last executing test programs: 1m0.694669943s ago: executing program 1 (id=575): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0xc, 0x5c1fd1b65647af1, 0xffffffffffffffff, 0x20000000) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$arm64(r3, 0xffffffffffffffff, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000140)=[{0x0, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x29) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x31) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xeeef0000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x8080000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_syzos_vm$arm64(r7, &(0x7f0000c00000/0x400000)=nil) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) r8 = syz_kvm_vgic_v3_setup(r5, 0x2, 0x40) ioctl$KVM_GET_DEVICE_ATTR(r8, 0x4018aee2, &(0x7f0000000040)=@attr_other={0x0, 0x7, 0x4678, 0x0}) ioctl$KVM_CAP_ARM_EAGER_SPLIT_CHUNK_SIZE(r3, 0x4068aea3, &(0x7f0000000000)={0xe4, 0x0, 0x7}) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x20) ioctl$KVM_SET_DEVICE_ATTR_vm(r9, 0x4018aee1, &(0x7f0000000100)=@attr_other={0x0, 0xfff, 0x9, &(0x7f00000000c0)=0x80000000}) 52.754233063s ago: executing program 0 (id=576): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x30) ioctl$KVM_HAS_DEVICE_ATTR_vm(r1, 0x4018aee3, 0xffffffffffffffff) 48.831933039s ago: executing program 1 (id=577): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000100)={0x100001f, 0x1}) 35.34445077s ago: executing program 0 (id=578): openat$kvm(0x0, 0x0, 0x44003, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(0xffffffffffffffff, r1, &(0x7f0000e8a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0xdddd1000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000000)={0x1, 0x0, &(0x7f0000ffb000/0x3000)=nil}) 35.003929203s ago: executing program 1 (id=579): munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r1, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0x40086602, 0x110e22ffff) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) mmap$KVM_VCPU(&(0x7f0000d6b000/0x1000)=nil, r1, 0x1, 0x100010, 0xffffffffffffffff, 0x0) r4 = eventfd2(0xfffffffa, 0x80001) write$eventfd(r4, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x40086602, 0x20000000) ioctl$KVM_CHECK_EXTENSION(r3, 0x40086602, 0x110e227ffe) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r6, 0x100000f, 0x20010, 0xffffffffffffffff, 0x0) r7 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0x40086602, 0x110e22ffff) openat$kvm(0x0, &(0x7f0000000040), 0xb0d800, 0x0) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x6, 0x30, 0xffffffffffffffff, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f0000000200)=0x8, 0x8) syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000000)="37d3116035d7513e9a000200018000", 0x0, 0x43) ioctl$KVM_CREATE_VM(r7, 0x40086602, 0x10) 28.589508698s ago: executing program 1 (id=580): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, 0x0}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x8}) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0x80a0000, 0x0, 0x94, 0x1}) syz_kvm_vgic_v3_setup(r1, 0x3, 0x300) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8902, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_kvm_setup_syzos_vm$arm64(r5, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000300)=[@memwrite={0x6e, 0x30, @vgic_gicr={0x80a0000, 0xa0, 0x1, 0xa}}], 0x30}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r5, 0x1, 0x100) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x69) 28.262748809s ago: executing program 0 (id=581): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x27) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000240)=@attr_arm64={0x0, 0x8, 0x0, 0x0}) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x5000007, 0x24132, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f00006b3000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000f7c000/0x2000)=nil, 0x2000) (async, rerun: 32) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x448982, 0x0) (rerun: 32) ioctl$KVM_GET_API_VERSION(r3, 0x2, 0x1000000000000) munmap(&(0x7f0000e51000/0x4000)=nil, 0x4000) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) (async, rerun: 32) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (rerun: 32) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, r6, 0x0) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r5, 0x100000d, 0x961782f4f84f1e35, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) (async) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) (async, rerun: 32) munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000) (async, rerun: 32) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x95) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1, 0x16831, 0xffffffffffffffff, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x1, 0x2000, 0x1000, &(0x7f0000c06000/0x1000)=nil}) munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000) (async) munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000e15000/0x1000)=nil, 0x1000) 20.162337826s ago: executing program 0 (id=582): r0 = openat$kvm(0x0, &(0x7f0000000040), 0xc0083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x27) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x5030c0, 0x0) r5 = syz_kvm_setup_syzos_vm$arm64(r4, &(0x7f0000c00000/0x400000)=nil) r6 = syz_kvm_add_vcpu$arm64(r5, &(0x7f0000000300)={0x0, &(0x7f0000000100)=[@its_setup={0x82, 0x28, {0x3, 0x4, 0xd}}, @its_send_cmd={0xaa, 0x28, {0x9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}}], 0x50}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r4, 0x1, 0x100) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3e) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000180)={0x8, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_arm64={0x0, 0x0, 0x4, &(0x7f0000000200)=0x8080000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x8, 0xffffffffffffffff}) close(r9) close(r10) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a) syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 19.535170686s ago: executing program 1 (id=583): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r1, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, r1, 0xe, 0x16831, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000010000/0x1000)=nil, 0x930, 0x100000f, 0x4019032, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000d1a000/0x9000)=nil, r2, 0x6000002, 0x4d832, r0, 0x0) 13.972263139s ago: executing program 1 (id=584): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = openat$kvm(0x0, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$arm64(r3, &(0x7f0000c00000/0x400000)=nil) r5 = syz_kvm_add_vcpu$arm64(r4, &(0x7f0000000180)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r5, 0x4010aeac, &(0x7f00000000c0)=@arm64_core={0x6030000000100050, &(0x7f0000000080)=0x2}) r6 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r7 = syz_kvm_add_vcpu$arm64(r6, &(0x7f0000000200)={0x0, &(0x7f0000000500)=[@mrs={0xbe, 0x18, {0x6030000000138056}}], 0x18}, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r9, 0x4008ae6a, &(0x7f00000002c0)={0x0, 0x100000}) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x1000002, 0xaf832, 0xffffffffffffffff, 0x0) syz_kvm_setup_syzos_vm$arm64(0xffffffffffffffff, &(0x7f0000a1e000/0x400000)=nil) r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r11, 0x4020aea5, 0xfffffffffffffffe) ioctl$KVM_HAS_DEVICE_ATTR_vm(r11, 0x4018aee3, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x5, 0x5}}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r13 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r12, 0xae04) r14 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) r16 = eventfd2(0x7, 0x1) ioctl$KVM_IOEVENTFD(r15, 0x4040ae79, &(0x7f0000000000)={0x0, 0x1000, 0x2, r16, 0x8}) r17 = mmap$KVM_VCPU(&(0x7f0000c60000/0x2000)=nil, r13, 0x300000a, 0x16831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r17, 0x20, &(0x7f0000000240)="e65bf643e6e1a3ffc871fcc8064f26b4d9f94b6f1ccd7b41443d2b5486580143226c0ead9a1620b6709fafba2af023314cc4bf610d6a743ad4913910b8364e5f73ea2fc43ac1ebfc", 0x0, 0x48) r18 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r18, 0xae01, 0x0) 8.085625984s ago: executing program 0 (id=585): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x3) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1c9082, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0x80111500, 0x20000000) ioctl$KVM_CREATE_VM(r6, 0x541b, 0x10000000000000) ioctl$KVM_CREATE_VM(r4, 0x401c5820, 0x20000001) 0s ago: executing program 0 (id=586): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) (async) munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x6000006, 0x4d832, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f00006b4000/0x3000)=nil, r2, 0x100000d, 0x32, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x2000007, 0x30d2a4fbfbea96b8, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x37) ioctl$KVM_ARM_SET_COUNTER_OFFSET(r3, 0x4010aeb5, &(0x7f0000000080)={0x10000, 0x4}) (async) mmap$KVM_VCPU(&(0x7f0000007000/0x1000)=nil, 0x930, 0x1000002, 0x28031, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000ec1000/0x1000)=nil, 0x930, 0xf, 0x9032, 0xffffffffffffffff, 0x0) (async) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, r5, 0x0, 0x40032, 0xffffffffffffffff, 0x0) (async) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) munmap(&(0x7f0000fa1000/0x2000)=nil, 0x2000) (async) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x21) syz_kvm_vgic_v3_setup(r7, 0x3, 0x0) (async) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) mmap$KVM_VCPU(&(0x7f0000c6a000/0x3000)=nil, 0x930, 0x1000003, 0x28031, r6, 0x0) (async) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x101fc, 0x3, 0x5000, 0x1000, &(0x7f0000f3d000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r9, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r10, 0x4018aee1, &(0x7f0000000000)=@attr_arm64={0x0, 0x7, 0x1, 0x0}) kernel console output (not intermixed with test programs): [ 404.659641][ T3151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.453616][ T3151] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:36345' (ED25519) to the list of known hosts. [ 585.198278][ T25] audit: type=1400 audit(584.410:61): avc: denied { name_bind } for pid=3307 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 587.087176][ T25] audit: type=1400 audit(586.320:62): avc: denied { execute } for pid=3308 comm="sh" name="syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 587.128843][ T25] audit: type=1400 audit(586.350:63): avc: denied { execute_no_trans } for pid=3308 comm="sh" path="/syz-executor" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 610.573956][ T25] audit: type=1400 audit(609.810:64): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 610.607754][ T25] audit: type=1400 audit(609.840:65): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 610.687829][ T3308] cgroup: Unknown subsys name 'net' [ 610.740558][ T25] audit: type=1400 audit(609.980:66): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 611.142869][ T3308] cgroup: Unknown subsys name 'cpuset' [ 611.243749][ T3308] cgroup: Unknown subsys name 'rlimit' [ 611.669410][ T25] audit: type=1400 audit(610.910:67): avc: denied { setattr } for pid=3308 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 611.686638][ T25] audit: type=1400 audit(610.920:68): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 611.711328][ T25] audit: type=1400 audit(610.950:69): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 612.964197][ T3316] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 612.982663][ T25] audit: type=1400 audit(612.220:70): avc: denied { relabelto } for pid=3316 comm="mkswap" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.002379][ T25] audit: type=1400 audit(612.240:71): avc: denied { write } for pid=3316 comm="mkswap" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 613.189993][ T25] audit: type=1400 audit(612.420:72): avc: denied { read } for pid=3308 comm="syz-executor" name="swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.208882][ T25] audit: type=1400 audit(612.440:73): avc: denied { open } for pid=3308 comm="syz-executor" path="/swap-file" dev="vda" ino=1872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 613.257393][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 662.600986][ T25] audit: type=1400 audit(661.840:74): avc: denied { execmem } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 667.667301][ T25] audit: type=1400 audit(666.900:75): avc: denied { read } for pid=3319 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 667.708138][ T25] audit: type=1400 audit(666.930:76): avc: denied { open } for pid=3319 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 667.770950][ T25] audit: type=1400 audit(667.010:77): avc: denied { mounton } for pid=3319 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 668.062893][ T25] audit: type=1400 audit(667.300:78): avc: denied { module_request } for pid=3319 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 669.153753][ T25] audit: type=1400 audit(668.380:79): avc: denied { sys_module } for pid=3319 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 692.597746][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 692.824467][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 692.923389][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 693.237069][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.918739][ T3320] hsr_slave_0: entered promiscuous mode [ 709.947394][ T3320] hsr_slave_1: entered promiscuous mode [ 710.818365][ T3319] hsr_slave_0: entered promiscuous mode [ 710.844500][ T3319] hsr_slave_1: entered promiscuous mode [ 710.880932][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 710.899572][ T3319] Cannot create hsr debugfs directory [ 716.243651][ T25] audit: type=1400 audit(715.480:80): avc: denied { create } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.326881][ T25] audit: type=1400 audit(715.520:81): avc: denied { write } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.328038][ T25] audit: type=1400 audit(715.560:82): avc: denied { read } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 716.464386][ T3320] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 716.817473][ T3320] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 717.049140][ T3320] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 717.521591][ T3320] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 718.906867][ T3319] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 719.152975][ T3319] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 719.322667][ T3319] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 719.459947][ T3319] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 731.681559][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 733.751160][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 788.179386][ T3320] veth0_vlan: entered promiscuous mode [ 788.592438][ T3320] veth1_vlan: entered promiscuous mode [ 790.292931][ T3319] veth0_vlan: entered promiscuous mode [ 790.824033][ T3320] veth0_macvtap: entered promiscuous mode [ 791.199400][ T3320] veth1_macvtap: entered promiscuous mode [ 791.278600][ T3319] veth1_vlan: entered promiscuous mode [ 793.363411][ T3319] veth0_macvtap: entered promiscuous mode [ 793.732660][ T3413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.748951][ T3413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.918104][ T3413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 793.927274][ T3413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 794.119271][ T3319] veth1_macvtap: entered promiscuous mode [ 796.238423][ T25] audit: type=1400 audit(795.460:83): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 796.503575][ T25] audit: type=1400 audit(795.730:84): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.0mx9Dm/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 796.623465][ T25] audit: type=1400 audit(795.860:85): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 796.788989][ T21] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.801409][ T3358] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.811619][ T3358] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.848270][ T3358] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 796.982411][ T25] audit: type=1400 audit(796.220:86): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.0mx9Dm/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 797.149398][ T25] audit: type=1400 audit(796.390:87): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/syzkaller.0mx9Dm/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 797.871203][ T25] audit: type=1400 audit(797.060:88): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 798.163134][ T25] audit: type=1400 audit(797.400:89): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=1544 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 798.247141][ T25] audit: type=1400 audit(797.480:90): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="gadgetfs" ino=3783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 798.671493][ T25] audit: type=1400 audit(797.910:91): avc: denied { mount } for pid=3320 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 798.820622][ T25] audit: type=1400 audit(798.060:92): avc: denied { mounton } for pid=3320 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 799.783108][ T3320] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 814.692866][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 814.703369][ T25] audit: type=1400 audit(813.930:97): avc: denied { read } for pid=3483 comm="syz.0.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 814.747860][ T25] audit: type=1400 audit(813.980:98): avc: denied { open } for pid=3483 comm="syz.0.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 815.116429][ T25] audit: type=1400 audit(814.330:99): avc: denied { ioctl } for pid=3483 comm="syz.0.3" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 841.751684][ T3499] kvm [3499]: Failed to find VMA for hva 0x21016000 [ 858.754070][ T25] audit: type=1400 audit(857.960:100): avc: denied { execute } for pid=3506 comm="syz.0.11" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=4258 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 869.297432][ T25] audit: type=1400 audit(868.510:101): avc: denied { append } for pid=3515 comm="syz.1.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 871.296959][ T25] audit: type=1400 audit(870.500:102): avc: denied { write } for pid=3515 comm="syz.1.14" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 918.469861][ T25] audit: type=1400 audit(917.700:103): avc: denied { map } for pid=3538 comm="syz.0.21" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 957.174353][ T25] audit: type=1400 audit(956.380:104): avc: denied { setattr } for pid=3565 comm="syz.0.29" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1200.397408][ T25] audit: type=1400 audit(1199.630:105): avc: denied { ioctl } for pid=3710 comm="syz.1.70" path="net:[4026532615]" dev="nsfs" ino=4026532615 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1279.759904][ T3756] kvm [3756]: Failed to find VMA for hva 0x20c01000 [ 1279.804419][ T3761] kvm [3761]: Failed to find VMA for hva 0x20c01000 [ 1392.271931][ T3831] kvm [3831]: Failed to find VMA for hva 0x20c01000 [ 1468.138776][ T3868] kvm [3868]: Failed to find VMA for hva 0x20dfb000 [ 1778.538645][ T25] audit: type=1400 audit(1777.770:106): avc: denied { execute } for pid=4057 comm="syz.1.175" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1778.798386][ T4054] kvm [4054]: Failed to find VMA for hva 0x20c01000 [ 2120.583857][ T4260] kvm [4260]: Failed to find VMA for hva 0x20e03000 [ 2390.990600][ T4421] kvm [4421]: Failed to find VMA for hva 0x20e03000 [ 2527.983522][ T4504] kvm [4504]: Failed to find VMA for hva 0x20ddd000 [ 2554.191163][ T4518] kvm [4518]: Failed to find VMA for hva 0x21016000 [ 2555.191844][ T4518] kvm [4518]: Failed to find VMA for hva 0x20c01000 [ 2573.712313][ T4531] kvm [4531]: Failed to find VMA for hva 0x21016000 [ 2621.880133][ T4558] debugfs: 'vgic-its-state@8080000' already exists in '4558-6' [ 3653.159874][ T5172] kvm [5170]: Unsupported guest access at: eeef0000 [ 3653.159874][ T5172] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3655.078688][ T5173] kvm [5170]: Unsupported guest access at: eeef0000 [ 3655.078688][ T5173] { Op0( 2), Op1( 0), CRn( 0), CRm( 0), Op2( 2), func_write }, [ 3695.830033][ T5192] kvm [5192]: Failed to find VMA for hva 0x20e0d000 [ 4037.821564][ T5404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xe8f0000000000000 pfn:0x52def [ 4037.868546][ T5404] flags: 0x1ffe74000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9d) [ 4037.930842][ T5404] raw: 01ffe74000000000 ffffc1ffc07cdd08 ffffc1ffc07ce108 0000000000000000 [ 4037.961911][ T5404] raw: e8f0000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 4037.976156][ T5404] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 4037.980417][ T5404] ------------[ cut here ]------------ [ 4037.980626][ T5404] kernel BUG at ./include/linux/mm.h:1036! [ 4037.982399][ T5404] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 4037.987713][ T5404] Modules linked in: [ 4037.989876][ T5404] CPU: 0 UID: 0 PID: 5404 Comm: syz.1.584 Not tainted syzkaller #0 PREEMPT [ 4037.991645][ T5404] Hardware name: linux,dummy-virt (DT) [ 4037.993020][ T5404] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4037.994505][ T5404] pc : kvm_s2_put_page+0x374/0x3a0 [ 4037.996829][ T5404] lr : kvm_s2_put_page+0x374/0x3a0 [ 4037.997955][ T5404] sp : ffff8000a3e27570 [ 4037.998772][ T5404] x29: ffff8000a3e27570 x28: 9af000001f384000 x27: 9af000001f384000 [ 4038.000556][ T5404] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 4038.002156][ T5404] x23: ffffc1ffc04b7bc8 x22: 0000000000000000 x21: ffffc1ffc04b7bf4 [ 4038.003576][ T5404] x20: 0000000000000000 x19: ffffc1ffc04b7bc0 x18: 0000000041efecfe [ 4038.005146][ T5404] x17: 000000000579497c x16: 0000000041efc116 x15: 00000000b38305fe [ 4038.006701][ T5404] x14: ffffffffffffffff x13: fff000001d085888 x12: 0000000000000001 [ 4038.008269][ T5404] x11: 0000000000080000 x10: 0000000000076e49 x9 : 7ea7323275a97600 [ 4038.009886][ T5404] x8 : 7ea7323275a97600 x7 : ffff8000803a03c8 x6 : 0000000000000000 [ 4038.011339][ T5404] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff8000803915d0 [ 4038.012753][ T5404] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 4038.014397][ T5404] Call trace: [ 4038.015324][ T5404] kvm_s2_put_page+0x374/0x3a0 (P) [ 4038.016559][ T5404] stage2_free_walker+0x1b0/0x264 [ 4038.017665][ T5404] __kvm_pgtable_walk+0x7d8/0xa68 [ 4038.018699][ T5404] kvm_pgtable_walk+0x294/0x468 [ 4038.019700][ T5404] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 4038.020925][ T5404] kvm_free_stage2_pgd+0x198/0x28c [ 4038.021992][ T5404] kvm_uninit_stage2_mmu+0x20/0x38 [ 4038.023051][ T5404] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 4038.024195][ T5404] kvm_mmu_notifier_release+0x48/0xa8 [ 4038.025246][ T5404] mmu_notifier_unregister+0x128/0x42c [ 4038.026377][ T5404] kvm_put_kvm+0x6a0/0xfa8 [ 4038.027297][ T5404] kvm_vcpu_release+0x70/0x9c [ 4038.028191][ T5404] __fput+0x4ac/0x980 [ 4038.029107][ T5404] ____fput+0x20/0x58 [ 4038.029975][ T5404] task_work_run+0x1bc/0x254 [ 4038.030873][ T5404] get_signal+0x13ec/0x1554 [ 4038.031789][ T5404] do_signal+0x23c/0x4dd0 [ 4038.032774][ T5404] do_notify_resume+0xb0/0x270 [ 4038.033755][ T5404] el0_svc+0xb8/0x164 [ 4038.034572][ T5404] el0t_64_sync_handler+0x84/0x12c [ 4038.035534][ T5404] el0t_64_sync+0x198/0x19c [ 4038.037109][ T5404] Code: f00375a1 912ec421 aa1303e0 97f9c9f2 (d4210000) [ 4038.039098][ T5404] ---[ end trace 0000000000000000 ]--- [ 4038.040735][ T5404] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 4038.042829][ T5404] Kernel Offset: disabled [ 4038.043629][ T5404] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 4038.044778][ T5404] Memory Limit: none [ 4038.046520][ T5404] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:01:04 Registers: info registers vcpu 0 CPU#0 PC=ffff80008049066c X00=0000000000000001 X01=0000000000000000 X02=0000000000000001 X03=ffff80008048d0a0 X04=0000000000000000 X05=0000000000000000 X06=ffff80008048b328 X07=ffff800080015834 X08=0000000000000000 X09=7ea7323275a97600 X10=00000000000780f4 X11=0000000000080000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000002 X15=ffff800087f69a20 X16=0000000000000000 X17=000000000579497c X18=0000000041efecfe X19=00000000000003d6 X20=efff800000000000 X21=ffff800087942e20 X22=00000000000003d5 X23=00000000000000ff X24=ffff800087942e20 X25=00000000000003d5 X26=82f000001d085890 X27=00000000000003c0 X28=ffff800087724000 X29=ffff8000a3e26fd0 X30=ffff800080490628 SP=ffff8000a3e26f90 PSTATE=604023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000005:000000000000055f Z03=ffffff000000ff00:0000000000000000 Z04=0000000000000000:fff000f000000000 Z05=bb448243222c92da:e3914ed4e87380b0 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffc23c2170:0000ffffc23c2170 Z17=ffffff80ffffffd0:0000ffffc23c2140 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000