3, 0x9, 0x1, 0x9]}}, @msr={0x14, 0x20, {0x603000000013e6d3, 0x8c}}, @hvc={0x32, 0x40, {0x8, [0x7fffffff, 0x8, 0x6, 0x2, 0x7]}}, @its_setup={0x82, 0x28, {0x2, 0x4, 0x30b}}, @svc={0x122, 0x40, {0x80003fff, [0x5, 0xad4, 0x9, 0x1, 0x6]}}, @smc={0x1e, 0x40, {0x80, [0x2, 0x80, 0x5, 0xc7, 0x40]}}, @mrs={0xbe, 0x18, {0x603000000013e6d7}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x4, 0xb, 0xbd, 0x80, 0x3}}, @code={0xa, 0x84, {"0084006fa04c85d200e0b8f2610080d2620180d2030080d2040080d2020000d4008008d5807b85d200c0b0f2210080d2020080d2230180d2440080d2020000d4803187d20000b0f2a10080d2420180d2030180d2640180d2020000d4000028d5007008d5007008d5008008d50000407d"}}, @code={0xa, 0x84, {"000008d500b785d200a0b0f2e10180d2820080d2230080d2a40080d2020000d4007008d50010800f80b789d200a0b8f2a10080d2020180d2e30180d2840080d2020000d4000008d50004007c004d8dd20040b0f2a10080d2e20080d2e30180d2240080d2020000d4007008d5007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x1fbe821306bbba85, 0x61ee, 0xf}}, @eret={0xe6, 0x18, 0x9}, @msr={0x14, 0x20, {0x603000000013f682, 0x80000001}}, @code={0xa, 0xcc, {"001a9ed20020b0f2c10080d2820180d2c30080d2c40180d2020000d40080206e00159fd20080b0f2810180d2e20180d2430180d2240180d2020000d460ee85d20000b8f2410180d2620180d2230080d2640180d2020000d4e05d9dd20000b8f2a10180d2220180d2030180d2640080d2020000d4007008d5e0f89ed20060b8f2010080d2c20180d2e30080d2640080d2020000d4408499d200c0b8f2610080d2a20180d2a30180d2240080d2020000d4008008d5000020ca"}}, @mrs={0xbe, 0x18, {0x603000000013de99}}, @its_setup={0x82, 0x28, {0x0, 0x1, 0x1f1}}, @irq_setup={0x46, 0x18, {0x0, 0x282}}, @code={0xa, 0x84, {"c0d28bd200c0b8f2e10180d2c20080d2630180d2840180d2020000d400000079007008d5007008d5000008d5a0c081d20080b0f2210180d2420080d2a30080d2c40080d2020000d4c07885d20020b8f2210180d2e20180d2e30080d2440180d2020000d4000008d500082078007008d5"}}], 0x768}, &(0x7f0000001180)=[@featur1={0x1, 0x6}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001540)={0x0, &(0x7f00000011c0)=[@its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x0, 0x10, 0x7fc00, 0x522}}, @hvc={0x32, 0x40, {0x5000000, [0x42f, 0x5, 0xfffffffffffffffa, 0x5, 0x9]}}, @its_setup={0x82, 0x28, {0x4, 0x3, 0x35a}}, @smc={0x1e, 0x40, {0x2, [0x10000000000, 0x5, 0x1, 0x0, 0x2]}}, @mrs={0xbe, 0x18, {0x603000000013df43}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x0, 0x2, 0xd, 0xfffffff9, 0x9, 0x2}}, @uexit={0x0, 0x18, 0x8}, @mrs={0xbe, 0x18, {0xbb}}, @irq_setup={0x46, 0x18, {0x4, 0x1a5}}, @smc={0x1e, 0x40, {0x0, [0x5, 0x100000000, 0x7f, 0x9, 0x8000]}}, @svc={0x122, 0x40, {0xf0000042, [0xc00000000000, 0x6, 0x5, 0x2, 0x9]}}, @its_send_cmd={0xaa, 0x28, {0xc, 0x0, 0x4, 0xa, 0x6, 0x4}}, @msr={0x14, 0x20, {0x603000000013dce2}}, @smc={0x1e, 0x40, {0xc4000001, [0x0, 0x0, 0x0, 0x4, 0x9]}}, @hvc={0x32, 0x40, {0x84000012, [0x7, 0x3, 0x3, 0xcfec]}}, @smc={0x1e, 0x40, {0x84000001, [0x9, 0x1000000000, 0x2, 0xa62, 0x2138]}}, @svc={0x122, 0x40, {0x84000003, [0x2, 0x3, 0x8, 0xffffffff80000000, 0xfffffffffffffffe]}}, @eret={0xe6, 0x18, 0x401}, @eret={0xe6, 0x18, 0x4}], 0x350}, &(0x7f0000001580)=[@featur2={0x1, 0x9}], 0x1) ioctl$KVM_GET_REGS(r3, 0x8360ae81, &(0x7f00000015c0)) ioctl$KVM_SET_REGS(r1, 0x4360ae82, &(0x7f0000001680)={[0x4, 0x3, 0x4, 0x5, 0x3, 0xd03, 0x2, 0x9e, 0x0, 0x2, 0x6, 0x5, 0x3, 0x40, 0x4, 0x101], 0x8080000, 0x91041}) ioctl$KVM_GET_REGS(r3, 0x8360ae81, &(0x7f0000001740)) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000001800)={0xaf, "efaa9af2d33715569312f234d829b6fb46a4546a3fe2ef694437c79d3ebfe7c8dbf474f56ed5b9700d80173d1b6421985e27d7bbf30035c08f5e0ce8764ae1d4dff90ec03f8a0247921ac3f9c8a72ac3be16cce34ac949aeaafc27aa424c80d5e61fc5255a3d1fb0fc8d65afafc696c14189a612673b8c8a214e7e64605ac837ff899607e17ecb1a638bede650d6ec053c0dd22e93b619003c9b9ae43733a62e3689c576120fa1f622ab32fcba684c"}) ioctl$KVM_ARM_VCPU_FINALIZE(r0, 0x4004aec2, &(0x7f00000018c0)=0x1) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000001940)=@arm64_fp={0x604000000010007d, &(0x7f0000001900)=0x80000000000}) r4 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000001d80)={0x0, &(0x7f0000001980)=[@hvc={0x32, 0x40, {0x20, [0x3, 0x80000001, 0xfffffffffffffffd, 0x6, 0x3]}}, @hvc={0x32, 0x40, {0x2, [0x2, 0x2, 0x1, 0x4, 0xd]}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x1, 0x4, 0x7, 0x70, 0x5f, 0x3}}, @hvc={0x32, 0x40, {0x8700001b, [0x7, 0x3, 0x7fffffff, 0x8000000000000001, 0x2f41679e]}}, @msr={0x14, 0x20, {0x603000000013e6d1, 0x2}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x1, 0x5, 0x0, 0x69a, 0x3}}, @eret={0xe6, 0x18, 0x7}, @its_setup={0x82, 0x28, {0x4, 0x1, 0x332}}, @its_send_cmd={0xaa, 0x28, {0xd, 0x1, 0x2, 0xd, 0x4, 0x9, 0x4}}, @uexit={0x0, 0x18, 0x1}, @uexit={0x0, 0x18, 0x4}, @irq_setup={0x46, 0x18, {0x0, 0x5f}}, @smc={0x1e, 0x40, {0x80000002, [0x2, 0x5, 0x7, 0x0, 0x8a9]}}, @hvc={0x32, 0x40, {0xf600000d, [0x4, 0xffffffff, 0xff, 0x8, 0x1]}}, @its_send_cmd={0xaa, 0x28, {0x13, 0x0, 0x1, 0x3, 0x101, 0xacd1}}, @msr={0x14, 0x20, {0x603000000013e66c, 0x80}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x8100000, 0xc0, 0x5, 0x2}}, @mrs={0xbe, 0x18, {0x6030000000138074}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x6, 0x6, 0x3ff}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x4, 0x10, 0x6, 0xffffffff, 0x3}}, @hvc={0x32, 0x40, {0x84000001, [0xffffffffffff138f, 0xfff, 0xaa, 0xc2, 0x7fffffffffffffff]}}, @hvc={0x32, 0x40, {0x100, [0x9, 0xfffffffffffffff0, 0x1, 0x2, 0x1]}}, @memwrite={0x6e, 0x30, @generic={0x4, 0x72c, 0xa, 0xe}}], 0x3f0}, &(0x7f0000001dc0)=[@featur1={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000001e00)={0x1, 0x6}) r5 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000002480)={0x0, &(0x7f0000001e40)=[@irq_setup={0x46, 0x18, {0x3, 0xe1}}, @code={0xa, 0x9c, {"007008d5e0dc98d20040b0f2c10080d2820180d2a30080d2e40080d2020000d4e0689fd200c0b0f2a10180d2220080d2830180d2c40180d2020000d4000028d520d38fd20040b8f2810180d2420180d2030080d2640080d2020000d40000003d80b585d200e0b8f2810080d2420080d2e30180d2840080d2020000d40000005e000028d5008c200e"}}, @hvc={0x32, 0x40, {0x84000002, [0xab7, 0x6, 0x7, 0x8001, 0x4]}}, @irq_setup={0x46, 0x18, {0x1, 0x1de}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x1, 0x1, 0xe, 0x0, 0xe546, 0x1}}, @memwrite={0x6e, 0x30, @generic={0x33323002, 0xb8c, 0x8, 0x5}}, @svc={0x122, 0x40, {0xc4000001, [0x80000001, 0x6, 0x8, 0x20a, 0x5]}}, @msr={0x14, 0x20, {0x603000000013c110, 0xffffffff}}, @mrs={0xbe, 0x18, {0x603000000013c640}}, @code={0xa, 0x54, {"007008d5000400fc000008d50000002e008008d5000440b80008e03c600d8cd200e0b8f2a10180d2820180d2e30180d2840180d2020000d4000028d500e4202e"}}, @eret={0xe6, 0x18, 0x9}, @uexit={0x0, 0x18, 0x5}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x80, 0x7, 0x4}}, @mrs={0xbe, 0x18, {0x6030000000138076}}, @msr={0x14, 0x20, {0x603000000013dee0, 0x9}}, @uexit={0x0, 0x18, 0x9}, @mrs={0xbe, 0x18, {0x6030000000138054}}, @code={0xa, 0x84, {"000008d500a0df0d008008d540348ad20040b8f2a10080d2820080d2830080d2a40180d2020000d4e06d84d200e0b8f2a10180d2820080d2a30180d2e40180d2020000d40004000f004c202e000008d5206c81d200e0b0f2210180d2e20080d2230080d2a40080d2020000d4001c600e"}}, @smc={0x1e, 0x40, {0x80000001, [0x2531, 0x2, 0x7, 0x2, 0xff]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0x400, 0x5, 0x1a}}, @msr={0x14, 0x20, {0x603000000013c020, 0x3}}, @svc={0x122, 0x40, {0x5000000, [0xc41, 0x5, 0x2, 0xaeb, 0x9]}}, @code={0xa, 0x84, {"007008d5203894d20060b0f2410180d2c20180d2030180d2640080d2020000d4a0439fd20020b0f2c10080d2620180d2a30180d2c40080d2020000d4007008d5007008d5e003005a007008d5a00586d200e0b0f2010180d2420080d2a30180d2840080d2020000d4007c0013000028d5"}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x1, 0x1, 0x6450, 0x4}}, @svc={0x122, 0x40, {0xc400000c, [0xffffffffffffffff, 0x8, 0xfffffffffffff000, 0x7fff, 0x1]}}, @its_setup={0x82, 0x28, {0x4, 0x4, 0x2bb}}, @mrs={0xbe, 0x18, {0x603000000013e712}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x5, 0x7c, 0xff, 0x4}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000}}, @msr={0x14, 0x20, {0x603000000013de94, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xb, 0x0, 0x0, 0x9, 0x0, 0xd, 0x1}}], 0x618}, &(0x7f00000024c0)=[@featur1={0x1, 0x84}], 0x1) ioctl$KVM_S390_VCPU_FAULT(r5, 0x4008ae52, &(0x7f0000002500)=0x7) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000002540)={0x9, 0xfffffff7}) r6 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000002580)={0x5, 0xffffffffffffffff, 0x1}) openat$kvm(0xffffffffffffff9c, &(0x7f00000025c0), 0x185000, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000002600)={0x1d, "45714b5c1e0789732dbc8f6ad0af0a727a0adc83bc52b6580a9d376cc7"}) 45.386301228s ago: executing program 3 (id=193): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0xeffffffd, 0x801) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r4, 0x3}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r4, 0xf}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r7, 0x4018aee1, &(0x7f0000000000)=@attr_pmu_filter={0x0, 0x0, 0x2, &(0x7f0000000040)={0x4, 0xffda, 0x1}}) write$eventfd(r4, &(0x7f0000000080)=0x26d, 0x8) r8 = syz_kvm_add_vcpu$arm64(r0, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x5edc}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) close(r7) ioctl$KVM_RUN(r8, 0xae80, 0x0) 40.070884093s ago: executing program 2 (id=194): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013c081, 0x2}}], 0x20}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013c081, 0x2}}], 0x20}, 0x0, 0x0) (async) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, 0x0) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) 30.44393916s ago: executing program 3 (id=195): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x48a80, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0x5450, 0x0) (async, rerun: 32) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000740)={0x7, 0x0, [{0x7, 0x4, 0x1, 0x0, @adapter={0x4, 0x8, 0xfffffffffffffff7, 0x4}}, {0xe, 0x3, 0x1, 0x0, @msi={0x5, 0x9, 0xf23a, 0x6}}, {0x7, 0x3, 0x0, 0x0, @adapter={0x8, 0x4, 0x7, 0x1ff, 0x7}}, {0x0, 0x2, 0x0, 0x0, @irqchip={0x3, 0x1}}, {0x3ff, 0x1, 0x0, 0x0, @adapter={0x1, 0xffffffff, 0x0, 0x6, 0x8}}, {0x9, 0x3, 0x0, 0x0, @msi={0x3, 0x7, 0x0, 0x8}}, {0xffff, 0x4, 0x0, 0x0, @msi={0x1ff, 0x2f3c, 0x2, 0x9}}]}) (async, rerun: 32) r3 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) (async) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000008c0)={0x2}) (async) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000080)={0x2, 0x0, [{0x3, 0x2, 0x0, 0x0, @adapter={0x10001, 0x8000, 0x4003, 0x40, 0x5}}, {0x3, 0x2, 0x1, 0x0, @msi={0x404, 0xfdd, 0x9, 0x101}}]}) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 64) r10 = eventfd2(0x8, 0x80800) (async, rerun: 64) r11 = eventfd2(0x8, 0x80800) (async, rerun: 32) openat$kvm(0x0, 0x0, 0x0, 0x0) (rerun: 32) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x7ffffffffffffffe, 0xeeee0000, 0x8, r11}) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r10, 0x2}) (async) ioctl$KVM_IOEVENTFD(r9, 0x4040ae79, &(0x7f0000000000)={0x8000, 0x0, 0x1, r10, 0x3}) (async) mmap$KVM_VCPU(&(0x7f0000000000/0xc00000)=nil, 0x930, 0x0, 0x32, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$arm64(r1, r8, &(0x7f0000b97000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000200)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x25d}}, @msr={0x14, 0x20, {0x6030000000138084, 0x2}}, @uexit={0x0, 0x18, 0x2}, @its_setup={0x82, 0x28, {0x1, 0x0, 0x3d5}}, @uexit={0x0, 0x18, 0x1}, @svc={0x122, 0x40, {0xc4000005, [0x3, 0x1, 0x10, 0x3]}}, @its_send_cmd={0xaa, 0x28, {0xa, 0x1, 0x2, 0x2, 0x2, 0x8, 0x3}}, @irq_setup={0x46, 0x18, {0x0, 0x34a}}, @svc={0x122, 0x40, {0x86000000, [0x3, 0x10000, 0x380000000000, 0x3, 0x2adb]}}, @its_send_cmd={0xaa, 0x28, {0x5, 0x0, 0x3, 0xb, 0x0, 0x2}}, @eret={0xe6, 0x18, 0x1a01}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80e0000, 0x400, 0x7, 0x4}}, @eret={0xe6, 0x18, 0x1}, @smc={0x1e, 0x40, {0x6000000, [0x7, 0x57e5, 0x8, 0xfffffffffffffffc, 0x200]}}, @irq_setup={0x46, 0x18, {0x3, 0x328}}, @memwrite={0x6e, 0x30, @generic={0x9002, 0x147, 0x8, 0xe}}, @svc={0x122, 0x40, {0x4000000, [0x10, 0xfffffffffffffff8, 0xa, 0x81, 0x7fff]}}, @its_setup={0x82, 0x28, {0x2, 0x3, 0x347}}, @svc={0x122, 0x40, {0xc400000d, [0xdb, 0x0, 0x6, 0x9, 0x4]}}, @memwrite={0x6e, 0x30, @generic={0xffff1000, 0x246, 0x6c, 0xa}}, @eret={0xe6, 0x18, 0x800}, @code={0xa, 0x6c, {"000008d5008008d560f09bd200e0b8f2210180d2220080d2630080d2e40080d2020000d400e0204e007008d50070400c000400f8007008d5007008d500da96d200c0b8f2c10080d2820080d2030080d2840180d2020000d4"}}, @irq_setup={0x46, 0x18, {0x1, 0x235}}, @mrs={0xbe, 0x18, {0x603000000013c101}}, @smc={0x1e, 0x40, {0x8400000f, [0x1, 0x0, 0x861b, 0xb]}}, @smc={0x1e, 0x40, {0x10, [0x2, 0xc1e5, 0x4, 0xffffffffffffef8d, 0x1]}}, @mrs={0xbe, 0x18, {0x603000000013e6c9}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x0, 0xf}}], 0x4c4}], 0x1, 0x0, &(0x7f0000000700)=[@featur2], 0x1) (async) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r12, 0xae03, 0xb6) (async) r13 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xef000000, 0x1000, 0x2}}) r14 = syz_kvm_add_vcpu$arm64(r13, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@smc={0x1e, 0x40, {0x86000001, [0x0, 0x1, 0x2, 0x3, 0x4]}}, @hvc={0x32, 0x40, {0x86000000, [0x2, 0x1, 0x2, 0x3, 0x3]}}], 0x80}, 0x0, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) (async) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, 0x0) 26.14576944s ago: executing program 2 (id=196): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x28) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) close(r9) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x2e) r12 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r13, 0x4068aea3, &(0x7f0000000000)={0xef, 0x0, 0x7}) close(r9) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) r14 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) r15 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000be6000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000380)={0x0, &(0x7f0000000240)=[@irq_setup={0x46, 0x18, {0x3, 0x8e}}, @code={0xa, 0x84, {"20c18ed200c0b8f2010080d2420080d2030080d2640080d2020000d40008a07820339fd20080b8f2210180d2420080d2430080d2a40080d2020000d40084006f000008d5007008d50098202e000008d5604187d20060b0f2010080d2e20080d2c30080d2e40180d2020000d4007008d5"}}, @its_setup={0x82, 0x28, {0x0, 0x2, 0x38e}}, @mrs={0xbe, 0x18, {0x603000000013dcf3}}, @irq_setup={0x46, 0x18, {0x2, 0x44}}, @svc={0x122, 0x40, {0x84000051, [0x1, 0x900000000000, 0xd4, 0xc]}}], 0x134}, &(0x7f00000003c0)=[@featur2], 0x1) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x6030000000138047, 0x8000}}], 0x20}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r11, 0x4018aee1, &(0x7f0000000440)=@attr_other={0x0, 0x9, 0x3, &(0x7f0000000400)=0xd7d8}) r17 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0) ioctl$KVM_RUN(r17, 0xae80, 0x0) 17.012556377s ago: executing program 3 (id=197): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x200, 0x0}) 0s ago: executing program 3 (id=198): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100), 0x3e}, 0x0, 0xffffffffffffffb3) (async) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) (async, rerun: 64) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) (rerun: 64) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) (async, rerun: 32) ioctl$KVM_RUN(r3, 0xae80, 0x0) (rerun: 32) kernel console output (not intermixed with test programs): [ 426.054512][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:50773' (ED25519) to the list of known hosts. [ 616.477466][ T25] audit: type=1400 audit(615.710:61): avc: denied { name_bind } for pid=3302 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 617.964114][ T25] audit: type=1400 audit(617.190:62): avc: denied { execute } for pid=3303 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 617.992789][ T25] audit: type=1400 audit(617.220:63): avc: denied { execute_no_trans } for pid=3303 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 643.224725][ T25] audit: type=1400 audit(642.450:64): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 643.256465][ T25] audit: type=1400 audit(642.490:65): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 643.340255][ T3303] cgroup: Unknown subsys name 'net' [ 643.397294][ T25] audit: type=1400 audit(642.630:66): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 643.794800][ T3303] cgroup: Unknown subsys name 'cpuset' [ 643.900203][ T3303] cgroup: Unknown subsys name 'rlimit' [ 644.852581][ T25] audit: type=1400 audit(644.080:67): avc: denied { setattr } for pid=3303 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 644.879104][ T25] audit: type=1400 audit(644.110:68): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 644.904885][ T25] audit: type=1400 audit(644.130:69): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 646.098464][ T3306] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 646.117717][ T25] audit: type=1400 audit(645.350:70): avc: denied { relabelto } for pid=3306 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 646.146948][ T25] audit: type=1400 audit(645.380:71): avc: denied { write } for pid=3306 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 646.342369][ T25] audit: type=1400 audit(645.560:72): avc: denied { read } for pid=3303 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 646.349542][ T25] audit: type=1400 audit(645.570:73): avc: denied { open } for pid=3303 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 646.398760][ T3303] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 694.158841][ T25] audit: type=1400 audit(693.370:74): avc: denied { execmem } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 702.943033][ T25] audit: type=1400 audit(702.170:75): avc: denied { read } for pid=3309 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 702.958954][ T25] audit: type=1400 audit(702.190:76): avc: denied { open } for pid=3309 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 703.142050][ T25] audit: type=1400 audit(702.370:77): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 703.526055][ T25] audit: type=1400 audit(702.760:78): avc: denied { module_request } for pid=3310 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 704.658504][ T25] audit: type=1400 audit(703.870:79): avc: denied { sys_module } for pid=3309 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 730.020041][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.268126][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.494036][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.758837][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 742.975830][ T3309] hsr_slave_0: entered promiscuous mode [ 743.006714][ T3309] hsr_slave_1: entered promiscuous mode [ 743.893286][ T3310] hsr_slave_0: entered promiscuous mode [ 743.926420][ T3310] hsr_slave_1: entered promiscuous mode [ 743.962252][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 743.967066][ T3310] Cannot create hsr debugfs directory [ 749.695318][ T25] audit: type=1400 audit(748.930:80): avc: denied { create } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 749.712553][ T25] audit: type=1400 audit(748.940:81): avc: denied { write } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 749.775934][ T25] audit: type=1400 audit(749.010:82): avc: denied { read } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 749.917402][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 750.229242][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 750.484427][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 750.996555][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 752.453563][ T3310] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 752.628939][ T3310] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 752.810386][ T3310] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 752.978945][ T3310] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 769.808818][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.946037][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 830.247317][ T3309] veth0_vlan: entered promiscuous mode [ 830.906209][ T3309] veth1_vlan: entered promiscuous mode [ 833.353505][ T3310] veth0_vlan: entered promiscuous mode [ 834.223248][ T3309] veth0_macvtap: entered promiscuous mode [ 834.463394][ T3310] veth1_vlan: entered promiscuous mode [ 834.803200][ T3309] veth1_macvtap: entered promiscuous mode [ 838.036643][ T3310] veth0_macvtap: entered promiscuous mode [ 838.114128][ T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.128097][ T21] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.205762][ T21] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.210108][ T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.533570][ T3310] veth1_macvtap: entered promiscuous mode [ 840.532971][ T25] audit: type=1400 audit(839.740:83): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 840.824264][ T25] audit: type=1400 audit(839.990:84): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/syzkaller.qdmuca/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 841.179957][ T25] audit: type=1400 audit(840.340:85): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 841.389853][ T3327] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.403862][ T3327] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.410059][ T3327] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.431925][ T3327] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.538488][ T25] audit: type=1400 audit(840.690:86): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/syzkaller.qdmuca/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 841.712765][ T25] audit: type=1400 audit(840.940:87): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/syzkaller.qdmuca/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3781 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 842.267025][ T25] audit: type=1400 audit(841.470:88): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 842.492431][ T25] audit: type=1400 audit(841.720:89): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 842.704886][ T25] audit: type=1400 audit(841.930:90): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="gadgetfs" ino=3794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 843.146857][ T25] audit: type=1400 audit(842.350:91): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 843.339070][ T25] audit: type=1400 audit(842.570:92): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 844.308061][ T3309] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 854.498232][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 854.507625][ T25] audit: type=1400 audit(853.730:97): avc: denied { read } for pid=3463 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.540033][ T25] audit: type=1400 audit(853.770:98): avc: denied { open } for pid=3463 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.620061][ T25] audit: type=1400 audit(853.850:99): avc: denied { ioctl } for pid=3463 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 854.762352][ T25] audit: type=1400 audit(853.920:100): avc: denied { execute } for pid=3463 comm="syz.1.2" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=3829 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 879.059080][ T3489] kvm [3489]: Failed to find VMA for hva 0x20c01000 [ 904.139361][ T3504] kvm [3504]: Failed to find VMA for hva 0x21016000 [ 911.908104][ T25] audit: type=1400 audit(911.120:101): avc: denied { write } for pid=3507 comm="syz.0.13" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 920.927132][ T25] audit: type=1400 audit(920.160:102): avc: denied { map } for pid=3513 comm="syz.0.15" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 932.832442][ T25] audit: type=1400 audit(932.050:103): avc: denied { append } for pid=3520 comm="syz.1.18" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 986.378624][ T3554] FAULT_INJECTION: forcing a failure. [ 986.378624][ T3554] name failslab, interval 1, probability 0, space 0, times 1 [ 986.416057][ T3554] CPU: 0 UID: 0 PID: 3554 Comm: syz.1.30 Not tainted syzkaller #0 PREEMPT [ 986.416754][ T3554] Hardware name: linux,dummy-virt (DT) [ 986.417255][ T3554] Call trace: [ 986.417698][ T3554] show_stack+0x2c/0x3c (C) [ 986.421450][ T3554] __dump_stack+0x30/0x40 [ 986.421767][ T3554] dump_stack_lvl+0xd8/0x12c [ 986.421988][ T3554] dump_stack+0x1c/0x28 [ 986.422189][ T3554] should_fail_ex+0x570/0x6e0 [ 986.422436][ T3554] should_failslab+0xb8/0xec [ 986.422721][ T3554] kmem_cache_alloc_noprof+0x80/0x3f0 [ 986.422955][ T3554] vm_area_alloc+0x2c/0x1a8 [ 986.423262][ T3554] mmap_region+0xb70/0x1fcc [ 986.423465][ T3554] do_mmap+0xa50/0xf64 [ 986.423753][ T3554] vm_mmap_pgoff+0x290/0x3e8 [ 986.424037][ T3554] ksys_mmap_pgoff+0xec/0x448 [ 986.424313][ T3554] __arm64_sys_mmap+0x13c/0x198 [ 986.424639][ T3554] invoke_syscall+0x90/0x2b4 [ 986.424959][ T3554] el0_svc_common+0x180/0x2f4 [ 986.425296][ T3554] do_el0_svc+0x58/0x74 [ 986.425616][ T3554] el0_svc+0x58/0x164 [ 986.425896][ T3554] el0t_64_sync_handler+0x84/0x12c [ 986.426163][ T3554] el0t_64_sync+0x198/0x19c [ 1017.358894][ T3568] FAULT_INJECTION: forcing a failure. [ 1017.358894][ T3568] name failslab, interval 1, probability 0, space 0, times 0 [ 1017.366033][ T3568] CPU: 0 UID: 0 PID: 3568 Comm: syz.0.35 Not tainted syzkaller #0 PREEMPT [ 1017.366380][ T3568] Hardware name: linux,dummy-virt (DT) [ 1017.366491][ T3568] Call trace: [ 1017.366573][ T3568] show_stack+0x2c/0x3c (C) [ 1017.367007][ T3568] __dump_stack+0x30/0x40 [ 1017.367215][ T3568] dump_stack_lvl+0xd8/0x12c [ 1017.367412][ T3568] dump_stack+0x1c/0x28 [ 1017.367620][ T3568] should_fail_ex+0x570/0x6e0 [ 1017.367881][ T3568] should_failslab+0xb8/0xec [ 1017.368137][ T3568] kmem_cache_alloc_noprof+0x80/0x3f0 [ 1017.368378][ T3568] __anon_vma_prepare+0xbc/0x580 [ 1017.368656][ T3568] handle_mm_fault+0x3c60/0x5778 [ 1017.368899][ T3568] __get_user_pages+0x2dc0/0x395c [ 1017.369206][ T3568] populate_vma_page_range+0x234/0x318 [ 1017.369506][ T3568] __mm_populate+0x198/0x35c [ 1017.369803][ T3568] vm_mmap_pgoff+0x364/0x3e8 [ 1017.370101][ T3568] ksys_mmap_pgoff+0xec/0x448 [ 1017.370387][ T3568] __arm64_sys_mmap+0x13c/0x198 [ 1017.370710][ T3568] invoke_syscall+0x90/0x2b4 [ 1017.371029][ T3568] el0_svc_common+0x180/0x2f4 [ 1017.371333][ T3568] do_el0_svc+0x58/0x74 [ 1017.371642][ T3568] el0_svc+0x58/0x164 [ 1017.371911][ T3568] el0t_64_sync_handler+0x84/0x12c [ 1017.372174][ T3568] el0t_64_sync+0x198/0x19c [ 1050.223538][ T25] audit: type=1400 audit(1049.440:104): avc: denied { setattr } for pid=3579 comm="syz.1.39" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1108.126964][ T3616] kvm [3614]: Unsupported guest access at: eeef0000 [ 1108.126964][ T3616] { Op0( 2), Op1( 5), CRn(11), CRm(11), Op2( 3), func_write }, [ 1536.362624][ T3855] kvm [3855]: Failed to find VMA for hva 0x20df3000 [ 1563.067523][ T3864] kvm [3862]: Unsupported guest access at: eeef0000 [ 1563.067523][ T3864] { Op0( 2), Op1( 5), CRn(11), CRm(11), Op2( 3), func_write }, [ 1753.805496][ T3983] kvm [3983]: Failed to find VMA for hva 0x21016000 [ 1817.229340][ T3327] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.414315][ T3327] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1819.647991][ T3327] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1820.496597][ T3327] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1832.326003][ T3327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1832.429338][ T3327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1832.504200][ T3327] bond0 (unregistering): Released all slaves [ 1834.023733][ T3327] hsr_slave_0: left promiscuous mode [ 1834.088613][ T3327] hsr_slave_1: left promiscuous mode [ 1834.472884][ T3327] veth1_macvtap: left promiscuous mode [ 1834.477711][ T3327] veth0_macvtap: left promiscuous mode [ 1834.503375][ T3327] veth1_vlan: left promiscuous mode [ 1834.517684][ T3327] veth0_vlan: left promiscuous mode [ 1859.409497][ T3327] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1860.194821][ T3327] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1861.229407][ T3327] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1862.184428][ T3327] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1875.217113][ T3327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1875.308317][ T3327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1875.367198][ T3327] bond0 (unregistering): Released all slaves [ 1876.594075][ T3327] hsr_slave_0: left promiscuous mode [ 1876.723452][ T3327] hsr_slave_1: left promiscuous mode [ 1877.083120][ T3327] veth1_macvtap: left promiscuous mode [ 1877.086426][ T3327] veth0_macvtap: left promiscuous mode [ 1877.114251][ T3327] veth1_vlan: left promiscuous mode [ 1877.125462][ T3327] veth0_vlan: left promiscuous mode [ 1906.947569][ T3990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1907.777349][ T3990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1909.097551][ T3994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1909.346948][ T3994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1932.539938][ T3990] hsr_slave_0: entered promiscuous mode [ 1932.618148][ T3990] hsr_slave_1: entered promiscuous mode [ 1934.559050][ T3994] hsr_slave_0: entered promiscuous mode [ 1934.626261][ T3994] hsr_slave_1: entered promiscuous mode [ 1934.692106][ T3994] debugfs: 'hsr0' already exists in 'hsr' [ 1934.703001][ T3994] Cannot create hsr debugfs directory [ 1945.497374][ T3990] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1946.060270][ T3990] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1946.380058][ T3990] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1946.896696][ T3990] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1950.674977][ T3994] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1951.088121][ T3994] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1951.623757][ T3994] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1952.063824][ T3994] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1974.439422][ T3990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1979.756659][ T3994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2076.534807][ T3990] veth0_vlan: entered promiscuous mode [ 2077.418565][ T3990] veth1_vlan: entered promiscuous mode [ 2080.724000][ T3994] veth0_vlan: entered promiscuous mode [ 2080.938215][ T3990] veth0_macvtap: entered promiscuous mode [ 2081.717461][ T3990] veth1_macvtap: entered promiscuous mode [ 2082.505024][ T3994] veth1_vlan: entered promiscuous mode [ 2086.490216][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2086.496626][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2086.614571][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2086.622823][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2087.913698][ T3994] veth0_macvtap: entered promiscuous mode [ 2089.123543][ T3994] veth1_macvtap: entered promiscuous mode [ 2091.453626][ T25] audit: type=1400 audit(2090.680:105): avc: denied { mounton } for pid=3990 comm="syz-executor" path="/syzkaller.ieCcB4/syz-tmp" dev="vda" ino=1879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 2094.579687][ T3392] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2094.614966][ T4131] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2094.641836][ T21] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2094.653769][ T21] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2317.756691][ T4351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d7bc [ 2317.775146][ T4351] flags: 0x1ffea0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xa8) [ 2317.793069][ T4351] raw: 01ffea0000000000 ffffc1ffc075ef48 ffffc1ffc06add88 0000000000000000 [ 2317.800019][ T4351] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2317.832225][ T4351] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 2317.863409][ T4351] ------------[ cut here ]------------ [ 2317.863690][ T4351] kernel BUG at ./include/linux/mm.h:1036! [ 2317.865438][ T4351] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 2317.869861][ T4351] Modules linked in: [ 2317.871245][ T4351] CPU: 0 UID: 0 PID: 4351 Comm: syz.2.196 Not tainted syzkaller #0 PREEMPT [ 2317.872357][ T4351] Hardware name: linux,dummy-virt (DT) [ 2317.873336][ T4351] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2317.874534][ T4351] pc : kvm_s2_put_page+0x374/0x3a0 [ 2317.875529][ T4351] lr : kvm_s2_put_page+0x374/0x3a0 [ 2317.876397][ T4351] sp : ffff80008e997830 [ 2317.877052][ T4351] x29: ffff80008e997830 x28: 1bf000001ab76000 x27: 1bf000001ab76000 [ 2317.878505][ T4351] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 2317.879723][ T4351] x23: ffffc1ffc075ef08 x22: 0000000000000000 x21: ffffc1ffc075ef34 [ 2317.880921][ T4351] x20: 0000000000000000 x19: ffffc1ffc075ef00 x18: 000000004912a7a0 [ 2317.882087][ T4351] x17: 0000000001c3fa96 x16: 0000000047593d23 x15: 00000000c168da54 [ 2317.883313][ T4351] x14: ffffffffffffffff x13: fff000001e291d88 x12: 0000000000000001 [ 2317.884523][ T4351] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 630c4a9772160000 [ 2317.886066][ T4351] x8 : 630c4a9772160000 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 2317.887311][ T4351] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 2317.888562][ T4351] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 2317.889935][ T4351] Call trace: [ 2317.890651][ T4351] kvm_s2_put_page+0x374/0x3a0 (P) [ 2317.891621][ T4351] stage2_free_walker+0x1b0/0x264 [ 2317.892565][ T4351] __kvm_pgtable_walk+0x7d8/0xa68 [ 2317.893560][ T4351] kvm_pgtable_walk+0x294/0x468 [ 2317.894474][ T4351] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 2317.895518][ T4351] kvm_free_stage2_pgd+0x198/0x28c [ 2317.896440][ T4351] kvm_uninit_stage2_mmu+0x20/0x38 [ 2317.897405][ T4351] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 2317.898396][ T4351] kvm_mmu_notifier_release+0x48/0xa8 [ 2317.899341][ T4351] mmu_notifier_unregister+0x128/0x42c [ 2317.900258][ T4351] kvm_put_kvm+0x6a0/0xfa8 [ 2317.901038][ T4351] kvm_vm_release+0x58/0x78 [ 2317.901911][ T4351] __fput+0x4ac/0x980 [ 2317.902669][ T4351] ____fput+0x20/0x58 [ 2317.903403][ T4351] task_work_run+0x1bc/0x254 [ 2317.904258][ T4351] do_notify_resume+0x1bc/0x270 [ 2317.905089][ T4351] el0_svc+0xb8/0x164 [ 2317.905935][ T4351] el0t_64_sync_handler+0x84/0x12c [ 2317.906865][ T4351] el0t_64_sync+0x198/0x19c [ 2317.908198][ T4351] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 2317.910028][ T4351] ---[ end trace 0000000000000000 ]--- [ 2317.911622][ T4351] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 2317.913634][ T4351] Kernel Offset: disabled [ 2317.914323][ T4351] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 2317.915344][ T4351] Memory Limit: none [ 2317.917037][ T4351] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:35:00 Registers: info registers vcpu 0 CPU#0 PC=ffff800080493c64 X00=0000000000000000 X01=0000000000000080 X02=0000000000000001 X03=ffff800080493bb4 X04=ffff8000872ceb7a X05=ffff80008e997278 X06=ffff800080537664 X07=ffff800080015834 X08=00000000000003c0 X09=0000000000000000 X10=0000000000ff0100 X11=ffff8000877358c8 X12=00000000000000fe X13=0000000000000063 X14=0000000000000000 X15=ffff800087f83a20 X16=0000000000000000 X17=0000000001c3fa96 X18=000000004912a7a0 X19=efff800000000000 X20=ffff80008e9972e0 X21=00000000000000ff X22=00000000000003c0 X23=00000000ffffe439 X24=80000000ffffe439 X25=00000000000003c0 X26=ffff800087815cf0 X27=00000000000010ff X28=0000000000000004 X29=ffff80008e9971e0 X30=ffff800080493c40 SP=ffff80008e9971d0 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=0000000000000000:0000000000000000 Z01=00302e6f732e6d61:7062696c2f343662 Z02=0000000000000000:ffffffffffffff00 Z03=0000000000000000:0000000000000000 Z04=3333333333333333:3333333333333333 Z05=0000000000000000:000000000c000000 Z06=0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000