last executing test programs: 39m38.761594083s ago: executing program 0 (id=43): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) (async) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f00004a0000/0x2000)=nil, 0x2000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x3) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f00000002c0)={0x5, 0x8}) (async) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f00000002c0)={0x5, 0x8}) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013dce0, &(0x7f0000000000)=0x3ff}) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) close(r4) (async) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) 39m30.678494177s ago: executing program 0 (id=45): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xffffffffffffffff) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x8}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x3, 0xfffffffd, 0xf}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x5, 0x44038dc645b3bc7e, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000004}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x5, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r11, 0x4018aee1, &(0x7f0000000040)=@attr_other={0x0, 0x8, 0x20088, &(0x7f0000000240)=0x10}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r13, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r14}) syz_kvm_setup_syzos_vm$arm64(r13, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0xe6e70001, 0x37d03030d7a92616}) ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000180)={0x5000}) 39m25.739473002s ago: executing program 1 (id=46): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x27) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000300)={0x0, 0x0}, 0x0, 0x0) r5 = syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000080)=@attr_arm64={0x0, 0x4, 0x3, 0x0}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x2) syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x84000009, [0x100000001, 0x7, 0xac8, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x14) 39m20.18621168s ago: executing program 0 (id=47): r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$KVM_SET_DEVICE_ATTR_vm(r0, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x1, 0x5, 0x1}}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x282243, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f00000004c0)={0x2, 0x300, 0x340, &(0x7f00000000c0)=[0x3, 0x0, 0x7, 0x9, 0x7f, 0x7, 0x40, 0x4, 0x7, 0x0, 0x2, 0x7, 0x3ff, 0x2, 0xd0, 0x3, 0x10001, 0x7, 0x0, 0xc4b, 0x7, 0x12000, 0x5, 0xffffffff, 0x1, 0x6, 0x9, 0x6f1, 0x2, 0x5, 0x81, 0x4, 0x8, 0x7fffffffffffffff, 0x8e2c, 0xc400000000000, 0x8, 0x8001, 0x0, 0x6, 0x815f, 0x5, 0x16c9, 0x1, 0xa1fd, 0x3, 0x1c7, 0xffff, 0x706, 0x0, 0x3, 0x2, 0x4, 0xab, 0x10000, 0x4, 0x784, 0x3, 0x3, 0x6, 0x0, 0x4dc5, 0x2b, 0x4, 0x578, 0xd, 0x5, 0xd, 0x3, 0x8, 0x7, 0x80, 0x0, 0x0, 0x9, 0x7, 0xfffffffffffffff7, 0xb, 0x5ee44682, 0x40, 0x10, 0x0, 0x2, 0x3, 0x0, 0x6, 0x109, 0x9, 0xffff, 0xfe00000, 0x4, 0xffffffffffff8001, 0x0, 0x7, 0x10, 0x2, 0xfffffffffffffffc, 0x8, 0x200, 0x1, 0x80000000, 0x7, 0x3, 0xe, 0x81, 0x8, 0xbc5, 0xa, 0x100, 0x7fff, 0x100, 0xfffffffffffffffe, 0x8, 0xd, 0x3, 0x4, 0x6, 0x5, 0x6, 0x4, 0x7bd3, 0x4, 0x2, 0xfffffffffffffffd, 0x7, 0x5, 0x7f, 0x4]}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000500)={0x9, 0x7}) r2 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece) ioctl$KVM_RESET_DIRTY_RINGS(r2, 0xaec7) r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f0000000580)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000540)={0xa, 0x81c}}) syz_kvm_setup_syzos_vm$arm64(r0, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x2) ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x5) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x3c) ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x8000000000000) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x40) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f00000009c0)={0x3, 0x80, 0x100, &(0x7f00000005c0)=[0x21ea9091, 0x1b, 0x7, 0x7, 0x9, 0x0, 0x6, 0x0, 0x9, 0x0, 0x3, 0x1, 0x538, 0x400, 0x5, 0x5, 0x5, 0xffff, 0x6, 0x1, 0xbf, 0x800, 0x0, 0x0, 0x100000001, 0x6, 0x2, 0xb, 0x1000, 0x200, 0x8001, 0x9, 0x1, 0x4, 0xfffffffffffffffe, 0x9d, 0x1, 0x4, 0x8, 0x4, 0x7, 0x0, 0x1, 0xffffffffffffffff, 0x7, 0x9, 0x7ff, 0x6, 0x7, 0x1, 0x2, 0x4, 0x7, 0x7, 0x9, 0x4, 0x45, 0x3ff000000, 0x7, 0x4, 0x4, 0xa9, 0x3772, 0x7, 0x0, 0x400, 0xc43, 0x9e63, 0x9, 0x59, 0x0, 0x77c7, 0x4, 0x9, 0x5, 0x7fff, 0x3, 0x3, 0x8, 0x317, 0x8001, 0x2, 0x9c, 0x2325, 0x2, 0x4, 0x946, 0x400, 0xc, 0xb8f, 0x9, 0x7, 0x5, 0xffff, 0x4, 0x5, 0x35, 0x9, 0x9, 0x7fff, 0xd, 0x4e, 0x49, 0x0, 0xfffffffffffffffb, 0xdaf, 0x1, 0xb, 0xfffffffffffff75d, 0x100, 0x3, 0x8, 0x7, 0x6, 0x2, 0x0, 0x5b99, 0x2, 0xb, 0x90c, 0x8, 0x4b6, 0x6, 0x0, 0x3, 0x2aa0, 0xb, 0xffffffff]}) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000a40)=@arm64_sys={0x603000000013c2b1, &(0x7f0000000a00)=0x2}) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000a80)={0x1, 0x9}) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000ac0)={0x6, 0xffffffffffffffff, 0x1}) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x29) syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r7 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000b00)={0x5, 0x18}) r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG_arm64(r8, 0x4208ae9b, &(0x7f0000000b40)={0x0, 0x0, {[0x1d, 0x5, 0xffffffffffffff72, 0x0, 0x0, 0x0, 0x1, 0xffffffffffff434d, 0x6, 0x1, 0xff, 0xffe00000, 0x3, 0x8000000000000000, 0xa06c, 0x1ff], [0x2, 0x1ff, 0x7, 0xae6, 0x1, 0x8, 0x3, 0x0, 0x3, 0xb2, 0x8, 0x2, 0x55, 0x10001, 0x4, 0x3], [0x7bbd, 0x1, 0x5, 0xffff, 0x2, 0x10001, 0x3, 0x6, 0x0, 0xffffffffffff4e03, 0x60e6, 0x7, 0xe, 0x7, 0x2, 0x100000000], [0xfffffffffffffffd, 0x3, 0xb, 0x1, 0x3, 0x7, 0x7, 0xfffffffffffffffb, 0xfffffffffffffffb, 0x3, 0x5, 0x8, 0x8, 0x3, 0x4de, 0x4]}}) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000d80)={0xa, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000dc0)={0x2}) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000e00)={0x7, 0x2e97}) 39m17.29170757s ago: executing program 1 (id=48): r0 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r1 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f0000000580)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x0, [0x1, 0xfff, 0xffffffff, 0x9, 0x1]}}, @code={0xa, 0x9c, {"60568cd20000b0f2010180d2e20080d2c30180d2e40080d2020000d4403399d20000b0f2a10080d2020180d2430180d2240080d2020000d4008008d5008008d5602590d200e0b0f2410080d2420080d2c30080d2040180d2020000d4007008d5000008d5603f8dd200e0b8f2210080d2020180d2430180d2440180d2020000d4000028d5009c006f"}}, @uexit={0x0, 0x18, 0x800}, @eret={0xe6, 0x18, 0x1ff}, @eret={0xe6, 0x18, 0x8}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x4, 0x2, 0xf}}, @eret={0xe6, 0x18, 0x8000}, @code={0xa, 0xcc, {"0070004fc0d383d20060b8f2410080d2220180d2630080d2440080d2020000d4000028d5008008d5801d9bd20040b0f2010180d2820180d2630080d2c40080d2020000d4008008d5400282d200e0b8f2010080d2820080d2630180d2a40080d2020000d4c0ff91d200a0b8f2e10080d2a20080d2830180d2440180d2020000d420f48fd20080b8f2c10180d2e20180d2830080d2640180d2020000d4407a97d20000b8f2410080d2220180d2030080d2e40180d2020000d4"}}, @mrs={0xbe, 0x18, {0x50280000001a1717}}, @svc={0x122, 0x40, {0x200, [0x31a24feb, 0x100, 0x400, 0x3, 0x3]}}, @svc={0x122, 0x40, {0x4, [0x1, 0x4, 0x6, 0x4, 0x228]}}, @msr={0x14, 0x20, {0x603000000013df4a, 0x6}}, @eret={0xe6, 0x18, 0x6}, @uexit={0x0, 0x18, 0xf27}, @eret={0xe6, 0x18, 0x8}, @smc={0x1e, 0x40, {0x8, [0x2, 0x30, 0x3, 0x2, 0x3]}}, @mrs={0xbe, 0x18, {0x603000000013c016}}, @smc={0x1e, 0x40, {0xc4000053, [0x3, 0xffffffffffff8001, 0x8, 0x0, 0x7]}}, @memwrite={0x6e, 0x30, @vgic_gicr={0x80c0000, 0x48, 0x8}}, @memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0xfec0, 0x5, 0x4d261563e65ba45e}}, @uexit={0x0, 0x18, 0x3}, @smc={0x1e, 0x40, {0x2, [0x0, 0x1, 0x6, 0x3, 0x802b]}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @irq_setup={0x46, 0x18, {0x2, 0x324}}, @svc={0x122, 0x40, {0xc5000020, [0xffffffffffffff65, 0xbf, 0xe, 0x0, 0x2]}}, @hvc={0x32, 0x40, {0x80000000, [0xd9f9, 0x19, 0x4, 0x7fff]}}, @memwrite={0x6e, 0x30, @generic={0x0, 0x91a, 0x2}}], 0x568}, &(0x7f00000005c0)=[@featur1={0x1, 0x2}], 0x1) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, r0, 0x5, 0x12, r1, 0x0) r2 = ioctl$KVM_GET_STATS_FD_cpu(r1, 0xaece) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000600)) (async) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000640)=0x80) (async) ioctl$KVM_GET_DEVICE_ATTR(r2, 0x4018aee2, &(0x7f00000006c0)=@attr_other={0x0, 0x140000, 0x7, &(0x7f0000000680)=0x4}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000700)={0x2b, "6022d9b84034e7d2c7e39b8a715ea7a847a3f5c23bb8e073fe7af1825e00465b888c22348debd9fd665eb0"}) (async) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000780)=@attr_other={0x0, 0x39d, 0x5, &(0x7f0000000740)=0x5}) (async) write$eventfd(r2, &(0x7f00000007c0)=0x7, 0x8) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000800)=@x86={0xe9, 0x0, 0x4, 0x0, 0xfffffffb, 0x9, 0xd, 0x95, 0x4, 0x7, 0x1, 0x5, 0x0, 0xfffffff9, 0x5b, 0x7, 0x9, 0x7, 0x5, '\x00', 0x40, 0x68}) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000880)=@arm64_sve={0x60800000001504b9, &(0x7f0000000840)=0x4}) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000008c0)=@x86={0x0, 0xe, 0x7, 0x0, 0x2, 0x7, 0x3, 0x7a, 0x4, 0x8, 0xf, 0xe, 0x0, 0x4, 0xfff, 0x62, 0x4, 0xdc, 0x0, '\x00', 0x0, 0x7}) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000900), 0x200400, 0x0) ioctl$KVM_GET_SREGS(r1, 0x8000ae83, &(0x7f0000000940)) (async) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000ac0)=@other={0x1, &(0x7f0000000a80)}) (async) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000b40)=@arm64_extra={0x603000000013c02a, &(0x7f0000000b00)=0x1}) (async) ioctl$KVM_SET_REGS(r4, 0x4360ae82, &(0x7f0000000b80)={[0xe7fb, 0xfffffffffffffffd, 0x7, 0x6, 0x9, 0xfffffffffffffff9, 0x4, 0xf2, 0xb, 0x4, 0x0, 0x3, 0x7a3, 0x8, 0xbde, 0x9], 0xeeee0000, 0x100840}) (async) ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f0000000c40)={0x3, [0x1, 0x9, 0xffff]}) (async) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000c80)={0x2, 0x0, 0x33336000, 0x1000, &(0x7f0000ea6000/0x1000)=nil}) (async) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000cc0)=@x86={0x3, 0x7, 0x7f, 0x0, 0x7a, 0x2, 0x5, 0x2f, 0x8, 0x9, 0x1, 0x5, 0x0, 0x0, 0x6, 0x1, 0xff, 0x5c, 0x1b, '\x00', 0x81, 0x100}) (async) ioctl$KVM_CAP_ARM_SYSTEM_SUSPEND(r2, 0x4068aea3, &(0x7f0000000d00)) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r1, 0x4018aee2, &(0x7f0000000dc0)=@attr_set_pmu={0x0, 0x0, 0x3, &(0x7f0000000d80)=0xb}) (async) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000e00)={0xe, 0xffffffffffffffff, 0x1}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000e40)={0xeeee0000, 0x102000}) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) 39m14.979951729s ago: executing program 0 (id=49): r0 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x3, 0x100) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x2, 0x0, &(0x7f0000000000)=0x9}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x39) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x18000}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000100)={0x1, 0x2, 0x1, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x8}) r2 = mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x1000008, 0x40010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000001c0)="32126a489b2113b444d2fddfa950bf772fb0e34aed225886abc1af01e892c5e4129e687674ff312d7cf6c2c5c0eb10c7886e2a7be4562c515a3e32d3fd690ea72241de3d74a5b5a4", 0x0, 0x48) r3 = syz_kvm_add_vcpu$arm64(0x0, &(0x7f00000006c0)={0x0, &(0x7f0000000240)=[@msr={0x14, 0x20, {0x603000000013807e, 0x3}}, @code={0xa, 0x6c, {"0028200e000028d5007008d5007008d520fa9bd200e0b8f2410180d2420180d2e30180d2640080d2020000d4a0c789d20040b0f2a10080d2420180d2830180d2440180d2020000d40078000e00f4a00e0054000f000028d5"}}, @code={0xa, 0xb4, {"a03790d200c0b0f2210080d2620080d2e30180d2c40080d2020000d480c488d20040b0f2410180d2c20180d2430080d2040080d2020000d4000028d500008012000008d5007008d5e02492d20040b8f2c10080d2420080d2630180d2440080d2020000d4406a9fd20000b8f2410180d2a20080d2630180d2040080d2020000d400a888d20060b8f2210180d2a20180d2630080d2a40080d2020000d4e003bfd6"}}, @its_send_cmd={0xaa, 0x28, {0x6, 0x1, 0x3, 0x10, 0x0, 0x7, 0x1}}, @hvc={0x32, 0x40, {0x84000010, [0x7fff, 0x4, 0x3, 0x1, 0x5]}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x8000, 0xfffffffffffffffc, 0x4}}, @msr={0x14, 0x20, {0x603000000013dea7, 0xd1}}, @hvc={0x32, 0x40, {0x80000002, [0x1, 0x800, 0x4, 0x401, 0x8001]}}, @uexit={0x0, 0x18, 0x8}, @smc={0x1e, 0x40, {0x80003fff, [0x3, 0x4, 0x6c98, 0x3, 0x7]}}, @code={0xa, 0x9c, {"007008d5007008d5a0408ed20040b0f2c10080d2620080d2430180d2c40080d2020000d4000008d50000c06ce0ed9cd20060b0f2610080d2c20080d2230180d2440180d2020000d400328dd20080b8f2810180d2c20080d2a30180d2240180d2020000d40078202ee02c95d20000b8f2a10080d2020180d2230080d2240080d2020000d4000008d5"}}, @uexit={0x0, 0x18, 0x400}, @irq_setup={0x46, 0x18, {0x5, 0x240}}, @svc={0x122, 0x40, {0x84000052, [0x3, 0x9, 0xcf, 0x1, 0x6]}}, @msr={0x14, 0x20, {0x603000000013c600, 0xa2d4}}, @code={0xa, 0x84, {"0050000e007008d5008008d50000801380ca87d200a0b0f2210180d2420180d2230180d2040080d2020000d4206f9fd200e0b8f2a10080d2020080d2a30080d2e40080d2020000d4007008d540e987d20040b0f2c10080d2e20180d2230180d2240080d2020000d40000800c007008d5"}}, @memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x1a00, 0x40, 0x8}}], 0x470}, &(0x7f0000000700)=[@featur2], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_ARM_VCPU_FINALIZE(0xffffffffffffffff, 0x4004aec2, &(0x7f0000000740)=0x4) ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, &(0x7f00000007c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000780)={0x400, 0xffffffff, 0x1}}) ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f0000000800)={0x1, 0x401}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_ONE_REG(r4, 0x4010aeac, &(0x7f0000000880)=@arm64_sve_vls={0x606000000015ffff, &(0x7f0000000840)=0xc}) ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(r5, 0xc008aeb0, &(0x7f00000008c0)={0xa, [0x90, 0x4, 0x26, 0x400, 0x6, 0x2, 0x0, 0x401, 0x1, 0x6]}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x7) syz_kvm_vgic_v3_setup(r6, 0x2, 0x20) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000980)=@attr_arm64={0x0, 0x8, 0x2, &(0x7f0000000940)=0x1}) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f00000009c0)={0x3, 0x20}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000a00)={0x3, 0x0, &(0x7f0000ff6000/0xa000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x10000, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000a80)={0x3, 0xffffffffffffffff, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r7, 0x4018aee3, &(0x7f0000000b00)=@attr_arm64={0x0, 0x4, 0x3, &(0x7f0000000ac0)=0xfffffffffffffff8}) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) ioctl$KVM_CAP_ARM_INJECT_SERROR_ESR(r6, 0x4068aea3, &(0x7f0000000b40)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000bc0)={0xf000, 0x10000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 39m12.53849386s ago: executing program 1 (id=50): r0 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) r3 = eventfd2(0xfffffffa, 0x80001) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x80, 0x4, 0x0, r3}) (async) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x1, 0x37d03030d7a92616}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x10000, 0x4000}) (async) r4 = syz_kvm_add_vcpu$arm64(r0, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async, rerun: 64) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async, rerun: 64) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r7 = eventfd2(0x8, 0x80800) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22) (async) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000000, 0x0, 0x0, r7, 0x2}) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000000)={0x1, 0x0, 0x0, r7, 0xf}) (async, rerun: 64) ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000080)={0x81, 0x1000, 0x4, r3, 0x2}) (rerun: 64) 39m9.87742021s ago: executing program 0 (id=51): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101440, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000000)={0x7, 0xffffffffffffffff}) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x5, 0x0}) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000bde000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}], 0x28}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x4, 0x220) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x0, 0x80000f, 0x12, r9, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b8540000521ce16f8f1f449a7a835673312b54ebb2aa76c87ed22627e7df004000", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r9, 0x0) r11 = eventfd2(0x0, 0x0) close(r11) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01) r12 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r12, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) write$eventfd(r11, &(0x7f0000000180)=0x5, 0xfffffde3) ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, 0x0}) 39m5.590210861s ago: executing program 1 (id=52): mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xc0189436, 0x100000000000000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xe3) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000000, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) 38m57.659013949s ago: executing program 1 (id=53): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x10102, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) munmap(&(0x7f000072c000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r3, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6000006, 0x10, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f00007f6000/0x3000)=nil, 0x0, 0x2, 0x4000010, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x181000, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r11, 0x4010aeac, &(0x7f0000000140)=@arm64_ccsidr={0x6020000020110007, &(0x7f0000000100)=0x7}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) 38m49.577784891s ago: executing program 0 (id=54): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000080)={0xeefea004, 0x101000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) 38m42.34557844s ago: executing program 1 (id=55): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xe4) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r13, 0x200000d, 0x20010, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000aa5000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r15, 0xc008aeb0, &(0x7f0000000000)) 38m2.707837112s ago: executing program 32 (id=54): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000080)={0xeefea004, 0x101000}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x7, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_arm64={0x0, 0x4, 0x0, 0x0}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x5, 0x2}) 37m55.381837477s ago: executing program 33 (id=55): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f0000000940)=@attr_arm64={0x0, 0x4, 0x500, 0x0}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r6, 0x0) r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0x8, 0x100, &(0x7f0000000000)=0xc000000000000000}) ioctl$KVM_CREATE_VM(r8, 0x401c5820, 0x20000000) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xe4) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, 0xffffffffffffffff, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r13, 0x200000d, 0x20010, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r14 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000aa5000/0x400000)=nil) r15 = syz_kvm_add_vcpu$arm64(r14, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r15, 0xc008aeb0, &(0x7f0000000000)) 31m0.488367241s ago: executing program 3 (id=74): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@mrs={0xbe, 0x18, {0x603000000013c807}}, @msr={0x14, 0x20, {0x603000000013e66c, 0xa}}, @memwrite={0x6e, 0x30, @generic={0x8080000, 0x6d2, 0x2, 0x5}}], 0x68}, 0x0, 0x0) ioctl$KVM_CAP_ARM_MTE(r1, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) munmap(&(0x7f0000efa000/0x2000)=nil, 0x2000) 30m48.878839735s ago: executing program 3 (id=76): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xc0045878, 0x20000000) r4 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2, 0x23ac5f9b426ec4b1, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fb707cd24b7eebb20700000000000000000000000100", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa00f2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a11f1, 0x0) 30m35.998687431s ago: executing program 3 (id=78): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) r1 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r2 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f00000000c0)="d5f5f543d3681d26b4d9f0ffffffff7b41445c085486580143226c0ead9a1620ba24f023314cc4bf610d6a743ad4913923b8364e5f73ea2fc43ac1abfc00", 0x0, 0xffffffffffffff32) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000000)="1d41528cb38ab03b0d9148595b6c776ee3ed85518e7e5550", 0x0, 0x18) r4 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000140)="32f293f48202e560df0b15aa6ed1af74e8a16bd563f4786a461012f8448c9ff42a5be0755a9a6134852c6cc59977e53f2ea0e09d88b3bd7bee1b56831c250d98346e1879dcc67539", 0x0, 0x48) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_RUN(r5, 0xae80, 0x0) 30m30.467617193s ago: executing program 2 (id=79): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x200000004) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000002c0)={0x0, &(0x7f0000000380)=[@memwrite={0x6e, 0x30, @vgic_gits={0x8080000, 0x100, 0x1005, 0x9}}], 0x30}, 0x0, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) r5 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r7, 0x2, 0x100) r8 = ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece) r9 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f0000000200)=[@svc={0x122, 0x40, {0x800, [0xffffffeffffffff8, 0x8, 0x8000000005, 0x5, 0x400]}}], 0x40}, 0x0, 0x0) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) mmap$KVM_VCPU(&(0x7f0000c0b000/0x1000)=nil, r11, 0x3, 0x40b2811, r10, 0x0) mmap$KVM_VCPU(&(0x7f0000d28000/0x4000)=nil, r11, 0x4, 0x13, r3, 0x0) r12 = ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f0000000000)={0x9, 0x3ff}) r13 = ioctl$KVM_GET_STATS_FD_cpu(r3, 0xaece) close(r13) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x20) ioctl$KVM_IOEVENTFD(r15, 0xc0189436, &(0x7f0000000180)={0x0, 0xd000, 0x8, 0xffffffffffffffff, 0x5}) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0) r18 = ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x0) r19 = ioctl$KVM_GET_STATS_FD_cpu(r18, 0xaece) close(r19) close(r12) ioctl$KVM_RUN(r3, 0xae80, 0x0) 30m15.765405663s ago: executing program 2 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r1 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r1, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)={0x836, 0x0, [{0xc, 0x2, 0x1, 0x0, @msi={0xebb, 0x394c794c, 0x7f, 0x801}}]}) 30m14.272171885s ago: executing program 3 (id=81): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000bfd000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000b80)={0x0, &(0x7f00000009c0)=[@hvc={0x32, 0x40, {0xc4000004, [0x400000000000007, 0xfffffffffffffffa, 0x8000000000000000, 0x427f, 0x400003]}}], 0x40}, &(0x7f0000000bc0)=[@featur1={0x1, 0x4}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000100)=@arm64_extra={0x603000000013c025, &(0x7f00000000c0)=0x6}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) openat$kvm(0x0, 0x0, 0x0, 0x0) close(0x3) r7 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r6, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000080)="4776f2db7955b65cfc739711fa2e4a37c61bae2e88a262eaa9a44fafb1772c167cd26dd5e8979097ecb7615e7ff2262b1c728d14018f21f2b99840e790f444cfdc2ae271ae4eac93", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r8 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0, 0x20010, r3, 0x0) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f0000000000)=[@its_send_cmd={0xaa, 0x28, {0xb, 0x1, 0x4, 0x10, 0x1, 0x80000000, 0x4}}], 0x28}, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 30m5.581587987s ago: executing program 2 (id=82): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x2, 0x400009, 0x0, 0x80}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) munmap(&(0x7f0000584000/0x800000)=nil, 0x800000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x1000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xe) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xeeef0000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil}) close(r4) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29m58.295780478s ago: executing program 3 (id=83): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x20, {0x603000000013df60, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df61, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df62, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df63, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df64, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df65, 0x8000}}, @msr={0x14, 0x20, {0x603000000013df7f, 0x8000}}], 0xe0}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r6, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) r8 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r7, 0x3, 0x11, r6, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r8, 0xffffffffffffffff) syz_kvm_assert_reg(r6, 0x603000000013df60, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df61, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df62, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df63, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df64, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df65, 0x8000) syz_kvm_assert_reg(r6, 0x603000000013df7f, 0x8000) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)={0x3, 0x9}}) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000000000/0x400000)=nil) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) close(r1) 29m51.923102282s ago: executing program 2 (id=84): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r1 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r4, 0x603000000013dce5, 0x8000) (async) syz_kvm_assert_reg(r4, 0x603000000013dce9, 0x8000) (async) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0x77) 29m40.480913687s ago: executing program 3 (id=85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x5, 0x3, 0x2, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000000)={0x7, 0x8000001}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0x80087601, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x84000009, [0x99a, 0x7, 0xaca, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x245, 0x9, 0xe}}], 0x30}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) (async) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x10000, 0x0, &(0x7f0000ce0000/0x4000)=nil}) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x5) (async) ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) 29m39.71830372s ago: executing program 2 (id=86): r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@msr={0x14, 0x25, {0x603000000013df62, 0xc00000}}], 0x20}, &(0x7f0000000280)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f00000002c0)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29m28.703124726s ago: executing program 2 (id=87): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c038, &(0x7f0000000200)=0x3}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000340)={0x5, 0x0, [{0x5, 0x7d6cefe17c63eda4, 0x1, 0x0, @irqchip={0xf, 0x4}}, {0x1ff, 0x2, 0x0, 0x0, @msi={0x4, 0x6, 0x3ff, 0x6}}, {0x80000001, 0x4, 0x1, 0x0, @irqchip={0x0, 0xb}}, {0xd, 0x1, 0x1, 0x0, @irqchip={0x2, 0x6cc9}}, {0x5, 0x5, 0x0, 0x0, @irqchip={0x9, 0x8}}]}) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x29) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r13, 0x2, 0x12, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000200)={0x80a0000, 0x0, 0x94, 0x1}) r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur2={0x1, 0xf}], 0x1) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r17, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, 0x0}) 28m52.719444309s ago: executing program 34 (id=85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x34) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x5, 0x3, 0x2, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000000)={0x7, 0x8000001}) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000c8f000/0x4000)=nil, 0x4000) (async) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) (async) r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0x80087601, 0x0) (async) r9 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000000)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x20e4586c}) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) r12 = syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000b80)={0x0, &(0x7f0000000100)=[@smc={0x1e, 0x40, {0x84000009, [0x99a, 0x7, 0xaca, 0x101, 0x10]}}], 0x40}, &(0x7f0000000280)=[@featur1={0x1, 0x4}], 0x1) (async) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r14, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) (async) r15 = syz_kvm_setup_syzos_vm$arm64(r14, &(0x7f0000c00000/0x400000)=nil) r16 = syz_kvm_add_vcpu$arm64(r15, &(0x7f0000000180)={0x0, &(0x7f0000000080)=[@memwrite={0x6e, 0x30, @generic={0xdddd1000, 0x245, 0x9, 0xe}}], 0x30}, 0x0, 0x0) ioctl$KVM_RUN(r16, 0xae80, 0x0) (async) ioctl$KVM_RUN(r12, 0xae80, 0x0) (async) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000040)={0x10000, 0x0, &(0x7f0000ce0000/0x4000)=nil}) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x5) (async) ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) 28m37.960864436s ago: executing program 35 (id=87): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r5, r6, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r6, 0x4010aeac, &(0x7f00000000c0)=@arm64_sys={0x603000000013c038, &(0x7f0000000200)=0x3}) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r8, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000340)={0x5, 0x0, [{0x5, 0x7d6cefe17c63eda4, 0x1, 0x0, @irqchip={0xf, 0x4}}, {0x1ff, 0x2, 0x0, 0x0, @msi={0x4, 0x6, 0x3ff, 0x6}}, {0x80000001, 0x4, 0x1, 0x0, @irqchip={0x0, 0xb}}, {0xd, 0x1, 0x1, 0x0, @irqchip={0x2, 0x6cc9}}, {0x5, 0x5, 0x0, 0x0, @irqchip={0x9, 0x8}}]}) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) r10 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x29) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x1) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04) r14 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, r13, 0x2, 0x12, r12, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r14, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000200)={0x80a0000, 0x0, 0x94, 0x1}) r15 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r16 = syz_kvm_setup_syzos_vm$arm64(r15, &(0x7f0000c00000/0x400000)=nil) r17 = syz_kvm_add_vcpu$arm64(r16, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=[@featur2={0x1, 0xf}], 0x1) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r17, 0x4018aee1, &(0x7f00000000c0)=@attr_other={0x0, 0x0, 0x4, 0x0}) 21m34.877311368s ago: executing program 4 (id=88): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@its_setup={0x82, 0x28, {0x0, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0x8, 0x0, 0x802, 0x40000008, 0x0, 0x80}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) syz_kvm_assert_reg(r10, 0x603000000013df12, 0x8000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0xeeee8000, 0x4000, 0x1}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r1, 0x8040aeb6, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r12, 0x4040ae79, &(0x7f0000000040)={0x40, 0x14000, 0x0, 0xffffffffffffffff, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1a) eventfd2(0x8, 0x80800) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x21) ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x2) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r16 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r15, 0xae04) mmap$KVM_VCPU(&(0x7f0000edf000/0x3000)=nil, r16, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) 21m26.475999347s ago: executing program 5 (id=89): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2000) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x31000000, [0x16, 0x6, 0x5, 0x1, 0x7]}}], 0x40}, 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xf3) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e000, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 21m15.420326345s ago: executing program 4 (id=90): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f00000001c0), 0x2083, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r3, 0x0, 0x0) 20m38.293666287s ago: executing program 36 (id=89): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2000) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@smc={0x1e, 0x40, {0x31000000, [0x16, 0x6, 0x5, 0x1, 0x7]}}], 0x40}, 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xf3) mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x28) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r8, 0x4010aeab, &(0x7f0000000040)=@arm64_sys={0x603000000013e000, 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r9 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x31) r11 = syz_kvm_setup_syzos_vm$arm64(r10, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r11, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 20m35.370520652s ago: executing program 4 (id=92): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x88002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000a8b000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r10, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000}) eventfd2(0x0, 0x1801) ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000080)={0x5000, 0xdddd1000, 0x7, 0x0, 0x7fff}) 19m47.670671191s ago: executing program 37 (id=92): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x88002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1d) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000a8b000/0x400000)=nil) ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x0, 0x100, 0x1c0, 0x0}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r8 = syz_kvm_add_vcpu$arm64(r7, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000100)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r8, 0x4018aee1, &(0x7f0000000180)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) r9 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r10, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x8000}) eventfd2(0x0, 0x1801) ioctl$KVM_SIGNAL_MSI(r10, 0x4020aea5, &(0x7f0000000080)={0x5000, 0xdddd1000, 0x7, 0x0, 0x7fff}) 13m31.368719396s ago: executing program 6 (id=91): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ARM_VCPU_INIT(r4, 0x4020aeae, &(0x7f00000000c0)={0x5, 0x18}) close(r1) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r2, 0x4010aeb5, &(0x7f0000000600)={0xe6, 0x3b}) r5 = syz_kvm_add_vcpu$arm64(r3, &(0x7f0000000b80)={0x0, 0x0}, &(0x7f0000000280)=[@featur1={0x1, 0x82}], 0x1) ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f00000006c0)=@attr_other={0x0, 0xe084, 0x100000001, &(0x7f0000000300)=0x2}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r5, 0x4018aee1, &(0x7f0000000080)=@attr_pmu_irq={0x0, 0x0, 0x0, &(0x7f0000000000)=0x10}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000640)={0x4}) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000e19000/0x4000)=nil, r7, 0x4, 0x8010, r5, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x7fff}}], 0x20}, &(0x7f0000000680)=[@featur1={0x1, 0x8}], 0x1) r10 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000100)={0x0, &(0x7f0000000380)=[@smc={0x1e, 0x40, {0x84000003, [0x1, 0x6, 0xfffffffffffffff7, 0x2, 0x10000]}}, @irq_setup={0x46, 0x18, {0x3, 0x1e}}, @its_setup={0x82, 0x28, {0x1, 0x3, 0x29e}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x1, 0x4, 0x9, 0x23c, 0xffff, 0x2}}, @code={0xa, 0x84, {"000440b8000c8038a0368cd20060b0f2a10080d2820080d2430080d2a40080d2020000d4007008d50008a03800d88cd20000b8f2810080d2820180d2e30180d2e40080d2020000d4805492d20040b0f2010180d2020180d2630180d2240080d2020000d400d8a10e0040261e007008d5"}}, @uexit={0x0, 0x18}, @hvc={0x32, 0x40, {0x40000000, [0x1000, 0x1, 0xfffffffffffffffe, 0x100000001, 0xfffffffffffffff8]}}, @svc={0x122, 0x40, {0xc4000010, [0x100000000000, 0x8, 0x401, 0x7f, 0xf8d]}}, @svc={0x122, 0x40, {0x4, [0xfffffffffffffffd, 0x6, 0x1, 0x3, 0x6]}}, @uexit={0x0, 0x18}, @svc={0x122, 0x40, {0x40, [0x3ff, 0xf47b, 0xfffffffffffffffd, 0x4]}}], 0x25c}, &(0x7f0000000200)=[@featur2={0x1, 0x1}], 0x1) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f00000002c0)=@arm64_bitmap={0x6030000000160001, &(0x7f0000000240)=0x2}) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r9, 0x4018aee1, &(0x7f0000000340)=@attr_pvtime_ipa={0x0, 0x2, 0x0, 0x6}) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae03, 0xbb) syz_kvm_setup_syzos_vm$arm64(r12, &(0x7f0000bff000/0x400000)=nil) ioctl$KVM_RUN(r9, 0xae80, 0x0) 13m23.145547646s ago: executing program 7 (id=93): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) eventfd2(0x8, 0x80800) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x103000, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r7, 0x400454ce, 0x110c230008) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140001}) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xff) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r12 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x31) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) 13m12.904324374s ago: executing program 6 (id=94): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000000)=0x3}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) 12m35.207984406s ago: executing program 38 (id=93): r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r3, 0x8040aeb6, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) eventfd2(0x8, 0x80800) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x103000, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) ioctl$KVM_CREATE_VM(r7, 0x400454ce, 0x110c230008) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000140)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r9, 0x4010aeac, &(0x7f00000000c0)=@arm64_fw={0x6030000000140001}) r10 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xff) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x2) ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04) r12 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x31) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1) r15 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r14, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r15, 0x20, &(0x7f0000000240)="04198bd844c9e8a7b82d748f0f0244293d28bd9400bfc2ed44db9969759357abeb8d85c8e856a4606c2e979f98d67e4ff39fb6df9547f6a9506c610dc37b175c3ad3c9952305abf0", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r14, 0x0) 12m23.368219892s ago: executing program 39 (id=94): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000180)={0xa8, 0x0, 0x2}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f00000002c0)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x6000, 0x4, 0xa}}], 0x30}, 0x0, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f00000000c0)=@attr_arm64={0x0, 0x8, 0x3, &(0x7f0000000000)=0x3}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2m3.599110249s ago: executing program 8 (id=106): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = syz_kvm_vgic_v3_setup(0xffffffffffffffff, 0x4, 0x140) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000140)=@attr_arm64={0x0, 0x2, 0x4, &(0x7f0000000100)=0x8b71}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x20080, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0xeffffffb, 0x80800) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x200, 0x4000, 0x4, r4, 0x1}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000001340)={0x3, 0x0, 0x2, r4, 0x3}) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000000c0)={0x3, 0x0, 0x2, r4, 0xb}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x23) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000380)=[@its_setup={0x82, 0x28, {0x2, 0x2, 0x7c}}], 0x28}, 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = syz_kvm_setup_syzos_vm$arm64(r9, &(0x7f0000c00000/0x400000)=nil) r11 = syz_kvm_add_vcpu$arm64(r10, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x1, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xe, 0x0, 0x2, 0x6}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r9, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r12, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r11, 0xae80, 0x0) r13 = syz_kvm_vgic_v3_setup(r5, 0xffffffffffbffffc, 0x120) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000180)={0x8}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r13, 0x4018aee1, &(0x7f0000000040)=@attr_arm64={0x0, 0x5, 0x0, &(0x7f0000000000)=0x6}) 1m57.555511812s ago: executing program 9 (id=107): munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@memwrite={0x6e, 0x30, @vgic_gicd={0x8000000, 0x50, 0x6243, 0x5}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r3, 0x1, 0x100) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0x40086602, 0x110e22ffff) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x8032, 0xffffffffffffffff, 0x0) r7 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r7, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43) ioctl$KVM_CHECK_EXTENSION(r6, 0x40086602, 0x110e227ffe) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r9 = syz_kvm_add_vcpu$arm64(r8, &(0x7f0000000540)={0x0, 0x0}, &(0x7f0000000580)=[@featur2={0x1, 0x2}], 0x1) ioctl$KVM_RUN(r9, 0xae80, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r9, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000cc00000000000000e0ef9ad200c0b8f2410080d2e20080d2430080d2e40180d2020000d4e0be9cd20040b0f2210080d2620080d2630180d2840180d2020000d40000681e0000000b0000399e003c202ea04c8ad200e0b0f2610180d2c20180d2a30080d2640180d2020000d4c0ed81d20000b8f2810180d2820180d2a30180d2640080d2020000d4a0a189d20060b0f2410180d2820180d2230080d2240180d2020000d4804e82d20020b0f2810180d2020180d2830180d2a40080d2020000d4c0035fd6aa00000000000000280000000000000003010400000000000000090000000e0000000000000000003200000000000000400000000000000000000006000000c38900000000000000f7780000000000000800000000000000030000000000000009000000000000001e0000000000000040000000000000000900008400000000050000000000000010000000000000007f0d0000000000000010000000000000050000000000000046000000000000001800000000000000000000005a000000be00000000000000180000000000000028981300000030601400000000000000200000000000000085c01300000030600100000001000000320000000000000040000000000000000b000084000000000400000000000000080000000000000006000000000000000600000000000000dd00000000000000be000000000000001800000000000000fe77000000000000"], 0x21c}], 0x1, 0x0, 0x0, 0x0) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) 1m37.067756385s ago: executing program 8 (id=108): openat$kvm(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0x2}}], 0x20}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) r4 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) r8 = syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000ab8000/0x400000)=nil) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) syz_kvm_add_vcpu$arm64(r8, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000040)={0x10001, 0x10001}) r9 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000180)={0x0, &(0x7f00000004c0)=[@msr={0x14, 0x20, {0x603000000013dce0, 0xffffffffffffffff}}], 0x20}, &(0x7f00000000c0)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r10, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m35.918609368s ago: executing program 9 (id=109): mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x7, 0x4f832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) munmap(&(0x7f000075a000/0xb000)=nil, 0xb000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000000)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vcpu(r3, 0x4018aee2, &(0x7f0000000140)=@attr_pmu_irq={0x0, 0x0, 0x0, 0x0}) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000040)={0x0, 0x2}) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000506000/0x4000)=nil, 0x930, 0x8, 0x40010, r3, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r5, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000667000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) 1m9.337761281s ago: executing program 9 (id=110): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000180)={0x0, &(0x7f0000000380)=[@msr={0x14, 0x20, {0x603000000013dce2, 0x7ffe}}, @smc={0x1e, 0x40, {0xc4000007, [0x8, 0x9, 0x5, 0x7fff, 0x5]}}], 0x60}, &(0x7f0000000300)=[@featur1={0x1, 0x8}], 0x1) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0x4018aee1, &(0x7f0000000340)=@attr_pmu_init) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd7) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x23) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r6, 0x4068aea3, &(0x7f0000000280)={0xdf, 0x0, 0x2000}) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0xc6) r7 = mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000d19000/0x1000)=nil, 0x1000) syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, 0x0, 0x0, 0x0) syz_memcpy_off$KVM_EXIT_MMIO(r7, 0x20, 0x0, 0x0, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r11 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r10, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r11, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x20010, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f00000001c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e700", 0x0, 0x48) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r10, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x399972, 0x0) r12 = syz_kvm_setup_syzos_vm$arm64(r6, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) syz_kvm_add_vcpu$arm64(r12, &(0x7f0000000980)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) 1m8.840599143s ago: executing program 8 (id=111): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) (async) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x1, 0x4, 0x1}}, @its_send_cmd={0xaa, 0x28, {0xf, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) 49.655838356s ago: executing program 8 (id=112): munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) mmap$KVM_VCPU(&(0x7f0000ff5000/0x3000)=nil, 0x930, 0x100000f, 0x24132, 0xffffffffffffffff, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x2a040, 0x0) r0 = openat$kvm(0x0, 0x0, 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x20) r7 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1d) r8 = openat$kvm(0x0, &(0x7f0000000080), 0x2000, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0xe, 0x16831, 0xffffffffffffffff, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x12) ioctl$KVM_CREATE_DEVICE(r12, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r13, 0x4018aee3, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r13, 0x4018aee3, &(0x7f0000000040)=@attr_other={0x0, 0x1, 0x200, 0x0}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r10, 0x20, &(0x7f0000000240)="37e68986ad644f5dc57bbc1ff382863b67f3eee57a32ec911d95f88f3dd8ea716e4a29cefbd440b2ecf83f57baf33b0c97182970a47ef45c954e42f2055384921830f6e273d2eb30", 0x0, 0x2a2019ac5ed2a1ef) close(r9) openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000040)="7cfaa2bfd6dd76375aa1bde04fceeb33743b07d73b3e9aac", 0x0, 0x18) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x0, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0xf, 0x32, 0xffffffffffffffff, 0x0) 42.300319543s ago: executing program 9 (id=113): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_kvm_setup_syzos_vm$arm64(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$arm64(r3, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x2, 0x1, 0x4}}, @its_send_cmd={0xaa, 0x28, {0x1, 0x83, 0x8000, 0x0, 0x0, 0xd4f1, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r2, 0x1, 0x100) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 23.248358842s ago: executing program 9 (id=114): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xae) r1 = syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000080)={0xffff1000, 0xb000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000}) r4 = syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xae) (async) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) (async) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5) (async) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000080)={0xffff1000, 0xb000}) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0xdddd1000, 0x1000}) (async) syz_kvm_add_vcpu$arm64(r1, &(0x7f00000000c0)={0x0, 0x0}, 0x0, 0x0) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) 22.056022188s ago: executing program 8 (id=115): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x51) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x28) syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) (async) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000540)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r5, 0x4004ae8b, &(0x7f00000000c0)) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x80, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$arm64(r7, r8, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, 0x0}) (async) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000140)=@arm64_core={0x6030000000100042, 0x0}) 7.421004456s ago: executing program 9 (id=116): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x80201, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r6, r7, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000000000)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f00000000c0)=@arm64_core={0x6030000000100022, &(0x7f0000000100)=0x8}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x8080000, 0x2000, &(0x7f0000c5d000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000d70000/0x3000)=nil, 0x3000) r8 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) (rerun: 64) openat$kvm(0x0, 0x0, 0x940, 0x0) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r8, 0xae80, 0x0) 0s ago: executing program 8 (id=117): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f00000001c0)="4ff6d535915afa0ad2e775bd385a7e6bc0b1462ad0407959c7dc499882ce256db238635e806a8f73bdcec0ce8927265658e9f604fdc81321405c06561299cd68555def54b309423f", 0x0, 0x48) openat$kvm(0x0, &(0x7f0000000040), 0x109200, 0x0) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x60871, 0x0) (async) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x60871, 0x0) kernel console output (not intermixed with test programs): [ 373.858825][ T3155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 406.157936][ T3155] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:55986' (ED25519) to the list of known hosts. [ 586.133178][ T25] audit: type=1400 audit(585.360:61): avc: denied { name_bind } for pid=3311 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 587.656178][ T25] audit: type=1400 audit(586.880:62): avc: denied { execute } for pid=3312 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 587.681387][ T25] audit: type=1400 audit(586.910:63): avc: denied { execute_no_trans } for pid=3312 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 607.365803][ T25] audit: type=1400 audit(606.580:64): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 607.426394][ T25] audit: type=1400 audit(606.630:65): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 607.568921][ T3312] cgroup: Unknown subsys name 'net' [ 607.658080][ T25] audit: type=1400 audit(606.880:66): avc: denied { unmount } for pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 608.171998][ T3312] cgroup: Unknown subsys name 'cpuset' [ 608.271335][ T3312] cgroup: Unknown subsys name 'rlimit' [ 609.158385][ T25] audit: type=1400 audit(608.390:67): avc: denied { setattr } for pid=3312 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 609.179565][ T25] audit: type=1400 audit(608.400:68): avc: denied { mounton } for pid=3312 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 609.205965][ T25] audit: type=1400 audit(608.430:69): avc: denied { mount } for pid=3312 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 610.353305][ T3315] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 610.373983][ T25] audit: type=1400 audit(609.600:70): avc: denied { relabelto } for pid=3315 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 610.403683][ T25] audit: type=1400 audit(609.610:71): avc: denied { write } for pid=3315 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 610.589932][ T25] audit: type=1400 audit(609.820:72): avc: denied { read } for pid=3312 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 610.610232][ T25] audit: type=1400 audit(609.830:73): avc: denied { open } for pid=3312 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 610.652986][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 660.158779][ T25] audit: type=1400 audit(659.390:74): avc: denied { execmem } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 664.611427][ T25] audit: type=1400 audit(663.840:75): avc: denied { read } for pid=3318 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 664.640210][ T25] audit: type=1400 audit(663.850:76): avc: denied { open } for pid=3318 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 664.711816][ T25] audit: type=1400 audit(663.940:77): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 665.035552][ T25] audit: type=1400 audit(664.240:78): avc: denied { module_request } for pid=3319 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 666.088112][ T25] audit: type=1400 audit(665.310:79): avc: denied { sys_module } for pid=3318 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 689.360096][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.490261][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 690.629631][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 690.752967][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 705.689248][ T3318] hsr_slave_0: entered promiscuous mode [ 705.743228][ T3318] hsr_slave_1: entered promiscuous mode [ 707.933417][ T3319] hsr_slave_0: entered promiscuous mode [ 707.982113][ T3319] hsr_slave_1: entered promiscuous mode [ 708.019458][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 708.025827][ T3319] Cannot create hsr debugfs directory [ 713.439986][ T25] audit: type=1400 audit(712.670:80): avc: denied { create } for pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.507485][ T25] audit: type=1400 audit(712.680:81): avc: denied { write } for pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.516052][ T25] audit: type=1400 audit(712.730:82): avc: denied { read } for pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 713.699139][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 714.109372][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 714.360831][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 714.668794][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 716.191583][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 716.331365][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 716.506130][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 716.773018][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 728.760031][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 731.041844][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 787.153770][ T3318] veth0_vlan: entered promiscuous mode [ 787.822665][ T3318] veth1_vlan: entered promiscuous mode [ 790.338258][ T3318] veth0_macvtap: entered promiscuous mode [ 790.891151][ T3318] veth1_macvtap: entered promiscuous mode [ 792.031100][ T3319] veth0_vlan: entered promiscuous mode [ 793.129814][ T3319] veth1_vlan: entered promiscuous mode [ 794.530330][ T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.548414][ T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.558318][ T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.599420][ T21] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.506992][ T25] audit: type=1400 audit(796.680:83): avc: denied { mount } for pid=3318 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 797.619615][ T3319] veth0_macvtap: entered promiscuous mode [ 797.641409][ T25] audit: type=1400 audit(796.840:84): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/syzkaller.0RUWbt/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 797.807811][ T25] audit: type=1400 audit(797.020:85): avc: denied { mount } for pid=3318 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 797.908091][ T3319] veth1_macvtap: entered promiscuous mode [ 798.070206][ T25] audit: type=1400 audit(797.300:86): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/syzkaller.0RUWbt/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 798.180792][ T25] audit: type=1400 audit(797.410:87): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/syzkaller.0RUWbt/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3751 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 798.779717][ T25] audit: type=1400 audit(798.010:88): avc: denied { unmount } for pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 799.090270][ T25] audit: type=1400 audit(798.320:89): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 799.186674][ T25] audit: type=1400 audit(798.400:90): avc: denied { mount } for pid=3318 comm="syz-executor" name="/" dev="gadgetfs" ino=3760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 799.463762][ T25] audit: type=1400 audit(798.690:91): avc: denied { mount } for pid=3318 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 799.612346][ T25] audit: type=1400 audit(798.790:92): avc: denied { mounton } for pid=3318 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 799.986337][ T3370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 799.991491][ T3370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.010394][ T3370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 800.016227][ T3370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.202184][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 802.736576][ T25] kauditd_printk_skb: 1 callbacks suppressed [ 802.737400][ T25] audit: type=1400 audit(801.920:94): avc: denied { read write } for pid=3318 comm="syz-executor" name="loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 802.787783][ T25] audit: type=1400 audit(801.950:95): avc: denied { open } for pid=3318 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 802.802610][ T25] audit: type=1400 audit(802.000:96): avc: denied { ioctl } for pid=3318 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=639 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 811.296779][ T25] audit: type=1400 audit(810.520:97): avc: denied { read } for pid=3477 comm="syz.1.2" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 811.341965][ T25] audit: type=1400 audit(810.570:98): avc: denied { open } for pid=3477 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 811.786685][ T25] audit: type=1400 audit(811.010:99): avc: denied { ioctl } for pid=3477 comm="syz.1.2" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 833.379289][ T25] audit: type=1400 audit(832.600:100): avc: denied { write } for pid=3494 comm="syz.1.7" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 860.527318][ T25] audit: type=1400 audit(859.750:101): avc: denied { append } for pid=3510 comm="syz.1.12" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 890.190327][ T25] audit: type=1400 audit(889.410:102): avc: denied { execute } for pid=3526 comm="syz.0.19" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4528 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1015.848568][ T3599] kvm [3599]: Failed to find VMA for hva 0x20c01000 [ 1189.237984][ T3653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1189.581028][ T3653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1198.928464][ T3658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1199.189763][ T3658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1215.856884][ T3653] hsr_slave_0: entered promiscuous mode [ 1215.901886][ T3653] hsr_slave_1: entered promiscuous mode [ 1215.960232][ T3653] debugfs: 'hsr0' already exists in 'hsr' [ 1215.986262][ T3653] Cannot create hsr debugfs directory [ 1224.173783][ T3658] hsr_slave_0: entered promiscuous mode [ 1224.208752][ T3658] hsr_slave_1: entered promiscuous mode [ 1224.257231][ T3658] debugfs: 'hsr0' already exists in 'hsr' [ 1224.263134][ T3658] Cannot create hsr debugfs directory [ 1232.747060][ T3653] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1233.053304][ T3653] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1233.996225][ T3653] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1234.672712][ T3653] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1245.679247][ T3725] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1246.723972][ T3725] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1248.442383][ T3725] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1248.863608][ T3658] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1249.212663][ T3658] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1250.037386][ T3725] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1250.413831][ T3658] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1250.939029][ T3658] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1268.698399][ T3725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1268.822212][ T3725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1268.958024][ T3725] bond0 (unregistering): Released all slaves [ 1271.678629][ T3725] hsr_slave_0: left promiscuous mode [ 1271.769949][ T3725] hsr_slave_1: left promiscuous mode [ 1272.291712][ T3725] veth1_macvtap: left promiscuous mode [ 1272.301929][ T3725] veth0_macvtap: left promiscuous mode [ 1272.318257][ T3725] veth1_vlan: left promiscuous mode [ 1272.323955][ T3725] veth0_vlan: left promiscuous mode [ 1289.535831][ T3653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1291.771785][ T3725] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1293.159600][ T3725] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1294.537959][ T3725] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1295.842924][ T3725] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.647426][ T3725] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1314.798003][ T3725] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1314.897807][ T3725] bond0 (unregistering): Released all slaves [ 1317.317652][ T3725] hsr_slave_0: left promiscuous mode [ 1317.698682][ T3725] hsr_slave_1: left promiscuous mode [ 1318.385672][ T3725] veth1_macvtap: left promiscuous mode [ 1318.397529][ T3725] veth0_macvtap: left promiscuous mode [ 1318.409942][ T3725] veth1_vlan: left promiscuous mode [ 1318.420168][ T3725] veth0_vlan: left promiscuous mode [ 1333.139686][ T3658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1403.568296][ T3653] veth0_vlan: entered promiscuous mode [ 1404.288310][ T3653] veth1_vlan: entered promiscuous mode [ 1406.699365][ T3653] veth0_macvtap: entered promiscuous mode [ 1407.151110][ T3653] veth1_macvtap: entered promiscuous mode [ 1409.618258][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1409.622989][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1409.633308][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1409.686081][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1423.278608][ T3658] veth0_vlan: entered promiscuous mode [ 1424.448771][ T3658] veth1_vlan: entered promiscuous mode [ 1428.219636][ T3658] veth0_macvtap: entered promiscuous mode [ 1429.012770][ T3658] veth1_macvtap: entered promiscuous mode [ 1432.266615][ T3725] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.267739][ T3725] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.342187][ T3449] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.396786][ T3449] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1477.873017][ T25] audit: type=1400 audit(1477.070:103): avc: denied { setattr } for pid=3881 comm="syz.2.63" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1780.970002][ T4027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1781.320883][ T4027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1792.261985][ T4035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1792.709351][ T4035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1822.252792][ T4027] hsr_slave_0: entered promiscuous mode [ 1822.401700][ T4027] hsr_slave_1: entered promiscuous mode [ 1833.503601][ T4035] hsr_slave_0: entered promiscuous mode [ 1833.539773][ T4035] hsr_slave_1: entered promiscuous mode [ 1833.567948][ T4035] debugfs: 'hsr0' already exists in 'hsr' [ 1833.575325][ T4035] Cannot create hsr debugfs directory [ 1849.147398][ T4027] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1850.966360][ T4027] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1852.067273][ T4027] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1852.960924][ T4027] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1861.439444][ T4035] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1862.113045][ T4035] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1862.763705][ T4035] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1863.467364][ T4035] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1888.780013][ T4027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1895.398767][ T4035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1965.497620][ T3726] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1969.007242][ T3726] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1970.943076][ T3726] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1972.601967][ T3726] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1993.662113][ T3726] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1993.842633][ T3726] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1993.997620][ T3726] bond0 (unregistering): Released all slaves [ 1997.703769][ T3726] hsr_slave_0: left promiscuous mode [ 1998.029458][ T3726] hsr_slave_1: left promiscuous mode [ 1999.007487][ T3726] veth1_macvtap: left promiscuous mode [ 1999.008876][ T3726] veth0_macvtap: left promiscuous mode [ 1999.019042][ T3726] veth1_vlan: left promiscuous mode [ 1999.052143][ T3726] veth0_vlan: left promiscuous mode [ 2021.700869][ T3726] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2023.243551][ T3726] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2024.819482][ T3726] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2026.578796][ T3726] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2050.382414][ T3726] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2050.760722][ T3726] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2050.898309][ T3726] bond0 (unregistering): Released all slaves [ 2053.011316][ T3726] hsr_slave_0: left promiscuous mode [ 2053.130342][ T3726] hsr_slave_1: left promiscuous mode [ 2053.946376][ T3726] veth1_macvtap: left promiscuous mode [ 2053.966964][ T3726] veth0_macvtap: left promiscuous mode [ 2053.977717][ T3726] veth1_vlan: left promiscuous mode [ 2053.990896][ T3726] veth0_vlan: left promiscuous mode [ 2094.076916][ T4027] veth0_vlan: entered promiscuous mode [ 2094.930127][ T4027] veth1_vlan: entered promiscuous mode [ 2098.232438][ T4027] veth0_macvtap: entered promiscuous mode [ 2098.737835][ T4027] veth1_macvtap: entered promiscuous mode [ 2102.959850][ T4035] veth0_vlan: entered promiscuous mode [ 2102.992294][ T4052] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.003242][ T4052] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.269121][ T4052] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.285482][ T4213] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2105.019102][ T4035] veth1_vlan: entered promiscuous mode [ 2110.460518][ T4035] veth0_macvtap: entered promiscuous mode [ 2111.288448][ T4035] veth1_macvtap: entered promiscuous mode [ 2114.517635][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2114.856782][ T35] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2114.892136][ T4213] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2114.978248][ T3449] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2194.952465][ T3357] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2196.741915][ T3357] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2198.039695][ T3357] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2199.438024][ T3357] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2225.633568][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2226.467131][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2226.932448][ T3357] bond0 (unregistering): Released all slaves [ 2230.037041][ T3357] hsr_slave_0: left promiscuous mode [ 2230.269410][ T3357] hsr_slave_1: left promiscuous mode [ 2231.324006][ T3357] veth1_macvtap: left promiscuous mode [ 2231.359227][ T3357] veth0_macvtap: left promiscuous mode [ 2231.381340][ T3357] veth1_vlan: left promiscuous mode [ 2231.382914][ T3357] veth0_vlan: left promiscuous mode [ 2260.442447][ T3357] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2261.863159][ T3357] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2263.188240][ T3357] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2264.408997][ T3357] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2287.952123][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2288.298084][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2288.428907][ T3357] bond0 (unregistering): Released all slaves [ 2290.148703][ T3357] hsr_slave_0: left promiscuous mode [ 2290.190832][ T3357] hsr_slave_1: left promiscuous mode [ 2290.529209][ T3357] veth1_macvtap: left promiscuous mode [ 2290.537991][ T3357] veth0_macvtap: left promiscuous mode [ 2290.542658][ T3357] veth1_vlan: left promiscuous mode [ 2290.590358][ T3357] veth0_vlan: left promiscuous mode [ 2336.901276][ T4289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2337.260940][ T4289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2343.486535][ T4306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2343.847935][ T4306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2367.188437][ T4289] hsr_slave_0: entered promiscuous mode [ 2367.252174][ T4289] hsr_slave_1: entered promiscuous mode [ 2372.681362][ T4306] hsr_slave_0: entered promiscuous mode [ 2372.719037][ T4306] hsr_slave_1: entered promiscuous mode [ 2372.758385][ T4306] debugfs: 'hsr0' already exists in 'hsr' [ 2372.790708][ T4306] Cannot create hsr debugfs directory [ 2385.263205][ T4289] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 2386.356376][ T4289] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 2387.030688][ T4289] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 2388.646975][ T4289] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 2393.805988][ T4306] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 2394.631139][ T4306] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 2395.279707][ T4306] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 2395.819775][ T4306] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 2424.222614][ T4289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2429.823964][ T4306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2570.906805][ T4289] veth0_vlan: entered promiscuous mode [ 2572.129743][ T4289] veth1_vlan: entered promiscuous mode [ 2576.780898][ T4289] veth0_macvtap: entered promiscuous mode [ 2578.110040][ T4289] veth1_macvtap: entered promiscuous mode [ 2578.661134][ T4306] veth0_vlan: entered promiscuous mode [ 2580.948363][ T4306] veth1_vlan: entered promiscuous mode [ 2584.506493][ T3449] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2584.511296][ T3449] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2584.529690][ T3449] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2584.711911][ T3449] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2588.352018][ T4306] veth0_macvtap: entered promiscuous mode [ 2589.978807][ T4306] veth1_macvtap: entered promiscuous mode [ 2595.223988][ T3726] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2595.232409][ T3726] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2595.259308][ T35] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2595.276590][ T35] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2701.330721][ T3726] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2703.549930][ T3726] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2705.837154][ T3726] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2707.891537][ T3726] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2732.040118][ T3726] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2732.394008][ T3726] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2732.707917][ T3726] bond0 (unregistering): Released all slaves [ 2735.167979][ T3726] hsr_slave_0: left promiscuous mode [ 2735.236104][ T3726] hsr_slave_1: left promiscuous mode [ 2735.793711][ T3726] veth1_macvtap: left promiscuous mode [ 2735.876105][ T3726] veth0_macvtap: left promiscuous mode [ 2735.909000][ T3726] veth1_vlan: left promiscuous mode [ 2735.910553][ T3726] veth0_vlan: left promiscuous mode [ 2774.461377][ T4093] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2775.790506][ T4093] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2777.073285][ T4093] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2778.207782][ T4093] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2800.880705][ T4093] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2801.202537][ T4093] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2801.535636][ T4093] bond0 (unregistering): Released all slaves [ 2805.583195][ T4093] hsr_slave_0: left promiscuous mode [ 2805.766186][ T4093] hsr_slave_1: left promiscuous mode [ 2806.683086][ T4093] veth1_macvtap: left promiscuous mode [ 2806.797052][ T4093] veth0_macvtap: left promiscuous mode [ 2806.801129][ T4093] veth1_vlan: left promiscuous mode [ 2806.820028][ T4093] veth0_vlan: left promiscuous mode [ 2859.828273][ T4563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2860.167745][ T4563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2863.352360][ T4568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2863.622814][ T4568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2897.969897][ T4563] hsr_slave_0: entered promiscuous mode [ 2898.110581][ T4563] hsr_slave_1: entered promiscuous mode [ 2902.248569][ T4568] hsr_slave_0: entered promiscuous mode [ 2902.322555][ T4568] hsr_slave_1: entered promiscuous mode [ 2902.372287][ T4568] debugfs: 'hsr0' already exists in 'hsr' [ 2902.426082][ T4568] Cannot create hsr debugfs directory [ 2918.964190][ T4563] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 2919.679246][ T4563] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 2920.114171][ T4563] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 2920.908266][ T4563] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 2926.943978][ T4568] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 2927.628763][ T4568] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 2928.274225][ T4568] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 2928.864214][ T4568] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 2963.543861][ T4563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2971.249716][ T4568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3141.102198][ T4563] veth0_vlan: entered promiscuous mode [ 3142.500374][ T4563] veth1_vlan: entered promiscuous mode [ 3146.543006][ T4563] veth0_macvtap: entered promiscuous mode [ 3147.653832][ T4563] veth1_macvtap: entered promiscuous mode [ 3150.967911][ T4568] veth0_vlan: entered promiscuous mode [ 3153.310998][ T4568] veth1_vlan: entered promiscuous mode [ 3154.643266][ T4785] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3154.673816][ T4785] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3154.690679][ T4785] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3155.099024][ T4785] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3160.658953][ T4568] veth0_macvtap: entered promiscuous mode [ 3161.620251][ T4568] veth1_macvtap: entered promiscuous mode [ 3166.695861][ T4093] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3166.736379][ T3449] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3166.811653][ T4514] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3166.886558][ T4514] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3423.789557][ T4920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e6cf [ 3423.816191][ T4920] flags: 0x1fff98000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xe6) [ 3423.819382][ T4920] raw: 01fff98000000000 ffffc1ffc079b408 ffffc1ffc063d788 0000000000000000 [ 3423.819732][ T4920] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 3423.819988][ T4920] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 3423.821011][ T4920] ------------[ cut here ]------------ [ 3423.821175][ T4920] kernel BUG at ./include/linux/mm.h:1036! [ 3423.822867][ T4920] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 3423.830858][ T4920] Modules linked in: [ 3423.832824][ T4920] CPU: 0 UID: 0 PID: 4920 Comm: syz.9.116 Not tainted syzkaller #0 PREEMPT [ 3423.834327][ T4920] Hardware name: linux,dummy-virt (DT) [ 3423.835529][ T4920] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 3423.836835][ T4920] pc : kvm_s2_put_page+0x374/0x3a0 [ 3423.839040][ T4920] lr : kvm_s2_put_page+0x374/0x3a0 [ 3423.839970][ T4920] sp : ffff8000a2b87450 [ 3423.840678][ T4920] x29: ffff8000a2b87450 x28: f9f0000018f5e000 x27: f9f0000018f5e000 [ 3423.842195][ T4920] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000 [ 3423.843516][ T4920] x23: ffffc1ffc079b3c8 x22: 0000000000000000 x21: ffffc1ffc079b3f4 [ 3423.844746][ T4920] x20: 0000000000000000 x19: ffffc1ffc079b3c0 x18: 00000000e5bca035 [ 3423.846072][ T4920] x17: 0000000005004791 x16: 00000000e55487c6 x15: 00000000b5ad2ef0 [ 3423.847335][ T4920] x14: 0000000000000000 x13: fff0000024d40008 x12: 0000000000000001 [ 3423.848646][ T4920] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 1f36cefdc6299a00 [ 3423.850021][ T4920] x8 : 1f36cefdc6299a00 x7 : ffff80008048ab34 x6 : 0000000000000000 [ 3423.851271][ T4920] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008074ae00 [ 3423.852573][ T4920] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 3423.854034][ T4920] Call trace: [ 3423.854871][ T4920] kvm_s2_put_page+0x374/0x3a0 (P) [ 3423.856134][ T4920] stage2_free_walker+0x1b0/0x264 [ 3423.857112][ T4920] __kvm_pgtable_walk+0x7d8/0xa68 [ 3423.857905][ T4920] kvm_pgtable_walk+0x294/0x468 [ 3423.858773][ T4920] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 3423.859763][ T4920] kvm_free_stage2_pgd+0x198/0x28c [ 3423.860658][ T4920] kvm_uninit_stage2_mmu+0x20/0x38 [ 3423.861547][ T4920] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 3423.862500][ T4920] kvm_mmu_notifier_release+0x48/0xa8 [ 3423.863446][ T4920] __mmu_notifier_release+0x310/0x614 [ 3423.864364][ T4920] exit_mmap+0xb8/0xbb8 [ 3423.865185][ T4920] __mmput+0x10c/0x528 [ 3423.865962][ T4920] mmput+0x70/0xac [ 3423.866693][ T4920] exit_mm+0x158/0x258 [ 3423.867455][ T4920] do_exit+0x788/0x2378 [ 3423.868259][ T4920] do_group_exit+0x1d4/0x2ac [ 3423.868995][ T4920] get_signal+0x1440/0x1554 [ 3423.869869][ T4920] do_signal+0x23c/0x4dd0 [ 3423.870742][ T4920] do_notify_resume+0xb0/0x270 [ 3423.871632][ T4920] el0_svc+0xb8/0x164 [ 3423.872485][ T4920] el0t_64_sync_handler+0x84/0x12c [ 3423.873484][ T4920] el0t_64_sync+0x198/0x19c [ 3423.874995][ T4920] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) [ 3423.876847][ T4920] ---[ end trace 0000000000000000 ]--- [ 3423.878375][ T4920] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 3423.880276][ T4920] Kernel Offset: disabled [ 3423.880971][ T4920] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 3423.882014][ T4920] Memory Limit: none [ 3423.883616][ T4920] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:06:29 Registers: info registers vcpu 0 CPU#0 PC=ffff80008657c0b8 X00=0000000000000025 X01=0000000000000000 X02=ffff8000a2b86a50 X03=ffff8000a2b86bf7 X04=0000000000001338 X05=0000000000000000 X06=ffff80008048ab34 X07=ffff800080015834 X08=46f0000024d40000 X09=0000000000000000 X10=0000000000ff0100 X11=46f0000024d40000 X12=0000000000ff0100 X13=0000000000000007 X14=0000000000000000 X15=ffff800087fe5a20 X16=0000000000000000 X17=0000000005004791 X18=00000000e5bca035 X19=0000000000000001 X20=efff800000000000 X21=0000000000001338 X22=5cf000000d87c000 X23=0000000000000017 X24=0000000000000012 X25=000000000000002b X26=0000000000000019 X27=0000000000000019 X28=0000000000000012 X29=ffff8000a2b86e10 X30=ffff80008049044c SP=ffff8000a2b86da0 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=1b00000000000000:1b00000000000000 Z01=0000001b00000000:0000000000000000 Z02=000000000000001b:0000000000000000 Z03=00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000002 Z05=000000000000001b:0000000000000002 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc0450d20:0000ffffc0450d20 Z17=ffffff80ffffffd0:0000ffffc0450cf0 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000